Says Sophisticated Cyberattacks Are Defining the Innovation Race between Adversaries and Defenders
The Cisco 2015 Midyear Security Report analyzes threat intelligence and cybersecurity trends, reveals the critical need for organizations to reduce time to detection (TTD) in order to remediate against sophisticated attacks by highly motivated threat actors.
The Angler Exploit Kit represents the types of common threats that will challenge organizations as the digital economy and the Internet of Everything (IoE) create new attack vectors and monetization opportunities for adversaries.
With the digitization of business and the IoE, malware and threats become even more pervasive. The average TTD for Cisco Advanced Malware Protection (AMP), with its retrospective analysis of attacks that make it past existing defenses, is 46 hours.
Other key findings include: Exploits of Adobe Flash vulnerabilities, In the first half of 2015, there has been a 66% increase in Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system over all of 2014, Ransomware remains highly lucrative for hackers as they continue to release new variants and Dridex: Campaigns on the Fly.
Organizations face significant challenges with point product solutions and need to consider an integrated threat defense architecture that embeds security everywhere and will enforce at any control point. As the security industry addresses increased fragmentation, a dynamic threat landscape, and how to cope with a rising shortfall of skilled talent, businesses must invest in effective, sustainable and trusted security solutions and professional services. Global cyber governance is not prepared to handle the emerging threat landscape or geopolitical challenges. A collaborative, multi-stakeholder cyber governance framework is required to sustain business innovation and economic growth on a global stage. Organizations should demand that their technology vendors are transparent about and able to demonstrate the security they build into their products in order to be considered trustworthy.
Commenting on the reports John N. Stewart, senior vice president, chief security and trust officer, Cisco said, βThe technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks. We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us. Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. We’re committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.β