Cisco's Cybersecurity Report annually informs businesses and security teams of the current threats and vulnerabilities to cybersecurity, and the 2017 midyear edition gives experts more reason than ever to be concerned.

The pace and sophistication of changes in the cyber landscape has made it difficult for defenders to keep up with the global threat. The continual growth seen in impacts of security breaches as well as the increasing advancement and access to technology by malicious parties are continually undermining their successes. The report details other adversary tactics and vulnerabilities threatening organizations including new developments in malware, weak practices in security, risks of potential unwanted applications, and medical device compromise.

The biggest threat, according to the report, is the use of business email compromise (BEC) schemes. These schemes involve a simple email delivery to an employee with the access to wire funds and are typically aimed at big businesses, such as Facebook. The messages sent appear to be from the CEO or other top executives and ask for a transfer of funds from the company to the criminal's account. These emails do not contain any malware or suspicious links, enabling them to bypass most threat-defense tools.

The use of BEC is so expansive that the Internet Crime Complaint Center reports this method of fraud successfully stole $5.3 billion in a little over three years, with nearly 22,300 victims from the United States.

Not nearly as widespread as the exploits are the defenses; the report revealed that only 30 percent of public sector organizations surveyed use penetration testing and endpoint/network forensics tools. The small number of organizations using these tools is concerning since these tools are "key pillars of defense-in-depth security strategy," according to the report. Furthermore, nearly half of the improvements made to an organization's cybersecurity are reactive rather than risk-based, holistic approaches.

Recognizing the constant need for security improvements, the report details different recommendations gleaned by analyzing the key concerns of eight industries. Company size and the affect it has to security approaches is examined, as well as the affects posed by having a shortage of talented, knowledgeable personnel, the risks brought with the Internet of Things, and more.

For more information or to read the report, go here.

Aaron Boyd is an awarding-winning journalist currently serving as editor of Federal Times — a Washington, D.C. institution covering federal workforce and contracting for more than 50 years — and Fifth Domain — a news and information hub focused on cybersecurity and cyberwar from a civilian, military and international perspective.

Share:
In Other News
Load More