What We Learned from Cisco’s Annual Cybersecurity Report

Cybersecurity is one of the biggest threats we face today if we have any data online. In the Cisco 2017 Annual Cybersecurity Report, Cisco presents research, insights, and perspectives regarding the relentless push-and-pull dynamic between adversaries trying to gain more time to operate and defenders working to close the windows of opportunity that attackers try to exploit. Cisco threat researchers are intended to help organizations respond effectively to today’s rapidly evolving and sophisticated threats. Let’s examine what they found.

Email Spam

Email spam has been around as long as email itself. According to this latest report from Cisco, email spam accounts for nearly two-thirds (65 percent) of total email volume. Although that number is not what is alarming, what is alarming is that about 8 to 10 percent of the global spam observed in 2016 could be classified as malicious.

As the percentage of spam with malicious email attachments is increasing, adversaries appear to be experimenting with a wide range of file types to help their campaigns succeed. Cisco found that spammers use several different approaches, but they share some common traits:

• More spammers are sending from Clean IPs and domains
• Spammers are now able to simulate marketing emails with subscription management software
• They have learned to avoid sloppy scripts and spam bots to use well-configured email delivery systems
• Spammers can set up forward-confirmed reverse DNS and Send Policy Framework (SPF) records for the emails they send out, bypassing the spam notices

Network Outages

Network outages caused by data breaches continue to be a problem and are still creating long-term negative effects. According to the Cisco study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Forty-one percent of these outages affected between 11 percent and 30 percent of systems. Of the security leaders asked, Cisco found they take even small outages very seriously because of the stress they create on an organization, which includes the time security teams must spend managing the damage.

Software Updates

Updating software regularly and in a timely fashion is still an important factor in fighting data breaches. Researchers found that regular and predictable update schedules result in reducing the time adversaries can take advantage of server vulnerabilities. Research results also showed the key to motivating users to download and install patches might simply be found in the warning language of software updates from vendors.

Vulnerabilities

While vulnerability still exists, the second half of 2016 did see a significant drop compared to the previous year. That being said, attackers still possess many techniques for gaining access to organizational resources.

According to Cisco, attackers have numerous tools, that range from dropping malicious spam to exploiting middleware vulnerabilities. Once they’ve breached your security, time to detection can be slow, and they can quietly and quickly shut down your organization’s operations.

Cloud Applications/Connected Third Parties

Researchers found that 27 percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high-security risk. According to the report, more than 9,500 people pay ransoms each month after being attacked by ransomware, many of which exploit victims with Angler exploit kits.

Third Party Vendors/Products

According to the study, most organizations rely on third-party vendors for a portion of their security. In fact, 72 percent rely on third-party vendors/products for 20 to 80 percent of their security efforts. Additionally, those who use these third-party vendors and products for security alerts will likely increase their use of these services going forward.

Malvertising Campaigns

Malicious advertising or malvertising campaigns are becoming more sophisticated and Cisco researchers have found that more of the operators behind these campaigns are using brokers. Brokers enable the attackers to move with greater speed, maintain their operational space, and evade detection. These intermediary links also allow attackers to change from one malicious server to another very quickly without changing the initial redirection.

Security Teams Must Keep Fighting

The bottom line is malicious attacks in any form are damaging and lead to lost revenue. The security industry must continue to expand, develop, and advance to fight attackers. In the years to come, we will most likely see the types of threats change and become even more sophisticated. However, regardless of the threats, the goal of security personnel won’t change.

Additional Resources on this Topic:
Cisco Midyear Cybersecurity Report: 10 Security Threats To Watch
Cisco on cybersecurity threats: We must ‘raise our warning flag even higher’
Cisco Security Report: 34% of Service Providers Lost Revenue from Attacks

Photo Credit: UKNGroup Flickr via Compfight cc

This article was first published on New Era Technology.