More than one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 per cent, according to the Cisco 2017 Annual Cybersecurity Report (ACR).

 Ninety per cent of these organizations are improving threat defence technologies and processes after attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent).

Now in its 10th year, the global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. Chief security officers (CSOs) cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65 per cent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.

“In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture,” said Shukri Eid, managing director – East Region, Cisco Middle East.

To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 per cent) of email with eight to 10 per cent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.

Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Faster time to detection is critical to constrain attackers’ operational space and minimize damage from intrusions. Cisco has successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.

“One of our key metrics highlighted in the 2017 Annual Cybersecurity Report is the ‘time to detection’ – the time it takes to find and mitigate against malicious activity. We have brought that number down to as low as six hours,” said Scott Manson, cyber security leader for Middle East and Turkey, Cisco.

“A new metric – the ‘time to evolve’ – looked at how quickly threat actors changed their attacks to mask their identity. With these and other measures gleaned from report findings, and working with organizations to automate and integrate their threat defence, we can better help them minimize financial and operational risk and grow their business,” he added.

The business cost of cyber threats: Lost customers, lost revenue

The 2017 ACR revealed the potential financial impact of attacks on businesses, from enterprises to SMBs. More than 50 per cent of organizations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organizations that experienced an attack, the effect was substantial:

•    Twenty-two per cent of breached organizations lost customers — 40 per cent of them lost more than 20 per cent of their customer base.

•    Twenty-nine per cent lost revenue, with 38 per cent of that group losing more than 20 per cent of revenue.

•    Twenty-three per cent of breached organizations lost business opportunities, with 42 per cent of them losing more than 20 per cent.

Hacker operations and new “business” models

In 2016, hacking became more “corporate.” Dynamic changes in the technology landscape, led by digitization, are creating opportunities for cybercriminals. While attackers continue to leverage time-tested techniques, they also employ new approaches that mirror the “middle management” structure of their corporate targets.

•    New attack methods model corporate hierarchies: Certain malvertising campaigns employed brokers (or “gates”) that act as middle managers, masking malicious activity. Adversaries can then move with greater speed, maintain their operational space, and evade detection.

•    Cloud opportunity and risk: Twenty-seven per cent of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorized as high risk and created significant security concerns.

•    Old-fashioned adware   software that downloads advertising without user permission – continued to prove successful, infecting 75 per cent of organizations investigated.

•    A bright spot emerged with a drop in the use of large exploit kits such as Angler, Nuclear and Neutrino, whose owners were brought down in 2016, but smaller players rushed in to fill the gap.

Secure the business, maintain vigilance

The 2017 ACR reports that just 56 per cent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage. Cisco advises these steps to prevent, detect, and mitigate threats and minimize risk:

•    Make security a business priority: Executive leadership must own and evangelize security and fund it as a priority.

•    Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data.

•    Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices.

•    Adopt an integrated defence approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats. - TradeArabia News Service