2016 Cisco Midyear Security Report Released, the Key Takeaways

Close up of green network cables connected to switch glowing in the dark

Ransomware is the most profitable malware type in history, and Cisco predicts that ransomware as a whole will become more sophisticated, destructive, and dangerous as time goes on. Attackers continue to innovate, and defenders are struggling to plug the holes in their networks. The 2016 Cisco Midyear Security report was released last week, and Cisco’s findings for the first half of 2016 highlight the increasing sophistication of attackers’ tactics, as well as the stagnation of corporate cybersecurity practices.

Aging infrastructure, poor network hygiene, and slow rates of detection all contribute to the growing ease (and therefore profitability) of hacking. According to the report, the primary focus of defenders should be limiting the amount of time an attacker has to work within the system. Hackers are also switching from client-focused attacks to more difficult-to-detect, server-side attacks, and they’re using encryption to further hide their activities.

The thrust of Cisco’s findings is this: corporations are almost totally dependent on technology; the more dependent a corporation is on a piece of technology for everyday operation, the less likely they are to update the tech (updates can cause outages, and the biggest pieces of infrastructure are expensive or unwieldy to update). Also, with all of the various endpoints, web browsers, and applications that eventually become part of a business network, there is a lot of software and equipment to keep updated. For example, 23 to 33 percent of systems are running Java SE 6 – a version of Java being phased out by Oracle. Even users with the most recent version of Java may still have the old, vulnerable version running on their computer and opening the network up to attack.

Worse, Cisco researchers looked at 103,121 Cisco devices connected to the Internet and found that:

  • Each device on average was running 28 known vulnerabilities.

  • Devices had been actively running known vulnerabilities for an average of 5.64 years.

  • More than 9 percent had known vulnerabilities older than 10 years.*

But that’s what Cisco’s security reports are for. Ignoring these issues will not make attackers stop trying to get at critical business data – addressing them and decreasing the time to detection will. The industry average time to detection is 200 days. Cisco has brought their median TTD to 13 hours. Most corporate IT departments don’t even track TTD, and yet Cisco’s research pinpoints it as one of the metrics we should be most focused on before, during, and after an attack. Cisco’s Talos researchers have observed that there are more simple yet significant steps that organizations can take to protect themselves, including:

  • Improve network hygiene by monitoring the network; deploying patches and upgrades on time; segmenting the network; and implementing defenses at the edge, including email and web security, Next-Generation Firewalls and Next-Generation IPS.

  • Integrate defenses by leveraging an architectural approach to security versus deploying niche products.

  • Measure time to detection, insist on fastest time available to uncover threats then mitigate against them immediately. Make metrics part of organizational security policy going forward.

  • Protect your users everywhere they are and wherever they work, not just the systems they interact with and when they are on the corporate network.

  • Back up critical data, and routinely test backup effectiveness while confirming that backups are not susceptible to compromise.*

The threat landscape is evolving, and your business is a target regardless of your security practices. Let Liberty Technology help you secure your network. Call (770) 229-9424 and find out how today.

*Sections of content used with the permission of http://thenetwork.cisco.com/.