Networking giant, Cisco, has advised governments and organisations on the need to demonstrate huge security capabilities, having discovered dramatic increase in spam volume as well as huge server vulnerabilities.
In its 2017 Annual Cybersecurity Report (ACR), which also showed the true cost of cybercrime, Cisco informed that attackers now launch more attacks against servers.
Attacks on server can run the company or organisation down by making hitherto closed information available to attackers; this is even as the breaches impact the firm financially.
The Cisco report showed servers became 34 per cent more vulnerable to attacks, compared to client (eight per cent) and networks (20 per cent) in 2016.
According to the report, over one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 per cent.
Cisco noted that 90 per cent of these organisations are improving threat defence technologies and processes after attacks by separating IT and security functions (38 per cent), increasing security awareness training for employees (38 per cent), and implementing risk mitigation techniques (37 per cent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
The global report highlighted challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes.
According to the networking company, CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also revealed that their security departments are increasingly complex environments with 65 per cent of organisations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
To exploit these gaps, ACR data showed criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 per cent) of emails with eight to 10 per cent cited as malicious.
Global spam volume is rising, often spread by large and thriving botnets.
Cybersecurity has changed drastically since the inaugural Cisco ACR in 2007. While technology has helped attacks become more damaging and defences become more sophisticated, the foundation of security remains as important as ever. In 2007, the ACR reported web and business applications were targets, often via social engineering, or user-introduced infractions. In 2017, hackers attack cloud-based applications, and spam has escalated.
The 2017 ACR reports that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilise to their advantage.
Cisco advises organisations to take steps to prevent, detect, and mitigate threats and minimise risk.
These steps include; making security a business priority: Executive leadership must own and evangelize security and fund it as a priority. Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data. Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices. Adopt an integrated defence approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.
General Manager, Cisco Nigeria, Olakunle Oluruntimehin, noted that the penetration of mobile and growth in Internet usage also means that “we are more vulnerable to cybercrimes. That is why we leverage our partners, the Cisco Networking Academy programme and certifications in addition to typical customer enablement activities to grow our Security market share.
“We have a growing list of over 300 partners in Nigeria, covering Security in Verticals like Retail, Financial Services, Oil, Healthcare, Hospitality and Public Sector. The Cisco Networking Academy is expanding its causes to include Security Everywhere by providing knowledge and capacity building partnering with government and private educational institutions; this actually aligns with the skills development and jobs creation goal of the Government ensuring that we are also increasing skills in Security IT. We currently have over 130 academies in Nigeria and have more Academies joining this number on a quarterly basis.”