I’m proud to announce the Cisco 2017 Annual Cybersecurity Report (ACR) available for download today. Now in its 10th year, this report delivers analysis on the evolving threats and trends from 2016, insights from a survey of more than 2900 security professionals worldwide, as well as guidance on how to be more secure in 2017 and beyond. David Ulevitch, head of Cisco’s Security Business Group, and I share report highlights in this video.
Organizations are learning first-hand about the devastating impact that a security breach can have: operational disruption, lost customers, missed opportunity, a hit to their brand reputation, and in some cases, declining revenue. Malicious actors are taking advantage of expanding attack surfaces and evolving tactics to keep their windows of opportunity open. When they succeed, CSOs tell us, the results are apparent, quantifiable, and costly.
The Expanding Attack Surface
Digital traffic continues to increase as we sprint into the Zettabyte Era, with global annual totals projected to triple in three years. By 2020, wireless and mobile device traffic will account for two-thirds of total global IP traffic. Average broadband speeds are on pace to nearly double between 2015 and 2020.
This explosive growth in speed, digital traffic, and mobile endpoints creates a broader attack surface with more choices of targets and approaches. Cloud-based services are quickly dissipating the security perimeter. Add tight budgets, a scarcity of skilled defenders, and cybercriminals operating more like their targeted businesses, and you can see the challenges security teams face.
The Evolving Threat
Today’s adversaries continue to find new ways to operate, experimenting with a wide range of malware delivery methods. Their varied techniques for gaining access to organizational resources exploit lapses in patching and updating, lure users into socially engineered traps, and inject malware into supposedly legitimate online content.
Our adversaries move with speed and agility to evade detection and continually evolve their strategies. Once their tactics are no longer productive, have outlived their usefulness or been compromised, the operator quickly and quietly shifts tactics or shuts down the operation and moves on.
Evolving Time to Operate
To this end, we introduced a new metric this year – Time to Evolve – the time it takes adversaries to change how they deliver specific malware and the length of time between each tactical change. The report describes how adept cybercriminals are in shifting attack vectors and their techniques to evade detection. It also shares how we must evolve our defenses to keep pace.
We continue to measure Time to Detection (TTD) as an indicator of how quickly an organization can detect a threat. Cisco’s median TTD trended down from 39 hours in November 2015 to 6 hours in October 2016, with an average median TTD of about 9 hours from May through October 2016. That is certainly an exciting trend, and one we will continually refine our approach to tighten further.
Obstacles to Advancing Security
So what’s holding security professionals back? Top constraints cited are budget (35%), compatibility (28%), certification (25%), and talent (25%). Lack of budget is a perennial challenge for security teams, as is disparate systems that don’t integrate – where security is “bolted on” rather than embedded. These non-integrated defense systems can allow for gaps of time and space where cybercriminals can launch attacks.
Security professionals stretch budgets by adopting outsourced expertise, and relying on cloud solutions and automation to make the most of limited personnel. A well-resourced and expert IT security team, paired with the right tools, policies and processes, can work together to achieve better security outcomes. Think simple, integrated, and automated.
Making the Most of a Bad Situation
Half of the organizations surveyed suffered a security breach that involved public scrutiny. Of those, half disclosed the breach voluntarily, while one-third were disclosed by someone else. The days of quietly dealing with breaches may be long gone with so many regulators, media, and social media users there to expose the news.
What’s promising for organizations that have experienced a public breach is that they’re taking it as a learning opportunity. Organizations once reluctant to admit when they’ve been breached are sharing more quickly and openly with law enforcement, regulators, investors, and customers. The more organizations share when an attack has occurred, the better position we’ll all be in to help each other and defend ourselves.
Defending Our Turf
So what are we to do? Every organization needs to make cybersecurity a business-level priority. Leadership must own and evangelize cybersecurity, instilling and driving its importance and the proper defense techniques throughout the organization. Cybersecurity can’t be “an IT challenge;” its effects are too broad and costly.
We can no longer just throw more money, people or technology at the problem. In this complex landscape of fast and frequent evolution, it’s not enough to rely on human expertise and point solutions. We need a simple, integrated security architecture that provides near-real-time insight into threats, with automated detection and automatic defense. The Time to Evolve metrics in this report bear this out.
Learn more by downloading and reading the Cisco 2017 Annual Cybersecurity Report.