Cisco released the 2017 Annual Cyber security Report (ACR) during the Cisco Connect East Africa 2017. According to the Cisco®2017 ACR, over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent. 90 percent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
Now in its 10th year, the global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cyber crime and shifting attack modes. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures.
Leaders also reveal that their security departments are increasingly complex environments with 65 percent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 percent) of email with eight to ten percent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat. Faster time to detection is critical to constrain attackers’ operational space and minimize damage from intrusions. Cisco has successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year.
The 2017 ACR reported that just 56 percent of security alerts are investigated and less than half of legitimate alerts re-mediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage. Cisco advises these steps to prevent, detect, and mitigate threats and minimize risk:
- Make security a business priority: Executive leadership must own and evangelize security and fund it as a priority.
- Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data.
- Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices.
- Adopt an integrated defense approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interchangeability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.