Cisco Switzerland Technology Blog

Three key findings from the 2018 Annual Cybersecurity Report

Friday, 23 February 2018

This week Cisco released the 2018 Annual Cybersecurity Report, which analyses the latest threat trends and shares some insight into how companies across 26 countries are investing in cybersecurity.

We hope you will enjoy reading the full report soon (along with a glass of your favourite beverage) but if you want a quick glance before you dive into it, here are 3 key findings from this year’s edition:

#1 Hackers launched even more powerful and sophisticated attacks in 2017

The first trend is not a surprise. In 2017, we witnessed the birth of the evil child of ransomware and worm. Network-based ransomware worms such as WannaCry and Nyetya are able to self-propagate without human intervention and reach new scales of destruction. In fact, we have seen that in some cases destruction of service, and not profit, was the end goal. The Annual Cybersecurity report digs deeper into how this type of attack works and how companies can minimize the damage by taking simple measures such as patching.

#2 Hackers are getting even better at hiding their command and control activities and evading defenses

Adversaries are taking advantage of encryption to conceal malicious traffic. In 2017, we observed a 12-point increase in the volume of malicious encrypted traffic. Hackers are also using legitimate resources for malicious purposes, which makes it more difficult for companies to tell genuine traffic apart from malware traffic.

This is where Cisco solutions such as Encrypted Traffic Analytics and Stealthwatch can come into play to help companies gain visibility into the traffic and be able to detect and respond faster to threats.

#3 Hackers are exploiting security gaps in upcoming technology, such as Cloud and IoT

Cloud hosting continues to grow, with 53% of companies already managing most of their infrastructure in the cloud. One of the main reasons why companies are migrating to the cloud is because they believe they will have better security, but that doesn’t always come as a default. Hackers are taking advantage of security gaps in cloud-based infrastructures and applications. To counter these risks, we see more companies are looking to invest in cloud access security brokers (CASBs) to add extra security to cloud environments.

Another technology that is becoming more prevalent is the Internet of Things, with billions of connected devices added every year. However, in many cases these devices are not secure. Hackers can use IoT devices to infiltrate the network, but they can also take control of them to amplify their distributed denial-of-service (DDoS) attacks. We noticed that in 2017 attackers used IoT devices to create bigger and more powerful botnets than ever before.

How companies are investing in cybersecurity

The 2018 Annual Cybersecurity Report includes the 4th edition of the Security Capabilities Benchmark study, This time researchers interviewed over 3,600 security professionals in 26 countries (including Switzerland) about their security practices.

We’ve seen a clear correlation in between the number of security vendors a company has and how challenging they find it to manage their security. The more vendors, the more complex.

Companies still favour best of breed, which leads them to purchase solutions from multiple vendors and makes it more difficult to manage. Only 28% use single vendor solutions.

AI, ML and automation increases

On the plus side, we observed that companies are investing more money on artificial intelligence, machine learning and automation to help with their security. In 2017, 83% of the organisations we interviewed already relied on automation and 74% relied on AI to reduce their efforts in managing security. CISOs expect to continue to invest in these trends in 2018 and beyond.

The technologies can free up IT and security staff; it can also make companies more agile in detecting and responding to threats.

At Cisco we are also doing our part to help make companies more effective in detecting and responding to threats. We reduced our annual median time to detection, which dropped from 14 hours in 2016 (as announced in the 2017 ACR) to 4.6 hours in 2017. Cloud-based security is helping us get faster despite a ten-fold increase in the number of malware samples we have seen since 2016.


Get the full report

Read the full 2018 Annual Cybersecurity Report for all the technical details of how we got to these findings and much more.

Leave a comment