World's cyber attacks hit us much harder in past year – major infosec chief survey

Cisco report: Smacked orgs forked out $500k due to attacks

Cybersecurity breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.

Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, according to 3,600 security bods surveyed in Cisco’s annual cyber security report.

Financial damage included lost revenue, customers, opportunities, and out-of-pocket costs, said Switchzilla. Mark Weir, director of cybersecurity at Cisco UK & Ireland told The Register the figure of $500,000 “could even be slightly conservative”.

The survey found one-fifth of UK respondents identified between 250,000 and 500,000 security alerts a day in 2017.

Increased threats could also be expensive for businesses in other ways. Last month the UK government warned that critical infrastructure firms could face fines of up to £17m if they do not have adequate cybersecurity measures in place.

Weir said the increase in severity of attacks is a "worrying trend” but added some of the measures that are being put in place could take a while to have an effect.

One such tactic is the use of multiple security products to try to tackle the threat. Some 25 per cent of security professionals said they used products from 11 to 20 vendors, compared with 18 per cent in the previous year.

Weir noted malware and ransomware attacks have become more significant over the last 12 to 18 months, with denial-of-service attacks also becoming increasingly sophisticated, and impacting the bottom line.

He said email encryption is also on the rise - which creates more challenges and confusion when trying to identify and monitor potential threats.

Cisco threat researchers observed a more than threefold increase in encrypted network communication used by inspected malware samples over a 12-month period. "Our analysis of more than 400,000 malicious binaries found that about 70 percent had used at least some encryption as of October 2017,” the report stated.

Another major challenge spotted was patching systems - as seen during the outbreak of the WannaCry ransomware cryptoworm last year. Weir said that is particularly difficult when organisations have complex estates with multiple legacy systems that can no longer be patched.

He said application level security was a key area. "I still think is a real weakness across our entire industry. Some companies do it well, but not anywhere enough in the numbers needed to protect against attack.”

As such companies could see an increase in their financial and reputational loss next year.

“We talk about the threats of ransomware, malware, application level security and IoT threat… but the reality is these people will attack wherever they see weakness. So organisations must have defences across the piece.

"I think the severity of some of those attacks will increase. Security strategy has to start with protecting data... the preservation and security of that data is critical."

"Not surprisingly the people that propagate these attacks are very well funded, and well resourced. They work collaboratively, and I think as an industry we need to [do the same]," he added. ®

Sponsored: Minds Mastering Machines - Call for papers now open




Biting the hand that feeds IT © 1998–2018