Key Takeaways from Cisco’s 2018 Cybersecurity Report
Cisco recently published its annual cybersecurity report, and it’s clear: cybersecurity threats aren’t going anywhere. In fact, although the stats are new, the bottom line remains similar to past analyses: as technology begins to evolve and companies continue to create more complex systems, hackers are developing increasingly sophisticated threats just as quickly. The following are a few of the main insights I took away from this year’s piece.
[As a side note: the report included insights from 3,000 Chief Security Officers (CSOs) and security operations around the world; this report assesses global risk beyond just U.S. companies.]
Malware is Evolving—Fast
Research shows malware is becoming more “vicious” than ever before, and the sophistication of today’s tech—and hackers—is making it more difficult to keep data safe. Indeed, the Cisco report showed about half of all global web was encrypted as of October 2017. That’s good, right? Eh, try again. Yes, encryption can enhance security, but it helps protect the hacker’s information as much as it protects your own. When hackers use encryption, it takes even more time to figure out their MO—and time can mean big losses in today’s economy. Another unfortunate trend: a growth in “burst attacks” that are becoming even more frequent, complex, and long-lasting. One study showed 42 percent of companies had one of these attacks (similar to the DDoS attack in 2017).
AI and Machine Learning Can Help(-ish)
As I shared a few months ago, AI and machine learning do offer a support tool for dealing with hacks—but I wouldn’t look at them as a magic bullet—especially since hackers are becoming more sophisticated as well. The main reason AI and machine learning are becoming necessary tools is because there are simply too many threats for the average cybersecurity professional to manage. Being able to automate functions, look for patterns, and create algorithms to proactively defeat malware technology is critical in today’s marketplace. In fact, Cisco’s report showed 34 percent of IT professionals are using some form of machine learning. Will it always catch every threat? Of course not. But it will provide better protection than humans can create alone.
Vendors are Risky Business
One of the main reasons hacking is becoming so much more difficult to combat is that companies are increasingly connected to outside forces—their vendors, business partners, and clients. After all, we’re only as safe as our least protected connection. And in today’s marketplace, those connections are many—and growing. And in today’s marketplace, which moves at the pace of 24/7 customer demand, those risks don’t stop coming. I’ve said it before, if you want to be protected create a third-party risk assessment to know where your biggest vulnerabilities lie.
Don’t Ignore the Threat Within
According to the report. Just 0.5 percent of employee users have been flagged for suspicious downloads. But on average, those users downloaded 5,200 documents—a huge risk to your entire network in today’s connected environment. More dangerous, in my opinion, is still the incessant threat of human error. Research shows employee human error accounts for nearly 90 percent of all cyberattacks. The lesson: train your employees on security early and often, and I don’t just mean encouraging them to change passwords. Explain to employees their role in security if you want to see results.
Operational Technology and the IoT
As if the threats weren’t already large enough, the growth of the Internet of Things (IoT) and the use of operational technology (OT) will only lead to increased threats. In fact, the Cisco report showed 31 percent of security professionals said their company had already had an OT attack. The IoT has been the source for several major hacks in the past few years too. Don’t let these technologies fall by the wayside in your cyber security plan. Developing a cyber security framework could ensure that you’re using the best security measures for all of your connected devices.
So—what do we take from all of this? Like I said, this report wasn’t shocking, but it wasn’t affirming, either. More and more companies are moving to the cloud for added security protection. At the same time, as they turn to an increased number of as-a-Service cloud and software providers, their systems are becoming increasingly difficult to protect. The long and short of it is: be smart. Simplify where you can. Screen your vendors. Understand your IoT connections. Use AI and machine learning to capture as much knowledge—and prevent as many threats—as you can. You can’t create a bulletproof security strategy—but you can definitely build a strong one if you keep these things in mind.