By: Marc Feghali Co-founder and VP of Product Management – Network, system, and data compromises occur at an unrelenting pace, and organizations across industries seek innovative solutions to protect themselves. Security professionals realize that they have detection gaps inside their networks and face mounting concerns about their ability to quickly detect and stop attackers before they cause too much damage. Attackers have proven they can evade security controls to compromise an internal system. Once inside, they will establish a foothold and move laterally throughout the network, bypassing existing security solutions until they complete their mission. Organizations need a new approach focusing on in-network threats to quickly detect and shut down these attacks without relying on typical detection methods such as matching known signatures or attack patterns. This new approach hides and restricts access to sensitive or critical data while creating a fabric of endpoint and network decoys that engage with attackers, generate alerts, and record their activities.
Written by: Joseph Salazar, Technical Marketing Engineer – Networks are constantly evolving to meet the demands of ever-expanding digital business infrastructure. Organizational networks can now include remote offices, branch offices, retail stores, or other sites outside of the headquarters network. Users no longer need to be tethered to a desktop with a patch cable or working from a corporate office.
What if defenders could see the future? If they knew an attack was coming, they could stop it, or at least mitigate its impact and help ensure what they need to protect most is safe. The fact is, defenders can see what’s on the horizon. Many clues are out there—and obvious. Download the Cisco 2018 Annual Cybersecurity Report here for more.
By Tony Cole Nation-states continue to probe all kinds of systems for vulnerabilities, and unfortunately they’re often successful at finding a path into almost any enterprise they want to compromise. Cisco reported this week that their Smart Install protocol was being ‘misused’ as an avenue to compromise by replacing the normal Cisco iOS operating system with attackers’ compromised version of their software. This flaw could give hackers a window into 168,000 vulnerable systems worldwide, some of them tied to critical infrastructure.
Tony Cole, CTO of cybersecurity firm Attivo Networks, told CyberScoop that the attacks on Cisco switches showed that organizations are still slow to detect advanced hackers that have breached their networks. “Today’s preventative-focused security infrastructure is and will continue to be somewhat inept at stopping attacks,” Cole said.
Cisco recently published its tenth annual data breach report, and some of the findings should be cause for concern by people who own, run, or work for businesses.
The firm’s 2017 edition of its annual cybersecurity report entitled “Cybersecurity Report: Chief Security Officers Reveal True Cost of Breaches And The Actions That Organizations Are Taking,” provides insights based on threat intelligence gathered by Cisco’s security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs) and other security operations leaders from businesses in 13 countries.
Cisco noted that, according to its research, in 2016:
More than 50 percent of organizations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. (If you own or work for a business, take note: data breaches have repercussions.)
For organizations that suffered a breach, the effect was substantial: 22% of breached organizations lost customers — 40% of them lost more than a fifth of their customer base. 29% lost revenue, with 38% of that group losing more than a fifth of their revenue. 23% of breached organizations lost business opportunities, with 42% of them losing more than a fifth of such opportunities. (The repercussions are quite costly.)
CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Security leaders also reveal that their security departments are increasingly complex environments with nearly two thirds of organizations using six or more security products – some with even more than 50! – increasing the potential for security effectiveness gaps and mistakes. (Complexity and a lack of skilled professionals are putting businesses at risk.)
Criminals are leveraging “classic” attack mechanisms – such as adware and email spam – in an effort to easily exploit the gaps that such complexity can create. (Criminals often don’t need to spend resources crafting and executing advanced attacks – simple attacks can do the job.)
Spam is now at a level not seen since 2010, and accounts for nearly two-thirds of all email — with eight to 10 percent of it being outright malicious. Global spam volume is rising, often spread by large and thriving botnets. (Spam is a serious problem that has not gone away – because it works!)
Old-fashioned adware (that is, software that downloads advertising without users’ permission, continues to prove successful, infecting 75 percent of organizations polled. (…as is adware.)
Just 56 percent of security alerts are investigated and less than half of legitimate alerts actually lead to problems being corrected. Defenders, while confident in their tools, are undermined by complexity and manpower challenges; criminals are exploiting the inability of organizations to handle all important security matters in a timely fashion. (Information overload is causing a “Boy Who Cried Wolf” situation in some environments, and too many real alerts are overwhelming information-security professionals in others.)
Twenty-seven percent of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorized as high risk and created significant security concerns. (Inadequately vetted applications can create risks.)
On the positive side, 90% of organizations that experienced a breach in 2016 are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent). (Thankfully, firms that have suffered breaches are investing in preventing future problems.)
Discussing the report, John N. Stewart, Cisco’s Senior Vice President and Chief Security and Trust Officer, noted that “In 2017, cyber is business, and business is cyber -that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture.”
Here are comments from several other industry insiders on the report.
David Vergara, Head of Global Product Marketing, VASCO Data Security:
“This report makes several things abundantly clear. The first is that cybercriminal’s weapon of choice is not always the sophisticated attack; generally, they prefer the path of least resistance, so security laggards beware. Second is the hard cost of a breach, through lost customers, revenue and business, is rising dramatically. This cost should drive more pointed security resource discussions and prop up related business cases.”
Brad Bussie, Director of Product Management, STEALTHbits Technologies:
“Statistics from this study, and others, show an alarming trend that asset risk is no longer being calculated correctly. Losing customers, revenue, and opportunities can be mapped directly back to breached systems. It would be interesting to see how much it would have cost to protect the systems in question, or to change to process that was exploited and compare it to what was lost because of the breach.”
Don Duncan, Security Engineer, NuData Security:
“Cisco’s findings that 22% of breached organizations lost customers and a significant number of these companies lost 20% of their entire customer base is a sobering data point for any organization when considering whether to disclose a breach publically. Regulations may be coming that will force disclosures. Until that happens, with so much at risk it’s no wonder that breach numbers are vastly underestimated.”
Brian Laing, VP of Business Development and Products, Lastline:
“The Cisco data breach report highlights the continually evolving techniques used by criminals to exfiltrate sensitive corporate data, and the resulting impact on business performance. Enterprises must continually expand and enhance their security capabilities to keep up with new techniques, schemes, and technology continually introduced by organized crime.”
For nearly a decade, Cisco has published comprehensive cybersecurity reports that are designed to keep security teams and the businesses they support apprised of cyber threats and vulnerabilities—and informed about steps they can take to improve security and cyber-resiliency. In these reports, we strive to alert defenders to the increasing sophistication of threats and the techniques that adversaries use to compromise users, steal information, and create disruption.
With this latest report, however, we find we must raise our warning flag even higher. Our security experts are becoming increasingly concerned about the accelerating pace of change—and yes, sophistication—in the global cyber threat landscape.
This week Cisco is announcing expansion of its pxGrid information sharing platform and integration through its Identity Services Engine (ISE), with the Attivo Networks Deception Platform. We are pleased to be joining the pxGrid group of technology partners in order to share attack information and improve overall incident response. The Cisco ISE pxGrid integration with the Attivo Deception Platform will empower organizations to detect threats in real time, automatically blocks attacks, and quarantine infected endpoints, accelerating incident response and preventing attackers from completing their mission.