Today, global headlines are focused on alleged government-led breaches of U.S. political parties. But the threat of nefarious online activity goes beyond the email and communications of elected officials. The large-scale distributed denial-of-service (DDoS) cyberattack that flooded the servers of Domain Name System (DNS) host Dyn on Friday, Oct. 21, 2016 undoubtedly proves the disruptive potential of coordinated hacking efforts on networked communications (learn more about the Mirai botnet here). We saw firsthand evidence of this vulnerability created by interdependencies when Internet of Things (IoT) devices, built for basic consumer use, were used to create large-scale botnets. This form of cyber disruption builds networks of infected devices/connections with self-propagating malware, which ultimately results in crippling DDoS attacks. All of this was enabled by the increased connectivity of IoT nodes and applications as well as the growing ubiquity of digital transformation initiatives supported by cloud computing. Globally, machine-to-machine (M2M) modules, which include IoT, will account for 46% (12.2 billion) of all networked devices by 2020, compared to 30% (4.9 billion) in 2015, according to the latest the Cisco Visual Networking Index (VNI) Forecast.
IoT is collapsing silo-ed individual sectors, businesses, and architectures by its ubiquitous connectivity and use of powerful capabilities such as the cloud. A lot of data, big and small, is generated and used by IoT and the many consumer and business devices – much of this data is sensitive. Cybercrimes and attacks are often targeted at this sensitive and valuable data. According to the 2016 Vormetric Data Threat Report and 451 Research Group, significant amount of sensitive data is in use by enterprises in the cloud.
Figure 1: 53% of Sensitive Data Use in the cloud on SaaS
Source: 2016 Vormetric Data Threat Report, 451 Research Group
Certain factors have an effect on the cost of data breach, according to the latest 2016 IBM and Ponemon institute study. Figure 1 provides a list 16 factors that increase or decrease the per capita cost of data breach. As shown, an incident response team, extensive use of encryption, employee training, participation in threat sharing or business continuity management decrease the per capita cost of data breach.
In the specific study, an incident response team reduced the cost of data breach by $16 per capita and extensive use of encryption reduced cost of data breach by $13 per capita. In contrast, third party involvement in the cause of the data breach resulted in an increase of $14 per capita.
Figure 2: Impact of 16 factors on the per capita cost of data breach; reduction in cost due to encryption
Consolidated view (n=383), measured in US$
Source: IBM and Ponemon Institute, 2016
Amplification attackers, who have tools for carrying out a DDoS attack, exploit vulnerabilities in the network and compute resources. With the growth of the IoT and spread of vulnerable devices and traditional PCs, the abundance of configuration drawbacks with applications can be targeted. According to the Cisco VNI Forecast, the number of global DDoS attacks will increase 2.6-fold to 17 million by 2020 (up from 6.6 million in 2015).
According to the 2016 Cisco Security Report, encrypted traffic, particularly HTTPS, has reached a tipping point. While not yet the majority of transactions, it will soon become the dominant form of traffic on the Internet. It consistently represents over 50 percent of bytes transferred (Figure 2) due to the HTTPS overhead and larger content that is sent via HTTPS, such as transfers to file storage sites.
Figure 3: SSL traffic percentages
Source: Cisco Security Research, 2016
Companies need to protect their intellectual property and other sensitive data, advertisers want to preserve the integrity of their ad content and backend analytics, and businesses are placing more focus on protecting their customers’ privacy. Organizations have become better at encrypting data when it is transmitted between entities, but data at rest is often left unsecured. Many of the most notable breaches in the last few years have taken advantage of unencrypted data stored in the data center and other internal systems. For attackers, this is like following a secured supply truck to an unlocked warehouse.
It is also important for organizations to understand that end-to-end encryption can lessen the effectiveness of some security products. Encryption conceals the indicators of compromise used to identify and track malicious activity. But there is no excuse to leave sensitive data unencrypted.
The number of Secure Socket Layer (SSL) web servers compared to all internet facing servers are also increasing, globally. In the past year, North America and Western Europe led with the percentage of secure Internet servers compared to web-facing Internet servers, according to the Cisco Global Cloud Index (GCI).
Figure 4. Percentage of Secure Internet Servers to Total Web-Facing Internet Servers by Region and Increase from end of year 2014 to 2015
Source: Cisco Global Cloud Index (GCI), 2015-2020
Companies must secure consumers and businesses alike by securing networks that are growing more complex and massive. Every device, thing, applications and servers on a network is a potential target for hackers. With more white goods becoming digitally connected, and more industries being transformed with IoT and cloud computing, cyberattacks are getting bolder. The urgent need today is for faster responses, smarter security technologies, and wider encryption.
Effectively protect your business and your customers, and monetize new opportunities with simple, open, and automated security architecture: http://www.cisco.com/c/en/us/solutions/service-provider/service-provider-security-solutions/index.html