March 19, 2018 By Douglas Bonderud 2 min read

Cybersecurity always moves at breakneck speed. A new report recently examined the pain points of 3,600 security experts worldwide and revealed some good news and some bad news about how companies are managing risks and responding to threats as the cybercrime landscape shifts.

Among the positive findings of Cisco’s “2018 Annual Cybersecurity Report” is that 53 percent of security professionals now use the cloud for improved protection, and 34 percent rely on machine learning to both simplify and speed security response. But there’s another side to the story: Burst attacks and malware cryptoworms are on the rise, while mobile owns the top spot as the most difficult area to defend.

What Are the Top Security Concerns?

The report revealed that 42 percent of organizations experienced short-burst distributed denial-of-service (DDoS) attacks in 2017. In addition, malicious actors are finding new ways to spread malware by developing cryptoworms capable of self-propagating across networks. Unlike traditional attacks, which require human actors to click on links or download malicious attachments, cryptoworms can infect networks via any active, unpatched workstation.

Another issue is encryption. The first line of defense in securing data in transit and at rest, encryption also provides the framework necessary for cybercriminals to hide malicious code. The study noted a threefold increase in encrypted network communication used by malware.

The report also addressed familiar attack vectors such as insider threats. Despite the fact that less than 1 percent of insiders were flagged for suspicious downloads, these actors each accounted for an average of 5,200 document downloads.

Insecure mobile devices, meanwhile, are increasingly difficult for security professionals to defend. That’s because they’re typically owned by users, leverage a wide variety of operating systems and lack the systematic regulation characteristic of traditional workstations.

The result is a cybersecurity landscape in which 53 percent of attacks result in damages over $500,000, to say nothing of the time needed for remediation, potential impact to brand reputation and downstream consequences if cybercriminals leave behind persistent infections.

Addressing Emerging Cybersecurity Risks

With the complexity of cloud deployments making it easier for attackers to breach network defenses and new Internet of Things (IoT) threats on the horizon — in addition to bursts, worms and evolving mobile threats — how can companies push back and reduce the chance of compromise?

The report noted that organizations must address the cybersecurity skills gap by promoting better collaboration between security and network teams. Advancements in security technology can also provide some relief. These include:

  • Automation. IT security perimeters are complex, variable and continuously expanding. As a result, security professionals can’t do all the heavy lifting. CSO Online pointed out that routine tasks such as traffic scanning and threat reporting are best handled by automated solutions with throughput to prioritize critical security alerts and only notify IT teams when necessary.
  • Machine learning. As noted by Business Review, machine learning offers the potential to improve security system functionality over time by giving network defenses the ability to both recognize common attack vectors and discover new threats as they emerge.
  • Artificial intelligence (AI). More encryption means less visibility. According to the Cisco report, enterprises are now leveraging artificial intelligence to detect anomalous patterns in large volumes of encrypted traffic. AI tools can also help organizations automate patch management.

While some of Cisco’s findings are encouraging, the report emphasized that attackers aren’t resting on their laurels. Instead, they’re designing better burst attacks, evolving malware worms and leveraging malicious code to infect mobile devices. Organizations must continue to push the envelope and invest in modern security technologies if they expect to keep pace.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today