Top 10 Insights: Annual Cybersecurity Report
Managing Director, Security APJ
Thought Leadership, Security
We have released the 2017 Annual Cybersecurity Report, which is now in its tenth year of providing technology and business leaders with global data and insights. The latest report covers topics on attacker and defender behavior, Cisco’s security capabilities benchmark study, and industry.
In marking Cisco’s decade long commitment, here are my top 10 insights from the 2017 report:
1. The True Cost Of Cyberattacks
In today’s hyperconnected world, the real question isn’t if a security breach will happen but when. And breaches mean loss of money, time and customers, on top of outages. According to the benchmark study, 29% of security professionals said their organizations experienced a loss of revenue resulting from attacks. Of that group, 38% said that revenue loss was 20% or higher. Online attacks also resulted in fewer customers with 22% of organizations saying they lost customers, and of that group 39% said they lost 20% of their customers or more.
2. Productivity And Reputation Impact
The data shows that 36% of security professionals said operations was the function most affected from a public breach (this means core systems of productivity which affect industries from transportation to healthcare to manufacturing). After operations, finance was the next function most likely to be affected (30% of respondents), followed by brand reputation and customer retention (both at 26%). When it came to reputation loss, 49% of security professionals said their organization had to manage public scrutiny after a security breach.
3. Security Teams Are Overwhelmed
The benchmark study found that security teams were only able to investigate a little over half of the security alerts they receive in a given day. Revealing that 56% of security alerts are investigated; leaving 44% of security alerts not investigated. Budget, product compatibility, certification and talent were cited as the top constraints for security leaders.
4. Increasingly Complex Security Environments
Many organizations are relying on many solutions from many vendors. This adds to the complexity and confusion of securing networks as the Internet continues to grow in terms of speed, connected devices, and traffic. Our latest report highlights how 65% of organizations use at least six to more than 50 security products in their environment.
5. ‘Time To Evolve’ Versus ‘Time To Detection’
We introduce new ‘time to evolve’ (TTE) research, which is the time it takes attackers to change the way specific malware is delivered and the duration of time between each change in tactics. TTE shows how attackers keep their tactics fresh and evade detection. In contrast, we also measure ‘time to detection’ (TTD), the window of time between a compromise and the detection of a threat. Just as attackers are evolving their tactics faster, we are defending faster and reducing the operational space available to minimize damage from intrusions. Cisco successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year (this figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide).
6. Expansion Of Attack Surface Continues
With annual global IP traffic set to reach 2.3 zettabyte per year by 2020—of that wireless and mobile devices will account for two-thirds of total IP traffic—it’s no surprise that attack surfaces continue to expand. According to the benchmark study, security professionals cited mobile devices, public cloud, cloud infrastructure and user behavior as top concerns when thinking about their organization’s risk of exposure to a cyberattack. More than ever before, organizations need to integrate their security technology, simplify their security operations and rely more on automation.
7. Third-party Cloud Applications Pose High Security Risk
User behavior is noted above as being a top concern for exposing an organization to security risk. Additionally, report data shows that in an analysis of 222,000 applications across 900 organizations, 27% of connected third-party cloud applications introduced by employees into enterprise environments posed a high security risk.
8. Online Speeds, Traffic And Prepardness Not Growing At Same Pace
In the latest report, security maturity is underwhelming compared with the growth of Internet traffic. Broadband speeds in particular are improving and growing at a significantly greater rate than other networking variables. Faster speeds and more connected devices also foster greater traffic growth, but organizations are struggling to bolster their security measures and infrastructures at similar rates. It’s a very real challenge that defenders can’t improve their security posture at the same pace as attackers can gain space and time to operate.
9. Major Exploit Kits Go Silent, Making Room For Smaller Players
Angler was the most advanced and largest among known exploit kits—targeting Flash vulnerabilities and linked to several high-profile malvertising and ransomware campaigns. Angler disappeared in 2016 due to about 50 hackers and cybercriminals being arrested in Russia (the group was linked to the Lurk malware, a banking Trojan that specifically targeted Russian banks). Nuclear and Neutrino were also major exploit kits that disappeared in 2016. With major exploit kits like Angler, Nuclear and Neutrino out of the picture, smaller players and new entrants have the opportunity to expand their market share.
10. Spam Back In Vogue
Research from the report shows global spam volume is rising and so is the percentage of malicious attachments. Spam accounts for nearly 65% of total email volume, with 8% to 10% cited as malicious. Cisco’s threat researchers are attributing the increase in global spam volume to the Necurs botnet (a primary vector for Locky ransomware).
For more in-depth insights and data, download the 2017 Annual Cybersecurity Report.
Source: Cisco 2017 Annual Cybersecurity Report