Organization to adopt ‘all hands on deck’ approach to counter cyber attacks-Cisco Systems



With attackers becoming more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity, it then becomes necessary for organizations to adopt a ‘all hands on deck’ approach to defend themselves.

This is according to the Cisco 2015 Annual Security Report  which examines both threat intelligence and cybersecurity trends and which revealed that defenders, namely, security teams, must be constantly improving their approach to protect their organization from these increasingly sophisticated cyber attack campaigns.

These issues are further complicated by the geopolitical motivations of the attackers, conflicting cross-border data localizations and sovereignty requirements.

The report findings conclude that its time for corporate boards to take a role in setting security priorities and expectations

 “Online criminals are expanding their tactics and morphing their messages to carry out cyber-attack campaigns and make it harder to detect them,” read part of the report.

The top three trends that Cisco’s threat intelligence uncovered are Snowshoe spam where attackers send low volumes of spam from a large set of IP addresses to avoid detection, Web Exploits Hiding in Plain Site and Malicious Combinations where Flash and JavaScript weakest parts  are combined and Flash malware can now interact with JavaScript to hide malicious activity by sharing an exploit between two different files: one Flash, one JavaScript.

“Users are caught in the middle. Not only are they the targets, but end-users are unknowingly aiding cyber attacks. Throughout 2014, Cisco threat intelligence research revealed that attackers have increasingly shifted their focus from servers and operating systems as more users are downloading from compromised sites leading to a 280% increase in Silverlight attacks along with a 250% increase in spam and malvertising exploits,” read the report

 While many defenders believe their security processes are optimized—and their security tools are effective—in truth, their security readiness likely needs improvement.