Cisco 2016 Midyear Cybersecurity Report highlights the increasing threat of ransomware as sophistication grows
- Published: Wednesday, 27 July 2016 08:48
Cisco has published its 2016 Midyear Cybersecurity Report (MCR), which finds that organizations are unprepared for future strains of more sophisticated ransomware.
So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.
Visibility across the network and endpoints remains a primary challenge. On average, organizations take up to 200 days to identify new threats. Cisco's median time to detection (TTD) continues to outpace the industry, hitting a new low of approximately 13 hours to detect previously unknown compromises for the six months ending in April 2016. This result is down from 17.5 hours for the period ending in October 2015. Faster time to detection of threats is critical to constrain attackers' operational space and minimize damage from intrusions. This figure is based on opt-in security telemetry gathered from Cisco security products deployed worldwide.
As attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximize damage and profits. The Cisco 2016 Midyear Cybersecurity Report shows that this challenge persists on a global scale. While organizations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report's findings indicate that all vertical markets and global regions are being targeted. Clubs and organizations, charities and non-governmental organization (NGOs), and electronics businesses have all experienced an increase in attacks in the first half of 2016. On the world stage, geopolitical concerns include regulatory complexity and contradictory cybersecurity policies by country. The need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.
Simple steps to protect business environments
Cisco's Talos researchers have observed that organizations that take just a few simple yet significant steps can greatly enhance the security of their operations. These include:
- Improve network hygiene, by monitoring the network; deploying patches and upgrades on time; segmenting the network; implementing defenses / defences at the edge, including email and web security, Next-Generation Firewalls and Next-Generation IPS.
- Integrate defenses, by leveraging an architectural approach to security versus deploying niche products.
- Measure time to detection, insist on fastest time available to uncover threats then mitigate against them immediately. Make metrics part of organizational security policy going forward.
- Protect your users everywhere they are and wherever they work, not just the systems they interact with and when they are on the corporate network.
- Back up critical data, and routinely test backup effectiveness while confirming that backups are not susceptible to compromise.