There are two main takeaways in Cisco’s “2017 Midyear Cybersecurity Report:”
Let's look at the worst first. Now we’re not trying to scare you, but the recent WannaCry and Nyetya attacks foreshadow what Cisco calls Destruction of Service.
These invasions are more damaging than traditional attacks, for they leave businesses with no way to recover, as Cisco puts it.
One contributing factor is the Internet of Things, and related botnet activity.
But the threat is bigger than financial harm to companies. The end game is a massive attack that could “bring down the Internet itself,” Cisco predicts.
That’s a lot to absorb, so let’s retreat to the slightly less stressful world of email.
Cisco saw a change in delivery tactics, from exploit kits to email. Spam volumes are rising, and will continue to do so. And bad actors increasingly require the victim to take action — say, by clicking on a link or opening a file.
That’s all it takes to activate “fileless malware” that resides completely in memory. This malware is harder to detect because it is wiped out when the device restarts, relying on anonymized and decentralized infrastructure, Cisco says.
Meanwhile, ransomeware has been developing apace. Internet felons now rely on Ransomware-as-a-Service, a tool that can used “regardless of skillset,” Cisco notes.
The threats are almost too numerous to mention.
One is the “business email compromise,” an under-reported social engineering attack that tricks companies into transferring money to the attacker. It’s a lucrative “threat vector,” Cisco says
Then there’s spyware and adware. Once seen as a nuisance, these forms of malware can facilitate theft of information and wipe out a company Of 300 firms studied by Cisco in a four-month period, 20% were infected by three spyware families.
Worse, many industries are unprepared for high-tech breaches. Only two-thirds investigate security alerts, and in industries like health care and transportation, the number is roughly half.
The good news? Cyber breaches drove at least modest security improvements in 90% of the affected companies. But again, some industries are less responsive.
Here are some findings by industry:
What to do? Cisco recommends that you:
Keep your security processes top of mind.
Steve Martino, vice president and chief information security officer for Cisco, sums it up: "As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” he states. “While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers.”
The only recourse is to make security a business priority, Martino concludes.