Cisco 2017 ACR: CSOs reveal Security Capabilities Benchmark Study
According to the Cisco 2017 Annual Cybersecurity Report (ACR), over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 per cent. Ninety per cent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
Now in its tenth year, the global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65 per cent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
]To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 per cent) of email with eight to 10 per cent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Cisco has successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year.
The 2017 ACR revealed the potential financial impact of attacks on businesses, from enterprises to SMBs. More than 50 per cent of organizations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention.
The 2017 ACR reports that just 56 per cent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage.
Cybersecurity has changed drastically since the inaugural Cisco Annual Security Report in 2007. While technology has helped attacks become more damaging and defenses become more sophisticated, the foundation of security remains as important as ever.
· In 2007, the ACR reported web and business applications were targets, often via social engineering, or user-introduced infractions. In 2017, hackers attack cloud-based applications, and spam has escalated.
· Ten years ago, malware attacks were on the rise, with organized crime profiting from them. In today’s shadow economy, thieves now run cybercrime as a business, offering low barrier-to-entry options to potential customers. Today, perpetrators can be anyone, anywhere; they don’t require a security background and can easily purchase “off-the-shelf” exploit kits.
· The 2007 report tracked 4,773 Cisco IntelliShield Security Alerts, mapping closely to the level seen by the National Vulnerability Database. By the 2017 report, for the same time period, the vendor-disclosed vulnerability alert volume had increased by 33 percent to 6,380. We believe the increase is driven by greater security awareness, an increased attack surface and an active adversary.
· In 2007, Cisco advised defenders to own a holistic approach to security, integrating tools, processes and policies, and educating stakeholders to protect their environments. Businesses looked to vendors for a comprehensive answer, often in vain, who instead prescribed piecemeal point solutions. In 2017, CSOs are grappling with the complexity of their environments. Cisco is combating this through an architectural approach to security, helping customers get more from existing security investments, increasing capability while decreasing complexity.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.