The 2017 ACR revealed the potential financial impact of attacks on businesses, from enterprises to SMBs. More than 50 percent of organizations faced public scrutiny after a security breach. Operations and finance systems were the most affected, followed by brand reputation and customer retention. For organizations that experienced an attack, the effect was substantial:
- Twenty-two percent of breached organizations lost customers — 40 percent of them lost more than 20 percent of their customer base.
- Twenty-nine percent lost revenue, with 38 percent of that group losing more than 20 percent of revenue.
- Twenty-three percent of breached organizations lost business opportunities, with 42 percent of them losing more than 20 percent.
Hacker Operations and New “Business” Models
In 2016, hacking became more “corporate.” Dynamic changes in the technology landscape, led by digitization, are creating opportunities for cybercriminals. While attackers continue to leverage time-tested techniques, they also employ new approaches that mirror the “middle management” structure of their corporate targets.
- New attack methods model corporate hierarchies: Certain malvertising campaigns employed brokers (or “gates”) that act as middle managers, masking malicious activity. Adversaries can then move with greater speed, maintain their operational space, and evade detection.
- Cloud opportunity and risk: Twenty-seven percent of employee-introduced, third-party cloud applications, intended to open up new business opportunities and increase efficiencies, were categorized as high risk and created significant security concerns.
- Old-fashioned adware ‑ software that downloads advertising without user permission – continued to prove successful, infecting 75 percent of organizations investigated.
- A bright spot emerged with a drop in the use of large exploit kits such as Angler, Nuclear and Neutrino, whose owners were brought down in 2016, but smaller players rushed in to fill the gap.
Secure the Business, Maintain Vigilance
The 2017 ACR reports that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage. Cisco advises these steps to prevent, detect, and mitigate threats and minimize risk:
- Make security a business priority: Executive leadership must own and evangelize security and fund it as a priority.
- Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data.
- Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices.
- Adopt an integrated defense approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.
Cisco Annual Cybersecurity Report – 10 Years of Data and Insights
Cybersecurity has changed drastically since the inaugural Cisco Annual Security Report in 2007. While technology has helped attacks become more damaging and defenses become more sophisticated, the foundation of security remains as important as ever.
- In 2007, the ACR reported web and business applications were targets, often via social engineering, or user-introduced infractions. In 2017, hackers attack cloud-based applications, and spam has escalated.
- Ten years ago, malware attacks were on the rise, with organized crime profiting from them. In today’s shadow economy, thieves now run cybercrime as a business, offering low barrier-to-entry options to potential customers. Today perpetrators can be anyone, anywhere; they don’t require a security background and can easily purchase “off-the-shelf” exploit kits.
- The 2007 report tracked 4,773 Cisco IntelliShield Security Alerts, mapping closely to the level seen by the National Vulnerability Database. By the 2017 report, for the same time period, the vendor-disclosed vulnerability alert volume had increased by 33 percent to 6,380. We believe the increase is driven by greater security awareness, an increased attack surface and an active adversary.
- In 2007 Cisco advised defenders to own a holistic approach to security, integrating tools, processes and policies, and educating stakeholders to protect their environments. Businesses looked to vendors for a comprehensive answer, often in vain, who instead prescribed piecemeal point solutions. In 2017 CSOs are grappling with the complexity of their environments. Cisco is combatting this through an architectural approach to security, helping customers get more from existing security investments, increasing capability while decreasing complexity.