Suffered a breach? Expect to lose cash, opportunities, and customers – report

Cisco research paints a grim picture of corporate defences

More than a third of organisations that experienced a breach last year reported substantial customer, opportunity and revenue loss.

The finding is one of the key takeaways from the latest edition of Cisco's annual cybersecurity report, which also suggests that defenders are struggling to improve defences against a growing range of threats.

The vast majority (90 per cent) of breached organisations are improving threat defence technologies and processes following attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security policies.

More than half of organisations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organisations that experienced an attack, the effect can be substantial: 22 per cent of breached organisations lost customers and 29 per cent lost revenue, with 38 per cent of that group losing more than 20 per cent of revenue. A third (33 per cent) of breached organisations lost business opportunities.

Hackers are going back to classic attack vectors dating back as far as 2010 and earlier, such as adware and email spam to exploit access points.

Spam has reached levels not seen for seven years, according to Cisco, accounting for nearly two-thirds (65 per cent) of email with 8 to 10 per cent cited as malicious. Penis pill promos and more mendacious pitches are sent via botnets of compromised PCs and servers.

A bright spot emerged with a drop in the use of large exploit kits such as Angler, Nuclear and Neutrino, whose owners were brought down last year, but smaller players rushed in to fill the gap.

Cybersecurity has experienced a dramatic change since the first Cisco Annual Security Report in 2007. Back then, the ASR reported that web and business applications were targets, often via social engineering, or "user-introduced infractions". In 2017, hackers attack cloud-based applications, and spam has escalated. The formation of well-structured and intelligent cybercrime networks has brought numerous new challenges for businesses.

The 2017 edition of Cisco's study reports that just 56 per cent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leave gaps that hackers might be able to exploit.

Cybercrime is becoming more "corporate". "While attackers continue to leverage time-tested techniques," Cisco reports, "they also employ new approaches that mirror the 'middle management' structure of their corporate targets."

Ten years ago, malware attacks were on the rise, with organised crime profiting from them. In today's shadow economy, thieves now run cybercrime as a business, offering low barrier-to-entry options to potential customers through easily purchased "off-the-shelf" exploit kits and other illicit wares.

Cisco's 2017 report can be found here (registration required). ®


Biting the hand that feeds IT © 1998–2017