TRENDING
email spam, the latter at levels not seen
since 2010. Spam accounts for nearly
two-thirds (65 percent) of email with
eight to 10 percent cited as malicious.
Global spam volume is rising, often
spread by large and thriving botnets.
Measuring effectiveness of security
practices in the face of these attacks is
critical. Cisco tracks progress in reducing
“time to detection” (TTD), the window
of time between a compromise and
the detection of a threat. Faster time
to detection is critical to constrain
attackers’ operational space and
minimise damage from intrusions. Cisco
has successfully lowered the TTD from
a median of 14 hours in early 2016 to
as low as six hours in the last half of
the year. This figure is based on opt-in
telemetry gathered from Cisco security
products deployed worldwide.
“One of our key metrics highlighted in
the 2017 Annual Cybersecurity Report
is the ‘time to detection’ – the time
it takes to find and mitigate against
malicious activity. We have brought that
number down to as low as six hours.
A new metric – the ‘time to evolve’
– looked at how quickly threat actors
changed their attacks to mask their
identity. With these and other measures
gleaned from report findings, and
working with organisations to automate
and integrate their threat defence, we
can better help them minimise financial
and operational risk and grow their
business,” said Scott Manson, Cyber
Security Leader for Middle East and
Turkey, Cisco.
Business cost of cyber threats:
Lost customers, lost revenue
The 2017 ACR revealed the potential
financial impact of attacks on
businesses, from enterprises to SMBs.
More than 50 percent of organisations
faced public scrutiny after a security
breach. Operations and finance systems
were the most affected, followed
by brand reputation and customer
retention. For organisations that
experienced an attack, the effect was
substantial:
• Twenty-two percent of breached
organisations lost customers — 40%
18
INTELLIGENTCIO
THE 2017 ACR REPORTS
THAT JUST 56 PERCENT
OF SECURITY ALERTS
ARE INVESTIGATED
AND LESS THAN
HALF OF LEGITIMATE
ALERTS REMEDIATED.
DEFENDERS, WHILE
CONFIDENT IN THEIR
TOOLS, BATTLE
COMPLEXITY
AND MANPOWER
CHALLENGES, LEAVING
GAPS OF TIME AND
SPACE FOR ATTACKERS...
of them lost more than 20% of their
customer base.
• Twenty-nine percent lost revenue, with
38% of that group losing more than
20% of revenue.
• Twenty-three percent of breached
organisations lost business
opportunities, with 42% of them
losing more than 20%.
Hacker operations and new
“business” models
In 2016, hacking became more
“corporate.” Dynamic changes in
the technology landscape, led by
digitisation, are creating opportunities
for cyber criminals. While attackers
continue to leverage time-tested
techniques, they also employ new
approaches that mirror the “middle
management” structure of their
corporate targets.
• New attack methods model corporate
hierarchies: Certain malvertising
campaigns employed brokers (or
“gates”) that act as middle managers,
masking malicious activity. Adversaries
can then move with greater speed,
maintain their operational space, and
evade detection.
• Cloud opportunity and risk: Twenty-
seven percent of employee-introduced,
third-party cloud applications,
intended to open up new business
opportunities and increase efficiencies,
were categorised as high risk and
created significant security concerns.
• Old-fashioned adware software
that downloads advertising without
user permission – continued to
prove successful, infecting 75% of
organisations investigated.
• A bright spot emerged with a drop in
the use of large exploit kits such as
Angler, Nuclear and Neutrino, whose
owners were brought down in 2016,
but smaller players rushed in to fill the
gap.
The 2017 ACR reports that just 56
percent of security alerts are investigated
and less than half of legitimate alerts
remediated. Defenders, while confident
in their tools, battle complexity and
manpower challenges, leaving gaps of
time and space for attackers to utilise
to their advantage. Cisco advises these
steps to prevent, detect, and mitigate
threats and minimise risk:
• Make security a business priority:
Executive leadership must own and
evangelise security and fund it as a
priority.
• Measure operational discipline: Review
security practices, patch, and control
access points to network systems,
applications, functions, and data.
• Test security effectiveness: Establish
clear metrics. Use them to validate
and improve security practices.
• Adopt an integrated defence approach:
Make integration and automation
high on the list of assessment criteria
to increase visibility, streamline
interoperability, and reduce the time to
detect and stop attacks. Security teams
then can focus on investigating and
resolving true threats.
Cyber security has changed drastically
since the inaugural Cisco Annual Security
Report in 2007. While technology
has helped attacks become more
damaging and defences become more
sophisticated, the foundation of security
remains as important as ever.
A full analysis of the report can be
read at http://www.intelligentcio.com/
me/2017/02/05/csos-cite-budget-
constraints-as-one-of-biggest-barriers-
to-advancing-security/
www.intelligentcio.com