Classic attack vectors re-emerge; Cisco
On 10th anniversary Cisco's 2017 Annual Cybersecurity report, CSOs reveal true cost of breaches and the actions that organisations are taking
Research by Cisco has highlighted that organisations fail to advance their security posture due to budget constraints, poor compatibility of systems, and a lack of trained talent.
According to Cisco's 2017 Annual Cybersecurity report (2017 ACR), over one-third of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss.
Other findings from the 2017 ACR discovered that 22% of breached organisations lost customers, 29% lost revenue, and 23% lost business opportunities.
The report discovered that 90% of organisations are improving their threat defences, increasing security awareness training, and implementing risk mitigation techniques. However, leaders believe that security departments using from six to 50 security products are creating complex environments.
The report also showed that there is a resurgence of ‘classic' attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly 65% of email with eight to 10% cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Shukri Eid, managing director, East Region, Cisco Middle East, said: "In 2017, cyber is business, and business is cyber - that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture."
Scott Manson, cyber security leader for Middle East and Turkey, Cisco, added: "One of our key metrics highlighted in the 2017 Annual Cybersecurity Report is the ‘time to detection' - the time it takes to find and mitigate against malicious activity. We have brought that number down to as low as six hours. A new metric - the ‘time to evolve' - looked at how quickly threat actors changed their attacks to mask their identity. With these and other measures gleaned from report findings, and working with organisations to automate and integrate their threat defence, we can better help them minimise financial and operational risk and grow their business."