Time-to-detection key to prevent sophisticated cyberattacks
Organisations must reduce the time to detection to remediate against sophisticated cyber attacks, according to new findings from Cisco's 2015 Midyear Security Report, released today.
The digital economy and Internet of Everything is created new attack vectors and monetisation opportunities for adversaries, which is challenging organisations, Cisco explains.
The report shows that new risks associated with Flash, the evolution of ransomware, and the Dridex mutating malware campaign, reinforce the need for reduced time to detection.
Cisco explains the digitisation of business and the IoE means malware and threats have become even more pervasive, which shines a light on the security industry's estimates of 100 to 200 days for TTD.
In contrast, the average TTD for Cisco Advanced Malware Protection (AMP), with its retrospective analysis of attacks that make it past existing defences, is 46 hours.
The findings underscore the need for businesses to deploy integrated solutions vs. point products, work with trustworthy vendors, and enlist security services providers for guidance and assessment, the security firm says.
"Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness," says Jason Brvenik, principal engineer, Security Business Group, Cisco.
"We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware. A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days.
"The question of 'what do you do when you are compromised' highlights the need for organisations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their vendors help them to reduce this metric to minutes," Brvenik says.
Further findings of the report show exploits of Adobe Flash vulnerabilities, which are integrated into Angler and Nuclear exploit kits, are on the rise. Cisco says this is due to a lack of automated patching, as well as consumers who fail to update immediately.
The report says that in the first half of 2015, there has been a 66% increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system over all of 2014.
At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.
The report shows ransomware remains highly lucrative for hackers as they continue to release new variants. "Ransomware operations have matured to the point that they are completely automated and carried out through the dark web," Cisco says. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin.
Cisco says the innovation race between adversaries and security vendors is accelerating, placing end users and organisations at increasing risk. "Vendors must be vigilant in developing integrated security solutions that help organisations be proactive and align the right people, processes, and technology," the company explains.
"Organisations face significant challenges with point product solutions and need to consider an integrated threat defence architecture that embeds security everywhere, and will enforce at any control point.
Cisco says businesses must invest in effective, sustainable and trusted security solutions and professional services, as the security industry addresses increased fragmentation, a dynamic threat landscape, and how to cope with a rising shortfall of skilled talent.
The report claims global cyber governance is not prepared to handle the emerging threat landscape or geopolitical challenges. "The question of boundaries - how governments collect data about citizens and businesses and share among jurisdictions -is a significant hurdle to achieving cohesive cyber governance as worldwide cooperation is limited," it says. "A collaborative, multi-stakeholder cyber governance framework is required to sustain business innovation and economic growth on a global stage.
Cisco says organisations must demand their technology vendors are transparent about and able to demonstrate the security they build into their products in order to be considered trustworthy. "These organisations must carry this understanding across all aspects of product development starting with the supply chain and through the deployed life of their products," the company explains. "They must ask vendors to contractually back up their claims and demand better security.
John N. Stewart, senior vice president, chief security and trust officer, Cisco, says, "Organisations cannot just accept that compromise is inevitable, even if it feels like it today.
"The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks," he says.
"This is where we are leading. We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us," Stewart explains. "Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle.
"We're committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines," he says.