Cisco's 2016 Security Report: Attacks getting stronger, defender confidence dropping
On Tuesday, January 19, Cisco released its 2016 Annual Security Report, highlighting the progression of cybersecurity and what businesses can expect as they move more into the new year. The full report (with appendix) is 87 pages long, so we'll give you the highlights.
One of the top findings from this year's report was that defender confidence is dropping, with only 45% of global organizations worldwide confident in their security relative to today's threats. However, many executive said they expect greater transparency on security in the future. According to a company press release: "This points to security as a growing boardroom concern."
Still, these growing concerns are acting as a catalyst for organizations to improve their security practices, as they know where their weaknesses are and what they need to work on.
SEE: Hackers' modus operandi: 5 insights that may help identify emerging threats
Aging infrastructure also played a role in poor security posture with 92% of internet devices operating with known vulnerabilities. Jason Brvenik, principal engineer for the Security Business Group at Cisco, said that some were running with up to 26 vulnerabilities. Additionally, 31% of devices are running with no vendor support.
"The second highest barrier to adopting advanced security practices and technologies are compatibility issues," Brvenik said.
Cisco's report also identified another, relational threat to enterprises—SMBs. Based on the report's finding, SMBs use fewer tools to identify and defend against security threats. These "structural weaknesses" present a potential risk to enterprises that may be working with SMBs in some capacity.
However, SMBs are improving their security due, in part, to outsourcing security services. All in all, outsourcing security is on the rise across the board with more than half of all larger organizations outsourcing consulting services, as well as a good number of businesses outsourcing auditing, monitoring, incident response, and more.
With all the changes in the way security is handled on the business side of things, it begs the question of where the major threats are happening now and where they'll come from in the future.
For one, social media platforms are growing as a foundation for criminals to carry out their campaigns—especially when it comes
to compromised servers, like those for WordPress. Between February and October 2015, the number of WordPress domains that were being used by cybercriminals grew by a staggering 221%, according to the report.
Another growing risk is the browser—specifically, malicious browser extensions that have impacted more than 85% in terms of data leakage. Craig Williams, senior technical leader at Cisco, said that he wasn't surprised by this number, though.
"The fact of the matter is, these days, if you're not patching your browser and if you're not patching the plugins, you're going to be attacked by a massive number of threats," Williams said.
However, Williams said, there are legitimate reasons to not patch a browser, such as applications that require certain library versions. But, in this day and age, there are so many options for web browsers that there isn't really an excuse.
WHITE PAPER: Securing #GenMobile: Is Your Business Running the Risk?
Being that most cybersecurity issues involve the internet, of course Cisco had to take a look at DNS risks. Of "known bad" malware, the Cisco report found that almost 92% used DNS to carry out their campaigns. While he wasn't totally surprised by the number, Williams said he would have originally guessed it to be closer to 85%.
HTTPS encrypted traffic is growing and, based on what Cisco observed in 2015, they believe it will soon become the leading form of traffic online. And, while that may seem like a good thing on the surface, it could introduce other problems.
"Although encryption can help protect consumers, it also can undermine the effectiveness of security products, making it more difficult for the security community to track threats," the report said. "Adding to the challenge, some malware may initiate encrypted communications across a diverse set of ports."
The three big takeaways
- Attacks are increasing and organization are losing confidence in their ability to stop them, which could serve as a catalyst for greater investments in security and greater demand for third party and cloud security services.
- SMBs have particular risks, and so do the larger organizations that partner with them.
- The rise of HTTPS to secure web traffic offers new protections, but it's not a silver bullet and could be co-opted by attackers to better cover their tracks.