Cisco has released their midyear cybersecurity report, and it’s chock–full of info on adversary tactics, vulnerabilities and how defenders can stay safe. Here’s some of the major findings:
- I have what connected to my network? IoT devices are presenting a major visibility challenge to cybersecurity teams. Legacy technology, the need for constant uptime and the interconnectedness with corporate networks are making IoT devices, including industrial control systems, an attractive target for threat actors. The report states cyberattackers are using the devices “as strongholds, allowing them to move laterally across networks quietly and with relative ease.”
- Spam rising: Spam emails using “macro–laden malicious documents” are becoming an infection mechanism of choice. By default, macros are disabled when opening Microsoft Office attachments; however, users can manually enable macros (or enable editing) to see the content. This human interaction makes it possible to evade sandboxing technologies.
- Hacking ECON101: “The dramatic increase in cyberattack frequency, complexity and size over the past year suggests that the economics of hacking have turned a corner,” according to Radware in the Cisco report. Due to the plethora of hacking tools available for purchase (or, more often, rent) in the dark web, advanced attacks capabilities have been put in the hands of the masses. Combined with the business model of distributed cybercrime, low–level hackers can pull off widespread, highly profitable attacks with little skill and minimal intervention.
- Exploit kits lying low: Exploit kit activity has been in a decline since mid–2016 and the former giants, such as Angler, have all but disappeared. That being said, exploit kit–enabled attacks are still observed on a near–daily basis (according to the Skybox Research Lab), and the lull in activity and innovation “is likely temporary, given previous patterns in the market.” Stay woke.
To access the full report, click here.
The Fragmented Security Toolbox
One of the recommendations the Cisco report makes is to “consolidate the number of vendors used and adopt an open, integrated and simplified approach to security.” A fine sentiment, but also seems to be a thinly veiled plug for making your organization an all–Cisco house, , which is simply unrealistic for many organizations.
But as any enterprise is aware, it takes a village to secure a network. That means different teams, process and, yes, vendor technologies at play in one sprawling, dynamic environment.
Our thinly veiled plug: make the most out of what you already have. Pull data out of its siloes, normalize it and analyze it together. With complete information of your network, its risks and what’s going on in the threat landscape, you have the context you need to make informed security decisions — including technology investments.