This year’s Annual Cybersecurity Report from Cisco is a compelling call to stay vigilant in the face of cyberwarfare. While you could get haunted reading about the increasing sophistication of attackers and become fatalistic or passive in the face of it, the 2018 report makes it clear right from the start that defenders are not in a helpless or hopeless situation.
In its opening lines, the Cisco report urges a proactive way of thinking: “What if defenders could see the future? If they knew an attack was coming, they could stop it, or at least mitigate its impact and help ensure what they need to protect most is safe. The fact is, defenders can see what’s on the horizon. Many clues are out there—and obvious.”
A problem exists, however, in that many of us tend to dismiss incidents in other parts of the world as not immediately pertinent to us. Instead, the report says, we should be paying attention to all that these incidents tell us about “the speed and scale at which adversaries are amassing and refining their cyber weaponry.”
Three Things About Today’s Attack Landscape You Must Know
Each year, the Annual Cybersecurity Report urges us to pay attention to certain themes. This year’s themes show us how insidious the attack landscape has become:
- Last year’s report devoted attention to the rising threat of malware. In 2018, it’s become an even tougher theater of attack. Network-based cryptoworms, such as with WannaCry and Nyetya, mean that the human element is no longer needed to conduct a ransomware campaign. “And for some adversaries,” states the report, “the prize isn’t ransom, but obliteration of systems and data, as Nyetya—wiper malware masquerading as ransomware—proved.”
- In addition, adversaries are becoming increasingly adept at weaponizing cloud services and other technology normally used for legitimate purposes. The most dramatic example of this during the past year has been with the ability of attackers to use encryption—meant to enhance security—to further their aims. Says Cisco’s Chief Security and Trust Officer John Stewart in his blog recapping the report, “As the volume of encrypted global web traffic grows, adversaries are broadening their use of encryption as a way to mask command-and-control activity, providing them more time to operate and inflict damage sight-unseen.”
- A third avenue of exploitation in the attack landscape is undefended gaps in security that exist with the Internet of Things and cloud services. Particularly concerning in this regard are findings in the report revealing that while defenders are deploying IoT devices at a rapid pace, many of them are unpatched and unmonitored. Furthermore, an unsettling number of defenders seem unmotivated to remediate security vulnerabilities with their IoT devices.
Says John Stewart, “Of note are DevOps systems and services, often exposed because they were deployed improperly or left open intentionally for convenience. Additionally, industrial control systems at the heart of all manufacturing, and process control systems linked to other electronic infrastructure, are creating a highly connected ecosystem of vulnerable devices that attackers are eager to compromise.”
Meeting Sophisticated Attacks with Sophisticated Defense
In terms of what defenders can do, let’s get back to idea at the beginning of this post that defenders can see what’s out there on the horizon in terms of threat, and detect obvious clues. It turns out that defenders are upping their game by using advancing technologies like automation, machine learning, and artificial intelligence to help protect themselves. “These advanced capabilities,” the report says, “can enhance network security defenses and, over time, ‘learn’ how to automatically detect unusual patterns in web traffic that might indicate malicious activity.”
Because cybersecurity skills in many organizations are lagging behind demand, the ability of machine learning to identify meaningful patterns in large volumes of encrypted data, and then alert teams, can help those teams overcome skills gaps and respond more quickly to threats. While the report indicates that a number of chief information security officers are frustrated by the high number of “false positives” that artificial intelligence and machine learning systems can generate, the report also predicts that these tools will become more reliable as they mature and make better distinctions between what is normal network activity and what is not.
Defenders also use behavior analytics to locate malicious actors in networks. They can apply this data to mitigate attacks and, yes, get that clearer view of what’s on the horizon.
But Don’t Forget the Basics of Cyberdefense
Even with the allure of new solutions, the 2018 report makes it clear that traditional techniques for protecting oneself are paramount. Says Stewart, “Self-propagating, network-based attacks like WannaCry and Nyetya could have been prevented or at least had minimized impact if more organizations had applied fundamental security practices such as patching, setting appropriate incident response processes and policies, and segmenting their networks. Basic hygiene is critical and must not be ignored.”
In fact, while this year’s report is a galvanizing call to action to up one’s game on the field of attack, it is equally urgent about how sloppy many of us are about the basics of defense. Again, John Stewart: ”In the past year, we’ve seen uninvestigated alerts continue to create huge business risk, and yet many remain not remediated. Of the 93 percent of organizations that experienced a security alert, 44 percent were not even investigated. Of the 56 percent that were investigated, only 51 percent of the legitimate alerts were remediated, leaving almost half untouched and the organization vulnerable. How can this be? This is a direct call for greater innovation, diligence and better answers to our challenges.”
Don’t be helpless. Read the report for more detail and make sure you and your team are doing all you can to combat adversaries and meet the threat. And if you need some help bringing a concerted cybersecurity campaign to your larger organization, be sure to visit our paper “IT and Business Management Roles in Cybersecurity.” It comes accompanied with a checklist to keep everyone on the right track.
Gary Pfitzer is a content manager at Learning@Cisco, focused on bringing various aspects of today's IT journey to light through business papers, blogging, customer success stories, and other writing.