Cisco’s annual cybersecurity report outlines the old and new attack methods threatening businesses today.
Revealing the ever-growing cost of a data breach, over one-third of companies experienced a huge 20% loss in revenue following a breach in 2016. This loss was amplified by similar hits to customer base, reputation and business opportunities.
Polling 3,000 chief security officers worldwide, Cisco’s 10th annual cybersecurity report found that 50% of breached companies faced public scrutiny after a breach. Operations and finance systems were the most affected, though the cost of a data breach was not isolated to financial loss.
22% of breached organisations in 2016 lost customers, with 40% of companies seeing 20% of their customer base abandon them in the wake of a security incident. 23% of breached organisations lost business opportunities, with 42% losing more than 20%.
The chief security officers surveyed admitted that budget constraints, poor compatibility of systems, and a lack of trained talent were the biggest barriers to advancing their security posture, with the leaders blaming increasingly complex environments for the gaps which allow hackers into their organisations.
65% of organisations were found to use up to 50 security products, thus highlighting the overcrowded and complex environments which are developing in security departments. These gaps and barriers were found to be severely constraining security departments, with only 56% of security alerts being able to be investigated on any given day.
However, although defenders are deploying varying different methods and technologies to secure businesses, the attackers were found to be using tried and tested methods. Leading a resurgence of “classic” attack vectors, the use of adware and email spam were classic methods effectively deployed in 2016 – with the latter at levels not seen since 2010. Spam was found to account for 65% of email, with eight to 10% identified as malicious.
In a growing trend of hackers becoming more corporate, the report highlighted some of the new business models used by hackers. Attacks were found to mirror corporate hierarchies, with certain malvertising campaigns employing brokers (or “gates”) that act as middle managers, masking malicious activity. This gave hackers greater speed and the ability to maintain their operational space, while also evading detection.
However, it was not all bad news, large exploit kits including Angler, Nuclear and Neutrino disappeared in 2016, although smaller players did rush to fill the gap.
Good news was also found in the time to detection metric, with Cisco tracking the positive progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Cisco successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.
“One of our key metrics highlighted in the 2017 Annual Cybersecurity Report is the ‘time to detection’ – the time it takes to find and mitigate against malicious activity. We have brought that number down to as low as six hours,” said David Ulevitch, Vice President/General Manager, Security Business, Cisco.
“A new metric – the ‘time to evolve’ – looked at how quickly threat actors changed their attacks to mask their identity. With these and other measures gleaned from report findings, and working with organizations to automate and integrate their threat defense, we can better help them minimize financial and operational risk and grow their business.”