According to the Cisco 2017 Annual Cybersecurity Report (ACR), over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent. Ninety percent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
The 10th edition of this global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. CSOs cite budget constraints, poor compatibility of systems, a lack of trained talent and increasing complexity of its security departments as the biggest barriers to advancing their security postures.
To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 percent) of email with eight to 10 percent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Cisco tracks progress in reducing “time to detection” (TTD). Cisco has successfully lowered the TTD from a median of 14 hours in early 2016 to as low as six hours in the last half of the year. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.
The other aspects highlighted in the ACR are: The Business Cost of Cyber Threats: Lost Customers, Lost Revenue, Hacker Operations and New “Business” Models and the report also presents ideas on how the organizations should take steps to secure their business and maintain vigilance.
“In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture,” said Shukri Eid, Managing Director – East Region, Cisco Middle East.
