Arraya Insights | March 13, 2018
One of the most effective weapons today’s IT security professionals have at their disposal is knowledge – and there is plenty of that packed within the pages of Cisco’s 2018 Annual Cyber Security Report. This year’s report includes insights gleaned from Cisco’s own threat experts, from those of its partners, and from roughly 3600 professionals representing more than two dozen countries. All of that combined experience could prove invaluable to organizations looking to avoid the negative headlines generated last year by the likes of Equifax, Yahoo, and Uber to name a few.
Let’s take a look at six takeaways from the report and how each should factor into your cyber security plans for the rest of 2018 and beyond:
Takeaway #1: Machine learning dramatically boosts threat detection
Attackers have grown adept at co-opting legitimate technologies and then using them against businesses. This has proven to be a popular attack vector, particularly in the case of encryption. Cisco’s report cites a 12-point increase in encrypted traffic traversing the Web between November 2016 and October 2017. During that same period, researchers observed a threefold increase in suspicious traffic leveraging encryption.
Action Item: Machine learning solutions can cut through such smokescreens, quickly identifying activity patterns consistent with known-known (common) threats as well as known-unknown (variations of more common) threats. Additionally, this technology can sift through complex behaviors to spot signs of potential unknown-unknown, or emerging threats.
Takeaway #2: Buying the “best” yet netting uneven results
Some security professionals swear by the so-called “best of breed” approach in which they pick and choose solutions from a multitude of vendors. The reasons cited for preferring this approach over a more integrated solution include the fact that it’s easier to conform to their needs, plus they see it as more cost effective. One thing best of breed is not, in this context, is easier to manage. Products not designed to work together can result in much more to do for admins and can lead to the security gaps attackers love.
Action Item: While a one vendor, fully integrated security environment might not be an option for all, consideration must be given to finding solutions able to integrate with each other – or perhaps even a third party service that can ease the workload generated by managing these disparate technologies.
Takeaway #3: Alerts are often seen but not acted upon
Included in the Annual Cyber Security Report is a wealth of statistics depicting organizational struggles to run down and remediate the alerts created by their monitoring systems. In terms of organizations that receive daily security alerts, 44% of those alerts go uninvestigated. Furthermore, only 51% of alerts deemed legitimate are actually remediated, meaning just under half of legitimate alerts are going unaddressed.
Action Item: Businesses must take strides to close this chasm, although many are struggling to find or afford the expertise needed to do so. Still, leaving legitimate threats unattended seems a large enough risk to inspire organizations to explore alternative solutions, including using third party vendors to add expertise without increasing in-house staff size.
Takeaway #4: Good help is hard to find – and costly to retain
As mentioned above, too many organizations fail to investigate and remediate alerts and incidents due to a lack of in-house talent. There are precious few resources with the specialized knowledge needed to strengthen organizational security postures. As such, competition for these resources is through the roof – as are the costs of landing and keeping it.
Action Item: Organizations should look to a strategic partner for help with their security needs. By doing so, they can address everything from the hands-on duties of supporting solutions, to the executive level expertise necessary to instill and amend corporate security strategies. In this way, they’ll gain the know-how needed without incurring the rising costs associated with it.
Takeaway #5: Cloud offers security – but it too must be monitored
Some 57% of respondents cited in the Annual Cyber Security Report see the cloud as offering better data security. While it’s true that the cloud can provide something of a data safe haven, it’s not immune to assault. In many organizations, cloud has created a gray area. Different lines of business spin up applications independent of IT and then go about their work. The responsibility for managing – and securing – this new environment is left up in the air. Much like encryption, cloud becomes another legitimate resource hackers can turn against the business.
Action Item: Businesses must be prepared to monitor and defend their cloud environments just as they would their on premises data centers. This means investing in solutions designed to automatically enforce corporate policies concerning data stored in the cloud as well as hardening cloud-based applications and infrastructure.
Takeaway #6: Malicious email campaigns never go out of style
Times may change, but email will always remain a popular attack vector for cyber criminals. With the right blend of social engineering prowess and advanced malware, attackers can bypass organizational controls and make direct access with a possible target. Should that person make the mistake of opening an attachment or clicking on a link, they can set off a chain reaction across their organization, opening the door for ransomware or even something worse, like a NotPetya-style data destroyer.
Action Item: Organizations must layer security on top of their email platforms whether they resides on premises or in the cloud. However, tools are only part of the equation. They must also make time to train employees at every level of the business – and across departments – on how to identify malicious messages.
Next Steps: Building a security program to contend with today’s threats
If you’d like to learn about how Arraya’s Cyber Security team can help you address these action items or any of the trends highlighted in Cisco’s 2018 Annual Cyber Security Report, visit us now at arrayasolutions.com/solution/security/.
Don’t forget that we’re listening! Leave us your comments or questions on this or any of our blogs via social media. We can be found on LinkedIn, Twitter, and Facebook. After you’ve let us know what you think of a post, follow us so you can stay updated on our latest industry insights and be the first to know about our upcoming opportunities to advance your IT knowledge.