Deficient Security Gives Cyber-Attackers Free Rein

 
 
By Karen A. Frenkel  |  Posted 11-18-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Deficient Security Gives Cyber-Attackers Free Rein
    Next

    Deficient Security Gives Cyber-Attackers Free Rein

    Cyber-attackers usually have ample time to damage a company's security because of its fragile infrastructure, poor network hygiene and slow detection rates.
  • Previous
    Ransomware Dominates Malware
    Next

    Ransomware Dominates Malware

    Ransomware is the most profitable malware type, and businesses are the top target. During Q1 and Q2 2016, ransomware targeted both individual and enterprise users, and it became more widespread and potent.
  • Previous
    Exploit Kits Plumb Adobe Flash Vulnerabilities
    Next

    Exploit Kits Plumb Adobe Flash Vulnerabilities

    Cisco researchers examined Nuclear Exploit Kit and found that Adobe Flash accounts for 80% of successful exploits.
  • Previous
    JBoss Used For Ransomware Campaigns
    Next

    JBoss Used For Ransomware Campaigns

    JBoss-related compromises have made significant inroads in servers, leaving them vulnerable to attack.
  • Previous
    HTTPS Traffic Increases
    Next

    HTTPS Traffic Increases

    There was a fivefold increase in HTTPS traffic related to malicious activity, which can be attributed to malicious ad injectors and adware. Increased use conceals attackers' activity on the web and expands their time to operate.
  • Previous
    Patches Downloaded Too Late
    Next

    Patches Downloaded Too Late

    Major vendors supply patches when vulnerabilities are announced, but many users do not download and install them in a timely matter. The gap between availability and implementation gives attackers ample time to launch exploits.
  • Previous
    Old Vulnerabilities Persist
    Next

    Old Vulnerabilities Persist

    An examination of infrastructure and patches to operating systems reveals that 23% of devices have vulnerabilities dating back to 2011. 16% have vulnerabilities that were first published in 2009.
  • Previous
    Attackers Hide by Using Transport Layer Security
    Next

    Attackers Hide by Using Transport Layer Security

    Transport Layer Security (TLS), the protocol for encrypting network traffic, is being used by attackers to hide what they're doing. This makes deep-packet inspection ineffective.
  • Previous
    Time to Detection Rates Are Intolerable
    Next

    Time to Detection Rates Are Intolerable

    The current time to detection rate of 100 to 200 days is unacceptable. With adversaries constantly unleashing new threats, companies must move swiftly. Between December 2015 and April 2016, Cisco reduced its median TTD to 13 hours.
  • Previous
    Recommendations
    Next

    Recommendations

    Institute and test an incident response plan to enable swift return to normal business operations after a ransomware attack. Do not blindly trust HTTPS connections and SSL certificates. Patch published vulnerabilities quickly in software and systems, including routers and switches. Educate users about the threat of malicious browser infections. Understand what actionable threat intelligence is.
  • Previous
    More Recommendations
    Next

    More Recommendations

    Integrate defenses by leveraging an architectural approach to security versus deploying niche products. Measure time to detection. Insist on the fastest time available to uncover threats, then mitigate against them immediately. Include metrics in the security policy. Protect your users everywhere they work—not just the systems they interact with and when they are on the corporate network. Back up critical data and routinely test effectiveness to confirm that backups are not susceptible to compromise.
 

Cyber-attackers often enjoy unconstrained time in an organization's network because they outpace their victims' ability to respond, according to a new report. But if companies limit intruders' time to wreak havoc, forcing them to make decisions under pressure, the hackers are more likely to be discovered and taken down. Furthermore, fragile infrastructure, poor network hygiene and slow detection rates provide ample time for attackers to operate. The report, "Cisco 2016 Midyear Cyber-Security Report," also finds that adversaries have become more focused on generating revenue. Ransomware is a particularly effective moneymaker, and organizations are unprepared for the more sophisticated ransomware to come. The report says, "The more [attackers] need to adapt, the more likely they are to leave a trail that will ultimately lead to their identification—no matter how many ways they try to evade detection and cover their tracks." The report is based on data gathered by Cisco Collective Security Intelligence, a daily ingest of 40 billion points of telemetry. Below are the report's major findings and recommendations.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...