2015 represents another round of staggering headline figures, but what does this mean on the ground, for organisations across the globe?
A summary of the key salient points from the report, some of which are rather interesting and worthy of note, have been documented within this blog.
Take for example the trend in the types of organisations that have been targeted. Government, Military and the gas/oil sector would all be expected to be within the top three however what is startling is none of these made a presence here.
Instead Electronics, Professional Services and Industrial verticals have been noted as the top three verticals for Malware encounters. What's interesting is the continued echo that the rise for data, information and intellectual property (or what I like to call the "secret sauce") continues to remain at the top of the hacking market demands.
EBAY, SONY, STAPLES, HOME DEPOT, JP MORGAN ETC. ALL BECAME INFAMOUS IN 2015 FOR SUFFERING MAJOR DATA BREACHES.
eBay, Sony, Staples, Home Depot, JP Morgan etc. all became infamous in 2015 for suffering major data breaches. So how does this continue to happen? A dodgy email with a suspect .exe attached? Certainly 10 or so years ago. Today this includes Facebook Scams, Fake Invoices, Embedded code in GIFs all now sitting within the most commonly observed method of unauthorised access.
What's clearer is how vendors approach this. The attack continuum, visibility of the Before, During, and After phases has seen Cisco reduce the TTD (Time to Detection) from 50 to 41 hours in the last year alone. The current industry standard for TTD is 100-200 days, an unacceptable level given how rapidly today's malware authors are able to innovate.
The report also notes Security vendors are innovating faster than ever, with niche vendors meanwhile developing products to help fill specific security gaps. While great for organisations, the challenge for a holistic driven approach often results in a "patchwork quilt" of products. Thereby resulting in increased challenges for security teams and OPEX for businesses.
Security vendors are responding. The race between vendors continues and organisation that sit back and watch (or ignore the threat) are at risk of becoming more vulnerable to an attack. People, processes, culture shift and technology all play a part in being proactive.
As summarised by David Goeckeler, VP Security Cisco: "Security needs to be part of the way organisations think-holistically- about their business".
SECURITY NEEDS TO BE PART OF THE WAY ORGANISATIONS THINK-HOLISTICALLY- ABOUT THEIR BUSINESS
Natilik continues to drive this innovation - Accolades including the first deployment of Cisco SourceFIRE in the UK (out of 1,000+ partners), Leading Cisco ISE and TrustSec specialists and one of the fastest growing Cisco security partners in the UK.
The Cisco 2015 Midyear Security Report can be viewed here:
ABOUT THE AUTHOR
Afsar Chaudhury is a Solution Architect at Natilik. In his current role, he specialises in engaging with organisations with focus on Cisco Security, Datacenter and Enterprise Networks infrastructure.