The Cisco® 2016 Midyear Cybersecurity Report (MCR) has found that organisations are unprepared for future strains of more sophisticated ransomware.
Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.
So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organisations before coordinating ransom activities.
Visibility across the network and endpoints remains a primary challenge. On average, organisations take up to 200 days to identify new threats. Cisco’s median time to detection (TTD) continues to outpace the industry, hitting a new low of approximately 13 hours to detect previously unknown compromises for the six months ending in April 2016. This result is down from 17.5 hours for the period ending in October 2015. Faster time to detection of threats is critical to constrain attackers’ operational space and minimize damage from intrusions. This figure is based on opt-in security telemetry gathered from Cisco security products deployed worldwide.
In the face of sophisticated attacks, limited resources and aging infrastructure, defenders are struggling to keep pace with their adversaries. Data suggests defenders are less likely to address adequate network hygiene, such as patching, the more critical the technology is to business operations. For example:
- In the browser space, Google Chrome, which employs auto-updates, has 75 to 80% of users using the newest version of the browser, or one version behind.
- When we shift from looking at browsers to software, Java sees slow migrations with one-third of the systems examined running Java SE 6, which is being phased out by Oracle (the current version is SE 10).
- In Microsoft Office 2013, version 15x, 10 percent or less of the population of a major version are using the newest service pack version.
“As organisations capitalise on new business models presented by digital transformation, security is the critical foundation. Attackers are going undetected and expanding their time to operate,” said Marty Roesch, the vice president and chief architect in the Security Business Group at Cisco. “To close the attackers’ windows of opportunity, customers will require more visbility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities. As attackers continue to monetise their strikes and create highly profitable business models, Cisco is working with our customers to help them match and exceed their attackers’ level of sophistication, visbility and control.”
