Top 5 Risks Featured in Cisco 2016 Midyear Cybersecurity Report
A couple of dangerous truths are spotlighted in the Cisco 2016 Midyear Cybersecurity Report. The first is that many businesses are making cybercriminals’ jobs easy by sticking with
aging, sometimes poorly-maintained infrastructure. That leads to the second truth, which is cybercriminals don’t need the help. Their methods are paying off at record rates already and they have even more diabolical schemes in the works.
Luckily there’s plenty of time left in 2016 to start making changes that will make your business more secure this year and in the years ahead. Here are five places to concentrate on according to Cisco’s researchers.
Focal Point #1: Cybersecurity strategies are too slow, lack visibility
The average time between when a system is compromised and when the threat is detected (called time-to-detection, or TTD) currently sits between 100-200 days. That’s a fairly wide range, but either end of it is still far too long. Just think of the amount of damage an attacker could inflict if left unchecked for that length of time
One of the main ideas found in the Midyear Cybersecurity Report is that, while the current state of security may not be excellent, excellence is achievable. Consider Cisco, who’s been able to reduce their median TTD to a mere 13 hours.
What to do: In order to achieve a similarly idyllic end state, businesses must sunset legacy infrastructure components and security tools and embrace advanced solutions. These solutions must enable the speed and visibility current solutions lack, a fact which has kept that average TTD rate too high.
Focal Point #2: Ransomware set to get even nastier
Ransomware is nothing new, however, it is enjoying quite the moment in the sun. In the Midyear Cybersecurity Report, ransomware was dubbed “the most profitable malware type in history.” As a threat, it’s evolved past the point of being a costly nuisance to become an industry unto itself. According to Cisco’s estimates, ransomware attacks generate roughly $34 million annually.
And things may only get worse. The Midyear Cybersecurity Report contains a few predictions about what the future holds for ransomware – and it’s not pretty. This includes the ability to self-propagate, putting all corners of business networks, regardless of connectivity status, at risk. Future strains of ransomware could also alternate tactics to increase efficiency while also actively avoiding detection.
What to do: Businesses must prepare not only for the highly-effective strains of ransomware circulating today, but for what’s next. In addition to having a modernized IT environment, it’s also essential to secure an organization-wide commitment to proper cybersecurity hygiene. When best practices are known and followed, it severely limits what ransomware can do.
Focal Point #3: Vendors are getting better with patches, others are not
Vendors have significantly reduced the gap between when a vulnerability is exposed and when a patch becomes available. In fact, in some cases this gap is nonexistent.
As good as vendors have gotten at producing and releasing patches, end users have not followed suit when it comes to applying them. One example covered in the Midyear Cybersecurity Report concerns Microsoft Office 2013 deployments. Cisco’s analysis turned up three major versions of Office running concurrently:
- Version 15.0.4420 (20% adoption)
- Version 15.0.4454 (28% adoption)
- Version 14.0.4762 (52% adoption)
What to do: Microsoft’s applications were far from the only solution organizations were failing to consistently upgrade. These trends must not continue or businesses will be left exposed. In the case of Office – short of switching to the always-up-to-date, cloud-based Office 365 – businesses may want to engage a Managed Services partner who can shoulder some of the load carried by IT teams, freeing them to monitor and implement upgrades and patches.
Focal Point #4: Finance is firmly in the crosshairs of cybercriminals
Finance is a favorite target for cybercriminals looking for a way in to an organization’s network. The folks handling bills and invoices are being heavily targeted by social engineering schemes designed to get them to click on malicious links or attachments.
For proof, here are the most frequent keywords appearing in spam messages uncovered by Cisco’s researchers:
- Invoice, Payment
- Purchase Order
- Invoice, Payment, Shipping Confirmation
- Payment, Transfer, Order, Shipping
- Quote Request, Product Order
What to do: With so many scams directed at one department, it makes it easy to streamline end user training/awareness exercises. That’s not to say other areas are immune. However, efforts must be made to guarantee Finance staffers have the knowledge they need to spot, react to, and report suspicious activity.
Focal Point #5: Attackers excel at hiding behind HTTPS
HTTPS encryption provides a sense of security – but it may prove to be false. Between Sept. 2015 and March 2016, Cisco’s researchers recorded a five-fold increase in HTTPS traffic tied in to malicious activity. This intensive effort by attackers to use HTTPS to cover their tracks contributed to organizations’ struggles with TTD.
Further mucking the waters are cryptocurrency, Transport Layer Security, and Tor. These utilities allow threat actors to communicate and collect their ill-gotten profits anonymously.
What to do: In this situation, it helps to know what not to do. That little lock icon next to URLs may convey an air of safety, but it must not be fully trusted. Instead, end users must consistently practice smart web browsing and never let their guards down.
Let us be your partner for a more cyber-secure future
The time to start planning for the cybersecurity landscape of 2017 and beyond is now. Arraya Solutions is committed to providing the solutions and support organizations of all sizes, across all industries, need to secure their data regardless of whether it lives on prem or in the cloud.
To start a conversation with our team of security experts, reach out to us at http://www.arrayasolutions.com/contact-us/. Or, contact us through our social media presence: Twitter, LinkedIn, and Facebook.