Light Dark
March 19, 2018 By Douglas Bonderud 2 min read

Cybersecurity always moves at breakneck speed. A new report recently examined the pain points of 3,600 security experts worldwide and revealed some good news and some bad news about how companies are managing risks and responding to threats as the cybercrime landscape shifts.

Among the positive findings of Cisco’s “2018 Annual Cybersecurity Report” is that 53 percent of security professionals now use the cloud for improved protection, and 34 percent rely on machine learning to both simplify and speed security response. But there’s another side to the story: Burst attacks and malware cryptoworms are on the rise, while mobile owns the top spot as the most difficult area to defend.

What Are the Top Security Concerns?

The report revealed that 42 percent of organizations experienced short-burst distributed denial-of-service (DDoS) attacks in 2017. In addition, malicious actors are finding new ways to spread malware by developing cryptoworms capable of self-propagating across networks. Unlike traditional attacks, which require human actors to click on links or download malicious attachments, cryptoworms can infect networks via any active, unpatched workstation.

Another issue is encryption. The first line of defense in securing data in transit and at rest, encryption also provides the framework necessary for cybercriminals to hide malicious code. The study noted a threefold increase in encrypted network communication used by malware.

The report also addressed familiar attack vectors such as insider threats. Despite the fact that less than 1 percent of insiders were flagged for suspicious downloads, these actors each accounted for an average of 5,200 document downloads.

Insecure mobile devices, meanwhile, are increasingly difficult for security professionals to defend. That’s because they’re typically owned by users, leverage a wide variety of operating systems and lack the systematic regulation characteristic of traditional workstations.

The result is a cybersecurity landscape in which 53 percent of attacks result in damages over $500,000, to say nothing of the time needed for remediation, potential impact to brand reputation and downstream consequences if cybercriminals leave behind persistent infections.

Addressing Emerging Cybersecurity Risks

With the complexity of cloud deployments making it easier for attackers to breach network defenses and new Internet of Things (IoT) threats on the horizon — in addition to bursts, worms and evolving mobile threats — how can companies push back and reduce the chance of compromise?

The report noted that organizations must address the cybersecurity skills gap by promoting better collaboration between security and network teams. Advancements in security technology can also provide some relief. These include:

  • Automation. IT security perimeters are complex, variable and continuously expanding. As a result, security professionals can’t do all the heavy lifting. CSO Online pointed out that routine tasks such as traffic scanning and threat reporting are best handled by automated solutions with throughput to prioritize critical security alerts and only notify IT teams when necessary.
  • Machine learning. As noted by Business Review, machine learning offers the potential to improve security system functionality over time by giving network defenses the ability to both recognize common attack vectors and discover new threats as they emerge.
  • Artificial intelligence (AI). More encryption means less visibility. According to the Cisco report, enterprises are now leveraging artificial intelligence to detect anomalous patterns in large volumes of encrypted traffic. AI tools can also help organizations automate patch management.

While some of Cisco’s findings are encouraging, the report emphasized that attackers aren’t resting on their laurels. Instead, they’re designing better burst attacks, evolving malware worms and leveraging malicious code to infect mobile devices. Organizations must continue to push the envelope and invest in modern security technologies if they expect to keep pace.

 |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature