Cisco Cybersecurity Reports

What is covered in the Cisco Annual Cybersecurity Report? 

Evolution of malware

Malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware. At the same time, adversaries are getting more adept at creating malware that can evade traditional sandboxing.

Malicious encrypted web traffic

50% of global web traffic was encrypted as of October 2017. Encryption is meant to enhance security. But it also provides malicious actors with a powerful tool to conceal command-and-control activity. Those actors then have more time to inflict damage.

Rise of artificial intelligence

Encryption also reduces visibility. More enterprises are therefore turning to machine learning and artificial intelligence. With these capabilities, they can spot unusual patterns in large volumes of encrypted web traffic. Security teams can then investigate further.

Major findings from the Cisco Annual Cybersecurity Report 

“Burst attacks” grow in complexity, frequency, and duration.

In one study, 42% of the organisations experienced this type of DDoS attack in 2017. In most cases, the recurring bursts lasted only a few minutes.

Many new domains tied to spam campaigns:

Most of the malicious domains we analysed, about 60%, were associated with spam campaigns.

Security is seen as a key benefit of hosting networks in the cloud.

The use of on-premises and public cloud infrastructure is growing. Security is the most common benefit of hosting networks in the cloud, the security personnel respondents say.

Insider threats: A few rogue users can have a big impact.

Just 0.5% of users were flagged for suspicious downloads. On average, those suspicious users were each responsible for 5200 document downloads.

More OT and IoT attacks are on the horizon.

31% of security professionals said their organisations have already experienced cyber attacks on OT infrastructure.

The multivendor environment affects risk.

Nearly half of the security risk that organisations face stems from having multiple security vendors and products.