Our 2015 Midyear Security Report (MSR) is out this week, and it’s been a bumpy year when you consider the innovative, resilient, and evasive nature of the global cyber attacks we’ve seen in recent months. Our team continues to see adversaries who rapidly refine their ability to develop and deploy malware that evades detection. It is sobering to note that our MSR confirms that the security industry is just not keeping pace with the attackers.
The MSR is our follow-up to the Cisco Annual Security Report (ASR), which we publish in January. The 2015 MSR updates you on what we’ve seen in the first half of 2015, with analysis and insights about the latest attack trends and advice on what to do about them.
Some of the top troubling trends in this year’s six-month update include:
- Expanding ransomware use, which is making a successful business out of holding data hostage until targeted users pay up
- Highly effective exploit kits such as Angler, using vulnerabilities in Flash to compromise systems
- Increasing creativity by malware authors, who are even going so far as to include text excerpts from classic literature like Jane Austen’s novel Sense and Sensibility in their code efforts to throw off antivirus detection software
For additional insights about the midyear security report and what is happening, check out the video below, where John Chambers—Cisco’s Executive Chairman and Executive Sponsor for Cisco’s Security Business—and I discuss the findings and touch on what organizations can do to become more safe.
Overall, what we’re seeing on the attack front is speed first, along with creativity and a willingness of the hacker community to evolve new tools and strategies and recycle some old familiar ones, too. An example of this is the use of Microsoft Office macros to deliver malware—an old tactic that had fallen out of favor with criminals but is now being taken up again.
We live in a world where hackers relentlessly do whatever it takes to get past cyber defenses. And they’re getting through in large part because a discouragingly large number of organizations still deploy complex, unwieldy patchworks of outdated security point products that are difficult to manage and offer feeble defense against today’s sophisticated attacks.
The MSR findings point to the urgent need to lower the time to detection (TTD) for attacks, a key metric in security technology and operations. This is vital for security teams to quickly scope a compromise before considerable damage is done. Encouragingly, Cisco solutions achieve TTD between 41 and 50 hours, which is well ahead of current industry estimates of 100 to 200 days―a level that is not good enough, given how rapidly malware authors are innovating today. In the coming years, a move to integrated threat defense approaches that goes beyond point products like security information and event management (SIEM) solutions will enable organizations to accelerate time to detection.
Recommendations for the Future
As more consolidation and integration in the security industry unfolds over the next five years, customers of new security products and services will need to make sure the solutions they deploy are effective, sustainable, and trusted.
In a market with a severe deficit in security talent, enlisting security services provider expertise offers more flexibility to pivot with the shifting threat landscape. These providers tend to look at security holistically—the people, processes and technology—and can help guide businesses invest in and get the most from their security investments.
But perhaps most importantly, enterprises should make themselves accountable for confirming that their IT infrastructure, products, solutions and services are trustworthy. This means taking the time to understand what security and other IT vendors are doing to build security into their products.
Trust needs to be built in through the entire lifecycle of a product, from design to deployment, so when organizations think about security, it’s important that they demand that their IT vendors can prove that their products are trustworthy and remain trustworthy through every point in the supply chain that delivers those products to them. Are vendors demonstrating that their products can be trusted and can they back up their claims contractually? These are the types of questions everyone should be asking.
In the final analysis, no organization in any industry can consider itself “safer” than others when it comes to being a target. Everyone should assume that they are vulnerable, that attacks will happen, and that they should implement defense-in-depth strategies. A proactive, in-depth, cyber defense strategy, of which technology is just one component, continues to be our best answer. This is critical for countries, law enforcement, and businesses alike to meet the threat of criminal innovation.
To learn all the details, be sure to download our 2015 Midyear Security Report.