Less than half (45%) of organisations globally are confident in their security posture against the range of modern threats.
According to the Cisco 2016 Annual Security Report, there is decreasing confidence in the ability to determine the scope of a network compromise and to remediate damage, as less than half of respondents expressed such. All of this is putting further pressure on organisations struggling with information security, as an overwhelming majority of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cybersecurity risk. This, says the survey report, points to security as a growing boardroom concern.
“Miscreants continue to operate unconstrained by regulatory barriers,” Cisco survey
The report found that while executives may be uncertain about their security strength, 92% of them agree that regulators and investors will expect companies to manage cybersecurity risk exposure. These leaders are increasing measures to secure their organisations’ future, particularly as they digitise their operations.
The report highlights the challenges businesses face due to the rapid advancements in the technology and techniques being used of attackers. The blackhats are increasingly tapping into legitimate resources to launch effective campaigns for profit-gain, the survey found. Additionally, direct attacks by cybercriminals, leveraging ransomware alone, put $34 million (€31 million) a year per campaign into their hands. These miscreants continue to operate unconstrained by regulatory barriers, says the report.
Businesses are up against security challenges that inhibit their ability to detect, mitigate and recover from common and professional cyberattacks, according to Cisco, with aging infrastructure and outdated organisational structure and practices are putting them at risk. Between 2014 and 2015, the number of organisations that said their security infrastructure was up-to-date dropped by 10%. The survey discovered that 92% of internet devices are running known vulnerabilities, with nearly a third (31%) of all devices analysed no longer supported or maintained by the vendor.
Smaller businesses are a particular weak link in the security chain, according to the survey. As more enterprises look closely at their supply chain and small business partnerships, they are finding that these organisations use fewer threat defence tools and processes. From 2014 to 2015 the number of SMBs that used web security dropped more than 10%. This indicates potential risk to enterprises due to structural weaknesses, says the report.
Attackers are increasingly targeting compromised servers, such as those for WordPress, to support their attacks, leveraging social media platforms for nefarious purposes. For example, the number of WordPress domains used by criminals grew 221% between February and October 2015.
Nearly 92% of “known bad” malware was found to use DNS as a key element. This is frequently a security “blind spot,” the report asserts, as security teams and DNS experts typically work in different IT groups within a company and don’t interact frequently.
Worringly, the survey found that the industry estimate for time to detection of a cybercrime is an unacceptable 100 to 200 days.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers