The Cisco 2017 Annual Cybersecurity Report has just been released, so we asked our head of technical services, Geraint Williams, to comment on the findings.
After reading through the report and its findings, it is clear that the main points (below) fit with what we see when we conduct security audits and assessments.
Main points from the report
- Increased attack surface area
The cyber perimeter of organisations has not been restricted to their physical boundaries for some time, and the continued blurring of the line between work and private lives has further increased the attack surface area of many organisations. The increasing use of BYOD and home-working schemes, with employees carrying their devices everywhere, has continued to expand the security perimeter so that organisations’ physical borders have become a hub within the cyber perimeter. The security perimeter has also been extended beyond organisations’ physical devices to the immaterial and unlimited space represented by the Cloud environment, where Cloud solutions are being increasingly adopted worldwide. Another factor contributing to increased attack surface areas is the Internet of Everything (IoE), as devices with limited computational resources that lack sophisticated security mechanisms and updates are added into organisational environments.
- More equipped adversaries
There are increasingly more adversaries. In particular, there is an increasingly large number of new adversaries with limited skills. Over time, some of these adversaries gain the skills necessary to exceed their peers and perform more sophisticated attacks. Additionally, the adversaries are better equipped in terms of resources, tools and knowledge than ever before. They can count on a wide portfolio of tools and techniques (like malware, adware, phishing emails, etc.) that have been carefully thought out and developed to maximise the likelihood of an attack’s success, meaning that the attack itself represents only the tip of the iceberg. Adversaries dedicate time to conducting research, identifying targets and selecting the best tools to use.
- More reactive defenders
Adversaries are being proactive in taking advantage of the fast-changing cyber landscape in the hope of finding defenders unprepared. However, the defenders have not been able to proactively implement preventive defences, but have been forced into a reactive position by the attackers. The reason for this is the scale of the onslaught face by defenders, with a vast number of events that need to be analysed for attack signatures.
- Need for automated threat detection
Of all the events generated by the normal activities of an organisation, suspicious events account for only 0.02%, meaning that security professionals are faced with the proverbial needle in the haystack and have to monitor and skim a large number of activities. Furthermore, because of a lack of skilled professionals and ad hoc tools, of all security alerts received each day, on average only 56% are investigated and only 46% of those investigated and found to be legitimate are remediated, leaving a shocking 54% of legitimate alerts unaddressed. Automation seems to be the only solution that can cut through the noise, identify the true threats and make sure that they are remediated.
- Need for automated security architecture
An automated security architecture would streamline risk detection and mitigation, giving defenders time to concentrate on more complex and persistent issues. This could be a great solution for companies that work to a tight budget and lack skilled professionals. Additionally, increased sharing of intelligence about attackers and their methodologies, not just within an industry sector but across all sectors, would allow for more proactive defence.
Look for the best
IT Governance is a professional consultancy and technical services firm providing security and penetration testing which respects the rigorous standards mandated by the Council of Registered Ethical Security Testers (CREST). If you wish to speak to Geraint or to one of our technical services consultants about the best way to test the efficacy of your security defences, call +44 (0)845 070 1750 or email firstname.lastname@example.org.