photobank.kiev.ua - Fotolia
Such is the rapid evolution of security threats and the growing magnitude of attacks that we will soon see the emergence of extremely destructive attacks that have the potential to eliminate backups and safety nets needed to restore systems and data, according to networking kingpin Cisco.
In its 2017 Midyear Cybersecurity Report, Cisco said the rapid spread of WannaCry, for example, foreshadowed the emergence of what it is terming “destruction of service” (DeOS) attacks, which could present an existential threat and leave businesses completely unable to recover.
“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” said Cisco vice-president and CISO Steve Martino.
“While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
Rob Norris, vice-president head of enterprise and cyber security, Europe, the Middle East, India and Africa, at Fujitsu, said: “Cyber criminals are relentless and the potential of DeOS attacks poses an irrecoverable threat to businesses.
“It’s evident from previous attacks that breaches can have a serious and long-term impact on companies’ value, while the introduction of GDPR will add potentially crippling financial penalties into the mix.
“The elimination of a business’s entire system takes cyber threats one step further. Organisations won’t just be damaged financially and reputationally but could have absolutely no route to recovery,” he added.
Cisco said the ongoing growth of internet of things (IoT) projects was a particular source of concern due to gaping holes in many services being ripe for exploitation, and forecast that the IoT would play a central role in enabling high-impact DeOS events.
The supplier’s security watchdogs claimed that, right now, IoT botnet activity suggested that some criminal elements may be laying the foundations for a “wide-reaching, high-impact cyber threat event that could potentially disrupt the internet itself”.
In light of this, Cisco has been working hard to reduce its time-to-detection (TTD) window and, since November 2015, has brought this down from 35 hours to around 3.5 hours as of May 2017.
Read more about security best practice
- Information security assessments can be effective for identifying and fixing issues in your enterprise's policies. Expert Kevin Beaver explains the key components of the process.
- Our enterprise manages staff access through AWS Identity and Access Management. How can we fine-tune the service to make our public cloud less vulnerable?
- VMware introduced a lot of new features that focused on security in vSphere 6.5. But, beyond those features, you can follow these practices to improve security.
However, said David Ulevitch, senior vice-president and general manager of Cisco’s Security Business Group, enterprise IT organisations could also do more to help.
“It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts,” he said.
“To effectively reduce TTD and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”
Cisco studied 3,000 security leaders in 13 countries and found that, regardless of vertical, security teams were becoming increasingly overwhelmed and were adopting a more reactive stance.
Its results suggested that no more than two-thirds of businesses were even investigating security alerts, and in some sectors – notably healthcare and transport – this was closer to half.
In the manufacturing industry, it found that 40% did not have a formal security strategy, nor did that follow standardised security policy practices such as ISO 27001 or NIST 800-53.
Cisco urged security professionals not to lose focus on maintaining a proactive stance by keeping infrastructure and applications up to date, introducing integrated defences, engaging executive leadership, and revitalising employee training, among other examples of best practice.