A new report shows business and organization leaders are less confident about protecting vital information from cyber criminals but they are more committed than ever to making life difficult for hackers.
Cisco’s 2016 Annual Security Report offers some troubling and statistics. It shows only 46 percent of leaders are confident in their security posture, up-to-date infrastructure dropped 10 percent compared to the 2015 report. In addition, 92 percent of internet devices were running known vulnerabilities.
Cisco Principal Engineer Jason Brvenik says confidence is a key issue.
“We see about a 50-50 split in leader confidence in their overall cyber security. Trending-wise, it’s dipped a little bit, five percent down in confidence in having the latest technology, for example, since last year’s report,” said Brvenik.
That lack of confidence is troubling but Brvenik says it does come with a silver lining.
“The good is while folks have reduced confidence, they seem to be increasing their action. We’re seeing increased investment in technologies and processes. We saw that 90 percent of organizations now have security awareness and training programs, which is a great number to see,” said Brvenik, who says business and organization leaders are also actively testing their security for potential weak spots.
But if you haven’t been breached, how do you gauge your vulnerability?
“The best way to take inventory is to go and actively search out compromise within an organization. Many have technologies that monitor,” said Brvenik. “What we find in every one of these cases is that the indication that they’d been hacked was already there. They had to go look for it. Start reviewing your logs. Start looking at your security technologies. Start investigating what they show you.”
Brvenik says the public sector is also taking the issue more seriously following several high-profile breaches in recent years, most notably the 2015 hack of millions of records at the federal Office of Personnel Management, or OPM. Brvenik says the federal government appears to be making more strides than state and local efforts.
He also says greater vigilance is making life harder for the hackers, but that’s not entirely good news.
“It’s kind of a double-edged sword. In some respects, defenders are having great success, which is forcing the attackers to innovate and change the way they do their business. The bad is news is the attackers are happy to do so,” said Brvenik.
“They’re being pretty innovative, not being constrained by some of the challenges that we have in organizations. They don’t have regulatory barriers. They don’t have any of the compliance or change control issues we do, so they can move pretty quickly,” said Brvenik.
The biggest advantage for the hackers, says Brvenik, is that they can focus on one job while the good guys have to wear many hats.
“Your core competency is running a business, so you have to keep running your business and you need to shore up things along the way. You can’t just shut everything down and replace it with magically secure stuff,” he said.
So what are the greatest takeaways from this report? Brvenik says there are two major areas, improving the speed at which you learn of a breach and updating infrastructure to help accomplish that.
“Everybody patches servers. Everybody patches desktops. That’s certainly very important. We need to put more focus there, but don’t forget about infrastructure,” said Brvenik.
The time to detection is a major concern in the report. Right now, the average organization first learns of a breach 100-200 days after the fact. Cisco says its infrastructure allows intrusions to be detected as quickly as 20 hours later.
“We took a different approach in some of our latest technologies. We’re constantly monitoring what’s going on, instead of just looking for discreet attacks. That’s helped to significantly reduce time to detection,” said Brvenik.
While many of the security protocols are best left in the hands of technology experts working at the behest of leaders who understand the threat, Brvenik says there are simple steps everyone can take, especially when it comes to updates.
“We saw a 221 percent increase of leveraging of aged infrastructure to launch attacks. If you have a blog that you haven’t updated, if you have a web server that you created, make sure that it gets updated. Make sure that it’s not an easy target for attackers to launch attacks against new people,” said Brvenik.
