Spotlight on the UK: 5 Takeaways from Cisco’s 2017 Annual Cybersecurity Report
If you haven’t had a chance to read Cisco’s 2017 Annual Cybersecurity Report yet, I’d highly recommend you to. It’s a fascinating read; created with two main ingredients: the findings and insights of our superb threat researchers, and a survey with almost 3000 security professionals across the globe.
Each survey participant is the primary person responsible for protecting their businesses from cyber crime. They talked to us about the challenges they’re facing to safeguard their assets and employees, and their perceptions of the state of security in their organisations.
Here’s a couple of top picks from the report:
- Increasingly, the hackers behind malvertising campaigns are using ‘brokers’. Brokers enable the bad guys to infect more companies at scale, and they can run campaigns for longer – because using a broker helps them to evade detection.
- 27% of connected third-party cloud applications, introduced by employees in enterprises in 2016, posed a high security risk. This is undoubtedly a result of workers wanting to improve their own levels of productivity and stay connected while on the job…but they’re not necessarily thinking about the security implications on their data when accessing these applications.
So, what about here in the UK? How are we, as defenders, coping against this increasing sophistication in cyber crime? Here are 5 key stats from Cisco’s 2017 Annual Cybersecurity Report from the UK survey respondents:
1) Time means money
45% of UK organisations reported that a severe breach caused systems to be down for more than 8 hours (i.e more than a day’s work completely lost). That is a significantly higher percentage than other countries (34%) who reported similar downtime.
Thinking about why that might be, there’s a couple of potential reasons. The UK was an early adopter of IT, and that’s a double edged sword.
Our systems and equipment are naturally older, and in greater need of patching and updating. That can add a big manual strain on IT teams, who would much prefer to spend their time on innovating their systems rather than patching them up. Aging systems are also more vulnerable to cyber attacks.
Another reason could be that we are underprepared for what is likely to take our systems down. See stat no.2:
2) So many alerts!
Nearly 1 in 3 UK organisations reported they see more than 50,000 security alerts on a daily basis. Again this is much higher than other countries – only 17% of companies in other countries reported the same.
Unfortunately, we are only able to investigate just over half of these alerts on average. Which means that thousands of alerts, from the important to the extremely important, are never addressed.
In the UK we are seemingly overwhelmed by the amount of security alerts our systems ask us to look at. Most alerts will turn out to be non harmful, but how can we prioritise them?
This is a problem that can be addressed through automated Security – an area we’re really focusing on at Cisco. For example – a network security device that can spot an infected computer, and has the network automatically quarantine it so it can’t do any further harm. Automation allows you to see more, and respond faster.
3) Security is still ‘IT’
UK organisations still don’t strongly agree (as much as other countries) that line of business managers are engaged with security. This is a real issue, because it often means that security often gets “bolted on” rather than embedded in a company’s ecosystem.
In fact, if you ask most business owners in the UK, they’ll tell you that they see IT Security in a similar way to paying a visit to the dentist – potentially painful, highly intrusive, but you’ll regret avoiding it in the long term. Because what happens is that those small holes in your infrastructure can become giant cavities for hackers. Frankly, it’s quite worrying that the attitude in the UK is, overwhelmingly, “Security is IT’s problem.”
IT Security can and should be a business enabler. Take for example the bullet train in Japan. An amazing feat of engineering, with awe inspiring speed. However, it didn’t get to be the fastest train in the world because of aerodynamic seating or go faster racing stripes. It got to be the fastest because it has a superb braking strategy which doesn’t drag on the train’s performance.
We’ve taken a similar approach to the way we help our customers look at their IT Security strategies, and the way we’ve built our extremely comprehensive Security portfolio. It’s about making your users’ lives better; not hindered by Security road blocks.
4) Advanced threats? What advanced threats?
If our UK companies have developed plans and processes for dealing with these two areas of high growth (enough to have significantly reduced the risk compared to other countries), then that’s fantastic.
Additionally, the majority of our survey respondents ‘strongly agreed’ that it was easy to determine the scope of a compromise, contain it, and remediate it from exploits. This is how an effective and threat-centric security system should work, so that is music to our ears.
However, and I really don’t want to sound cynical, but my only concern with this answer is that simple attacks that caused containable damage have given way to modern, sophisticated, and well-funded cybercrime operations; capable of disrupting and causing major loss to organisations (our report will give more details about what those losses are.)
Modern attacks are difficult to detect, can remain in networks for long periods of time, and amass resources to launch attacks elsewhere.
If it is easy, then why are UK company breaches so severe – and leading to significant downtime? The contradiction between the rate and severity of breaches, and the UK confidence in security posture, suggests that our confidence is very much misplaced. And of course denial itself is an inhibitor to increased security effectiveness.
5) And I would have gotten away with it too…
UK organisations have not had to face as much public scrutiny due to cybersecurity breaches (39% compared to 50% in other countries). Either our media are of a kinder nature, or we have crisis processes in place to deal with such scrutiny.
What is true however is that this percentage is likely to rise with the introduction of the General Data Protection Regulation act (GDPR) in May 2018. This EU law will force organisations to reveal when they’ve suffered a data breach, and they must do so in 72 hours. See my recent post on GDPR for more details on this.
For more insights into the current business cyber threats, and how effective they are, you can download our 2017 Annual Cybersecurity Report for free today.Tags: