The recent study Cisco 2016 Midyear Cybersecurity Report indicates that organizations are not prepared for the arrival of more sophisticated ransomware strains. Weak infrastructure, inadequate care of the network and slow detection times are giving cyber criminals plenty of time and plenty of room to operate.
According to the results of the report the fight to limit the working area of hackers is the biggest challenge for companies, as well as a threat to digital transformation. The study results also point out that opponents are directing their attention towards server-side attacks, continuing to evolve methods of attack and increasing the use of encryption to mask their activities.
In the first half of 2016, ransomware has become the most lucrative malware ever. According to Cisco, this trend will continue with the arrival of even more destructive strains that can spread on their own and to hold entire networks and companies hostage.
New strains modular ransomware will be able to change their diffusion tactics quickly to maximize efficiency. For example, future attacks and ransomware will evade detection, managing to limit the CPU utilization and to refrain from command and control actions.
Visibility across networks and endpoints remains a primary challenge. On average, organizations employing up to 200 days to identify new threats. The average time to Cisco for detection (TTD: time to detection) exceeds the industry standard, with a new minimum of time about 13 hours to detect previously unknown impairments relatively to the six months ended in April 2016. This result lowers the average level recorded in the period ending in October 2015 amounted to 17.5 hours.
Although organizations in critical areas such as health have marked a small improvement concerning attacks in recent months, the results of the report indicate that all vertical sectors and all regions of the world can be targeted. In the first half of 2016, it was recorded an increase in direct attacks on society, companies, non-profit organizations, non-governmental organizations (NGOs) and businesses operating in the field of electronics.
In the face of sophisticated attacks, aging infrastructure and limited resources, security managers are struggling to keep up with their opponents. The data suggest that security managers have trouble taking proper care of the network, starting from patch application to the most critical technologies for the business.
Cisco has found that much of the infrastructure under consideration is not supported or work with known vulnerabilities. Specifically, the researchers looked at 103,121 Cisco Internet-connected devices and found that on average on each device are running 28 known vulnerabilities, and known vulnerabilities were present on average for about 5 years, including more than 9% of vulnerabilities are known for over a decade.
Browser updates are the least heavy for endpoints, while enterprise applications and server infrastructures are more difficult to upgrade because they can cause business continuity problems. In essence, most application is critical to your business and less likely to be updated, creating gaps and opportunities to be attacked.
In the end, Cisco report suggests some simple steps to protect corporate environments.
- Improve the cleanliness of the network by distributing timely patches and updates and implementing perimeter defenses, including solutions for the protection of email and web security, firewall, and next-generation IPS.
- Measure the detection time, get a time threat detection as fast as possible and immediately take countermeasures to limit the damage. Establish security policies that also include metrics at the time of detection and threat mitigation.
- Protect users wherever they are and wherever they are working, not to restrict the protection to systems and devices used when you are connected to the corporate network.
- Back up your critical data and systematically test their effectiveness also making sure that the back-ups are not at risk of being compromised.