Cisco security report shows aging infrastructure no match for constantly advancing attack techniques.
IT confidence in its current cybersecurity protections dropped down a tick this past year in the face of aging infrastructure, rampant ransomware campaigns, and constant shifts in attack tactics from the bad guys.
So says the Cisco 2016 Annual Security Report, which showed that only 59 percent of organizations report that their security infrastructure is "very up to date," compared to 64 percent who reported the same last year. What's more, fewer than half of respondents say that they're confident in their security posture today.
The report took a look at attitudes and practices of more than 2,400 CSOs and security operations experts across the enterprise and midmarket, and combined that with analysis of Cisco's network of customer devices.
In addition to a dip in the ratio of organizations claiming up-to-date security infrastructure, the report shows that organizations continue to suffer from an inability to update its infrastructure. Approximately 92 percent of analyzed Internet devices are running known vulnerabilities and 31 percent of devices analyzed aren't even supported or maintained by their vendor.
Among the findings, Cisco reports that only about 9 percent of organizations have an IT security budget distinct from the overall IT budget, though at this point 98 percent have a department or team solely dedicated to security.
"Many organizations rely on network infrastructures built of components that are old, outdated, and running vulnerable operating systems—and are not cyber-resilient," the report noted, explaining that devices had 26 vulnerabilities on average.
In the report, Cisco also highlighted the growing threat to respondents and analyzed devices from increasingly sophisticated exploit kit and ransomware campaigns. In particular, the report dove into the activity of the highly prevalent and damaging Angler exploit kit, which 60 percent of the time delivered ransomware payloads. For example, Cisco researchers point to the July 2015 spike in Cryptowall 3.0 to activity from Angler. The firm estimates that criminals are making $34 million annually per ransomware campaign through Angler, with about 2.9 percent victims paying an average ransom of $300.
"The authors of Angler and other exploit kits have been quick to exploit 'patching gaps' with Adobe Flash—the time between Adobe’s release of an update and when users actually upgrade," the report stated. "Cisco threat researchers attribute the July 2015 spike to the Flash zero-day exploit CVE-2015-5119 that was exposed as part of the Hacking Team leaks."
The report took a look at a number of techniques attackers are using to exploit enterprises today. For example, with the rise of HTTPS traffic use, security tools are struggling to keep tabs on malware using encrypted communication across a diverse set of ports. Additionally, attackers are taking advantage of the DNS "blind spot" within organizations. Approximately 91 percent of malware used DNS to gain command and control, exfiltrate data and redirect traffic. As things stand, few organizations monitor DNS for security purposes if at all, the report says.
"Why is DNS a security blind spot for so many organizations?" the authors say. "A primary reason is that security teams and DNS experts typically work in different IT groups within a company and don’t interact frequently."
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio