In 2016, ransomware has become the most profitable malware type in history and this trend will continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage, as per Cisco 2016 Midyear Cybersecurity Report (MCR).
The report further finds that organizations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.
Attackers Operating Unconstrained
For attackers, more time to operate undetected results in more profits. In the first half of 2016, Cisco reports, attacker profits have skyrocketed due to the following:
Expanding Focus: Attackers are broadening their focus from client-side to server-side exploits, avoiding detection and maximizing potential damage and profits.
Evolving Attack Methods: During the first half of 2016, adversaries continued to evolve their attack methods to capitalize on defenders’ lack of visibility.
Covering Tracks: Contributing to defenders’ visibility challenges, adversaries are increasing their use of encryption as a method of masking various components of their operations.
Defenders Struggle to Reduce Vulnerabilities, Close Gaps
In the face of sophisticated attacks, limited resources and aging infrastructure, defenders are struggling to keep pace with their adversaries. Data suggests defenders are less likely to address adequate network hygiene, such as patching, the more critical the technology is to business operations.
Cisco Advises Simple Steps to Protect Business Environments
Cisco’s Talos researchers have observed that organizations that take just a few simple yet significant steps can greatly enhance the security of their operations, including:
- Improve network hygiene, by monitoring the network; deploying patches and upgrades on time; segmenting the network; implementing defenses at the edge, including email and web security, Next-Generation Firewalls and Next-Generation IPS.
- Integrate defenses, by leveraging an architectural approach to security versus deploying niche products.
- Measure time to detection,insist on fastest time available to uncover threats then mitigate against them immediately. Make metrics part of organizational security policy going forward.
- Protect your users everywhere they areand wherever they work, not just the systems they interact with and when they are on the corporate network.
- Back up critical data,and routinely test their effectiveness while confirming that back-ups are not susceptible to compromise.