Cisco, a global leader in IT and networking, has revealed that over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
In the tenth edition of its Annual Cybersecurity Report (ACR), Cisco examined the latest threat intelligence gathered by Cisco security experts, providing industry insights that reveal customer security trends. The 2017 report also highlights key findings from the third annual Cisco Security Capabilities Benchmark Study (SCBS), which examines security professionals’ perceptions of the state of security in their organizations. It shares geopolitical trends, global developments around data localization, and the importance of cybersecurity as a boardroom topic
The report revealed that ninety percent of targeted organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
Cisco in a statement made available to TechCity revealed that the report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
The global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. Chief security Officers (CSOs) cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65 percent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 percent) of email with eight to 10 percent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Cybersecurity has changed drastically since the inaugural Cisco Annual Security Report in 2007. While technology has helped attacks become more damaging and defenses become more sophisticated, the foundation of security remains as important as ever. In 2007, the ACR reported web and business applications were targets, often via social engineering, or user-introduced infractions. In 2017, hackers attack cloud-based applications, and spam has escalated.
The 2017 ACR reports that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage.
Cisco advises organizations to take steps to prevent, detect, and mitigate threats and minimize risk. These steps include; making security a business priority: Executive leadership must own and evangelize security and fund it as a priority. Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data. Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices. Adopt an integrated defense approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.
Olakunle Oluruntimehin, General Manager, Cisco Nigeria said: “In Nigeria, we recognize that the penetration of mobile and growth in internet usage also means that we are more vulnerable to cybercrimes. That is why we leverage our partners, the Cisco Networking Academy program and certifications in addition to typical customer enablement activities to grow our Security market share. We have a growing list of over 300 partners in Nigeria covering Security in Verticals like Retail, Financial Services, Oil, Healthcare, Hospitality and Public Sector. The Cisco Networking Academy is expanding its causes to include Security Everywhere by providing knowledge and capacity building partnering with government and private educational institutions, this actually aligns with the skills development and jobs creation goal of the Government ensuring that we are also increasing skills in Security IT. We currently have over 130 academies in Nigeria and have more Academies joining this number on a quarterly basis.
“In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture.”