2018 Cisco Annual Cybersecurity Report

The evolution of malware:

A security guide

The evolution of malware

A security guide

Cyber attackers and your cloud:

a security guide

Malware. You may think you know the story, but the evolution of malware has been one of the most significant developments in the attack landscape. Facing everything from network-based ransomware worms to devastating supply-chain attacks, organizations need to adopt best practices and evaluate their AI in order to reduce exposure to these emerging threats.

What's changed?

What's changed?

Evading detection at every turn

Innovation comes from every angle. While encryption has long been used to enhance security, adversaries are increasingly using it to conceal command-and-control activities. This evasive measure is meant to expand the time each threat is left undetected, magnifying the impact to organizations everywhere.

One-third of malicious web traffic (30 percent) has used at least some encryption for command-and-control activity as of October 2017.*
One-third of malicious web traffic (30 percent) has used at least some encryption for command-and-control activity as of October 2017.*

Network-based attacks are on the rise.

WannaCry and Nyetya demonstrated that automated, network-based attacks could inflict widespread damage. These types of self-propagating malware have the potential to destroy the Internet, according to threat researchers.*

Nyetya was installed on more than 1 million computer in the Ukraine.*

Network-based attacks are on the rise.

WannaCry and Nyetya demonstrated that automated, network-based attacks could inflict widespread damage. These types of self-propagating malware have the potential to destroy the Internet, according to threat researchers.*

Nyetya was installed on more than 1 million computers in the Ukraine.*
27% of connected third-party cloud applications pose a high security risk²
Nyetya was installed on more than 1 million computer in the Ukraine.*

Network-based attacks
are on the rise.

WannaCry and Nyetya demonstrated that automated, network-based attacks could inflict widespread damage. These types of self-propagating malware have the potential to destroy the Internet, according to threat researchers.*

Blind spots

Nyetya was also a supply-chain attack, and one of the reasons it was so successful is because users didn’t think an automated software update was a security risk. Some users didn’t even know the updates were taking place. Supply-chain attacks appear to be increasing in velocity and complexity.

A lack of visibility can lead to
of network and endpoint infrastructure becoming unknown or unmanaged.*

Biggest obstacles to security

Budget

34 percent of security professionals say budget constraints are their biggest obstacle.*

Personnel

In 2017, the median number of security professionals at organizations was 40—a significant increase from the 2016 median number of 33; and yet, security professionals still report lack of talent as a key issue.*

Interoperability

25 percent of security professionals say they use products from 11 to 20 vendors.*

Recommendations

Recommendations

Defenders need to adapt new measures of protection for innovative malware and other advanced threats. Making security improvements and following best practices can reduce your organization’s exposure to emerging threats and provide greater visibility into the threat landscape.

Consider artificial intelligence.

Security professionals should consider adopting advanced technologies that include artificial intelligence (AI) and machine learning. Encrypted malware can be increasingly difficult to detect, and these technologies can give more visibility into encrypted web traffic and corporate cloud systems.

32%

percent of security professionals say they are highly reliant on AI.*

Think scalable.

When implementing first-line-of-defense tools, choose solutions that can easily scale, like cloud security platforms. In addition, make sure these new security measures adhere to corporate policies for application, system, and appliance patching.

Protect key data.

The rise of destructive, fast-spreading malware worms has made data backups more important than ever. Make sure that you have a policy in place for regular backups in order to minimize the impact of ransomware and other wiper-malware attacks.

Reduce complexity.

Security professionals cite an overwhelming number of alerts as a key obstacle.* Choose security technologies that work together and share threat intelligence and policies across technologies.

On average, what percentage of daily security alerts are never investigated?

44%

25%

50%

35%

ANSWER

44%

of alerts are not investigated.*

Discover more from the Cisco 2018 Annual Cybersecurity Report

Download Security Report

*Cisco 2018 Annual Cybersecurity Report, Cisco, 2018.

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, and Talos are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, see the Trademarks page on the Cisco website. Third-party trademarks mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. (1801R)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, and Talos are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, see the Trademarks page on the Cisco website. Third-party trademarks mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. (1801R)