There are two main takeaways in Cisco’s “2017 Midyear Cybersecurity Report:”
- Criminals are moving toward Destruction of Service attacks.
- Email has
returned as the medium of choice for hackers.
Let's look at the worst first. Now we’re not trying to scare you, but the recent WannaCry and Nyetya attacks foreshadow what Cisco
calls Destruction of Service.
These invasions are more damaging than traditional attacks, for they leave businesses with no way to recover, as Cisco puts it.
One
contributing factor is the Internet of Things, and related botnet activity.
But the threat is bigger than financial harm to companies. The end game is a massive attack that could “bring
down the Internet itself,” Cisco predicts.
That’s a lot to absorb, so let’s retreat to the slightly less stressful world of email.
Cisco saw a change in
delivery tactics, from exploit kits to email. Spam volumes are rising, and will continue to do so. And bad actors increasingly require the victim to take action — say, by clicking on a link or
opening a file.
advertisement
advertisement
That’s all it takes to activate “fileless malware” that resides completely in memory. This malware is harder to detect because it is wiped out when the device
restarts, relying on anonymized and decentralized infrastructure, Cisco says.
Meanwhile, ransomeware has been developing apace. Internet felons now rely on Ransomware-as-a-Service, a
tool that can used “regardless of skillset,” Cisco notes.
The threats are almost too numerous to mention.
One is the “business email compromise,” an
under-reported social engineering attack that tricks companies into transferring money to the attacker. It’s a lucrative “threat vector,” Cisco says
Then there’s
spyware and adware. Once seen as a nuisance, these forms of malware can facilitate theft of information and wipe out a company Of 300 firms studied by Cisco in a four-month period, 20% were
infected by three spyware families.
Worse, many industries are unprepared for high-tech breaches. Only two-thirds investigate security alerts, and in industries like health care and
transportation, the number is roughly half.
The good news? Cyber breaches drove at least modest security improvements in 90% of the affected companies. But again, some industries are less
responsive.
Here are some findings by industry:
- Public Sector — Cisco investigated threats and found that 32% of them are genuine. However, only 47% of those
were squelched.
- Retail — Of the companies studied, 32% lost revenue from attacks in the past year, and roughly 25% lost customers or business opportunities.
- Manufacturing — Of the security professionals polled in this field, 40% lack a formal security strategy, and they do not follow standard security practices.
- Utilities — Security professionals are up against targeted attacks and advanced persistent threats (APTs). (40 percent) were the most critical security risks
to their organizations.
- Healthcare — Perhaps the most sensitive area. Yet 37% see targeted attacks as high-security risks.
What to do? Cisco
recommends that you:
- Keep your infrastructure and applications up to date, the goal being to prevent attackers from exploit known weaknesses
- Develop an integrated
defense, so as to fight complexity. Avoid siloed investments.
- Involve your corporate leadership as soon as possible. Make sure they understand the risks and rewards, in line with budgetary
constraints.
- Provide role-based security training for employees
Keep your security processes top of mind.
Steve Martino, vice president and chief information
security officer for Cisco, sums it up: "As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” he
states. “While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers.”
The only
recourse is to make security a business priority, Martino concludes.