Earlier today, Cisco released its 2017 Midyear Cybersecurity Report. 5thColumn has pulled some key points and relevant information from the report.
Business email compromise (BEC) has become a highly lucrative threat vector for attackers. According to the Internet Crime Complaint Center (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016. In comparison, ransomware exploits took in US$1 billion in 2016.
The dramatic increase in cyber-attack frequency, complexity, and size over the past year suggests that the economics of hacking have turned a corner, according to Radware, a Cisco partner. Radware notes that the modern hacking community is benefiting from quick and easy access to a range of useful and low-cost resources.
Cisco sees three key takeaways from the recent global attack by WannaCry:
- Governments should report software flaws to vendors in a timely fashion and, to the extent that they exploit those flaws, codify those decisions for independent oversight and review.
- Technology developers should have publicly disclosed, risk-based mechanisms to receive, process, and disclose information about the availability—or absence—of known vulnerabilities, patches, mitigations, and workarounds.
- Business leadership must make cybersecurity a top priority. Only by creating greater transparency around exploitable vulnerabilities can we ever hope to minimize their occurrence and global impact.
Business leadership should set the tone at the top about cybersecurity and emphasize its importance to the entire organization. They should also ensure that the organization’s IT infrastructure is current and regularly updated—and that adequate budget is devoted to those activities.
Small and medium sized businesses (SMBs) take a different stance on security than larger companies. The following are the report highlights relative to SMBs:
When attackers breach networks and steal information, small and medium-sized businesses (SMBs) are less resilient in dealing with the impacts than larger organizations. If a public breach damages a brand and causes customers to switch to a competitor, a larger business can weather the impact better than a smaller business. Given the increased risk of business disruption, SMBs can strengthen their position by ensuring they have security processes and tools that minimize the impact of threats and breaches.
In examining data from the 2017 Security Capabilities Benchmark Study, SMBs exhibit shortfalls in their defenses compared with larger organizations. Due to smaller budgets and expertise, SMBs are also somewhat less likely to have key security defenses in place:
- 29% of SMBs reported ransomware to be a high risk to the organization
- 30% view regulatory compliance constraints as a high risk
- 34% reported using email security
- 40 percent of SMBs use data loss prevention defenses
- 59% of SMBs have written, formal strategies in place
- 30% require their vendors to have ISO27018 certifications
SMBs looking to improve their security posture should:
- Focus on improving security policies and procedures
- Focus on adopting common threat defenses more widely (reduces risk of suffering adverse impacts from attacks)
- Work with external security services to get expertise and guidance on a formal security strategy
- Develop best practices
- Augment staff with expertise around monitoring and incident response
To adopt a security infrastructure that fits business needs and budgets, security teams should work with vendors to provide solutions that integrate to simplify the security environment to a manageable yet effective level. Likewise, growing organizations can follow standards such as the NIST Cybersecurity Framework to build out their security. For businesses of every size, a more holistic approach to security will offer more effective protection against evolving threats.
5thColumn understands that Cyber Security is not just a network technology concern and the variety of malicious and dangerous activities that target companies have advanced to the point that security is a critical component of managing all corporate risk. Due to the advancements in hacking, on-line theft, and malicious resources available to bad actors, it is no longer reasonable for IT companies to be able to cost effectively secure networks.
5thColumn, security specialists implement holistic strategies for securing corporate assets that includes the network resources required to conduct their business. Our proprietary product offering and security architecture insures that SMB organizations maintain a state-of-the-art barrier to malicious network events and activities and provides the fastest time-to-detection and resolution, driving both capex and opex savings, while also improving internal productivity.
In addition, 5thColumn offers a cyber warranty that provides consumers with purchasing confidence and a guarantee of quality such that any mistake or failure on part of the delivered services or solutions, resulting in a reportable incident, be immediately triaged and fixed without unforeseen additional expense or financial burden.
To download the full report, please visit Cisco’s website here.