Cyberattacks are rising in volume and complexity
While the duel between adversaries and defenders in the cyber environment has intensified, there is no doubt that the possible magnitude of a successful cyberattack has increased.
Cybersecurity is a hot topic across the globe as both private and public sector organizations try to protect themselves from the rapidly evolving methods and increased complexity of cyberattacks . Alarmingly, more attackers have shifted their objective towards system and data destruction, which in some cases limits or totally prevents recovery efforts.
An increase in incidents suggests that penetrating cloud security is becoming a lucrative approach/strategy for attackers. In order to withstand this developing challenge, organizations need to understand the full extent of their cloud usage and the unique security challenges that cloud applications introduce.
The comprehensive Cisco Midyear Cybersecurity Report (MCR) provides crucial insights to help security, IT, and business leaders protect their environment and data. This is especially important given the potential financial impact an organization will incur if it cybersecurity efforts fall short. The stakes are even higher in a competitive market. Last year, 34% of service providers reported revenue losses and about 30% said they lost customers or business opportunities due to an attack (figure 1).
Technology disruption makes the situation more complex and challenging, but current data suggests the following:
The Good. Cisco’s research shows tremendous improvement in the median Time To Detect (TTD) malware. As figure 2 shows, TTD has decreased since November 2016 from 39 hours in 2015 to 3.5 hours in 2017, as the defenders gain valuable ground in the area.
The Bad. Attackers seem to be aggressively exploring new attack techniques, introducing a new era of cyberattack dynamics. There has been a dramatic increase in the number, complexity and size of cyberattacks over the past year.
The Cloudy Reality. Cloud security is still the relatively ignored dimension in enterprise security. Unless businesses improve their visibility and are diligent about their cyber defense techniques, especially in the cloud, hackers will continue compromising corporate cloud environments.
In the modern cybersecurity landscape, there is a select set of cyberattack practices that causes a significant portion of the disruption.
Destruction of Services (DeoS). Attackers seek out for total destruction. The emerging IoT combined with its security weaknesses enable this trend to become more tangible than ever. Gone is the “safety net” in which organizations can restore their systems and data following any kind of cyber disruption.
OAuth. “Open Authorization”, or OAuth, is the golden key to the metadata laying in the cloud, as attackers can easily compromise accounts through risky OAuth connections. As organizations use on average more than 1,000 OAuth connected apps in 2017 (4 times more than in 2014, see figure 3 below), it is obvious that attackers have found a new playground. From spear-phishing attacks to data exfiltration, organizations should be ready for the next incident, as OAuth attacks go mainstream.
Malware. Many of the new ransomware are based on open source code. A new category of Ransomware-as-a-Service (RaaS) platforms is growing fast, making these sinister tools accessible to everybody who want to quickly and inexpensively fulfill their malicious desires.
Web attack methods. From Trojans through spam to malware. The repetitive statistics implies that the web attack vector is mature – the attackers know exactly what approach would serve their goal.
Spam. During the past year there is a clear trend of attackers shifting from using exploit kits to reinvigorate the spam practice.
Potentially Unwanted Application (PUA). Organizations usually underestimate or dismiss this dimension completely. In the case of unwanted spyware apps, they steal sensitive information, damage security performance and infiltrate malware into the system.
Business Email Compromised (BEC). According to the Internet Crime Complaint Center (IC3), this method bankrolls the attackers as it generated $5.3 billion due to BEC fraud between October 2013 and December 2016, an average of $1.7 billion per year (see figure 4).
The new cybersecurity era brings new opportunities for adversaries as well as defenders, especially when it comes to cloud security. Knowing the current ecosystem and its new ‘rules’ will facilitate the competence to endure the endless IT tug-of-war.
According to the Cisco 2017 MCR, Small and Medium Enterprises (SMEs) are more vulnerable to cyberattacks. The research shows correlation between the business size and its attitude towards security.
In addition, as cloud adoption grows, corresponding attacks targeting SaaS, PaaS and IaaS instances are looming signs of new risks to come. For example, this past May saw a famous Google OAuth phishing attack affect more than one million users, from approximately 300,000 organizations.
Many organizations are starting to aggressively migrate critical data and services (such as Marketing, Sales and HR) to the cloud. However, their security teams have not kept pace, as they are still more focused on network and endpoint security solutions. Therefore, companies must accelerate their adoption of cloud security solutions to better manage and control this growing segment of their businesses and ward-off new attacks. The logical first step in this journey to better cloud security is to establish full visibility into cloud activity, as you can’t manage what you can’t see.
Cisco 2017 MCR shares key findings and ideas across the industry including threats description in-depth and special section dedicated to Security Capabilities Benchmark Study. Learn more by downloading and reading the Cisco 2017 Midyear Cybersecurity Report.
Interested in learning more about OAuth risk? Try our new OAuth Risk Assessment tool and in less than 60 seconds, uncover potential exposure from your connected 3rd party apps.