Only 45 Percent of Organizations Confident in Ability to Repel a Cyberattack
According to the Cisco 2016 Annual Security Report released on Tuesday, fewer than half of worldwide organizations are confident in their ability to repel a cyberattack due to the sophisticated and resilient nature of campaigns now being launched by hackers. The report indicates 45% of organizations are no longer confident of their security posture.
48% of security executives said they were very concerned about security, while 41% indicated they were much more concerned than they were three years ago. There are very real causes for concern. Many organizations are operating an aging infrastructure and the vast majority – 92% – of Internet-connected devices in use contain known security vulnerabilities. Just under a third of devices being used no longer have vendor support.
Highly Sophisticated Cyberattacks Proving Hard to Repel
Investment in cybersecurity defenses has increased considerably in recent years to address the elevated risk of attack. However, attackers have upped the ante and are conducting ever more sophisticated attacks that are proving difficult to repel.
Cybercriminals are now using information posted by employees in personal social media accounts. Weak links are being found and targeted to gain access to corporate networks.
The attack surface is now larger than ever before making it even harder to deploy defenses to country all threats. Those threats include ransomware, which has plagued organizations over the past 12 months. Each ransomware attack earns criminals around $34 million a year, while just one Angler Exploit kit attack was calculated to be earning cybercriminals in excess of $55 million per year.
Malicious browser extensions are increasingly being used to attack organizations. Unpatched browsers represent a serious security risk, yet many organizations are prevented from installing updates due to compatibility issues with applications. The report indicates 85% of companies have suffered data leaks as a result of malicious browser extensions.
Hackers are also changing the way they attack companies, with many now concentrating on compromised servers. WordPress websites are increasingly being used to launch attacks. The report shows that this type of attack increased by 221% in just 9 months last year.
When an attack is suffered it takes a long time to be discovered, although the situation is improving. Cisco calculates the detection time as now being 17.5 hours, which is a major improvement on the mid-year figures the company produced which were more than twice that figure. Fast detection of cyberattacks is critical in order to limit the damage caused, although 17.5 hours is still far too long.
Another major problem highlighted by the report, which will be of particular concern to healthcare organizations, is the relative lack of security controls implemented by SMBs. The structural weaknesses of business associates could see their systems compromised and used to launch attacks on organizations that work with them.
Addressing the Elevated Cybersecurity Risk
Cisco reports a major increase in HTTPS as a method of securing web traffic. The report indicates that HTTPS to soon become the dominant form of Internet traffic, although it is far from a complete solution. It may even hamper the efforts of security companies to produce effective security products, as it makes it much harder to track threats.
While it is becoming harder to stop attacks, fortunately security professionals are now becoming increasingly aware of the weaknesses in their own defenses. This should make it easier for them to implement the necessary controls to bolster their security. However, for that to happen, cybersecurity budgets will almost certainly need to be increased.