Worldwide leader in IT and networking Cisco® (NASDAQ: CSCO) released its Annual Cybersecurity Report (ACR). The Cisco Annual Cybersecurity Report, now in its tenth year, examines the latest threat intelligence gathered by Cisco security experts, providing industry insights that reveal customer security trends. The 2017 report also highlights key findings from the third annual Cisco Security Capabilities Benchmark Study (SCBS), which examines security professionals’ perceptions of the state of security in their organizations. It shares geopolitical trends, global developments around data localization, and the importance of cybersecurity as a boardroom topic
According to the report, over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent. Ninety percent of these organizations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent). The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
The global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. Chief security Officers (CSOs) cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65 percent of organizations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 percent) of email with eight to 10 percent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
Cybersecurity has changed drastically since the inaugural Cisco Annual Security Report in 2007. While technology has helped attacks become more damaging and defenses become more sophisticated, the foundation of security remains as important as ever. In 2007, the ACR reported web and business applications were targets, often via social engineering, or user-introduced infractions. In 2017, hackers attack cloud-based applications, and spam has escalated.
The 2017 ACR reports that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilize to their advantage.
Cisco advises organizations to take steps to prevent, detect, and mitigate threats and minimize risk. These steps include; making security a business priority: Executive leadership must own and evangelize security and fund it as a priority. Measure operational discipline: Review security practices, patch, and control access points to network systems, applications, functions, and data. Test security effectiveness: Establish clear metrics. Use them to validate and improve security practices. Adopt an integrated defense approach: Make integration and automation high on the list of assessment criteria to increase visibility, streamline interoperability, and reduce the time to detect and stop attacks. Security teams then can focus on investigating and resolving true threats.
“In Nigeria, we recognize that the penetration of mobile and growth in internet usage also means that we are more vulnerable to cybercrimes. That is why we leverage our partners, the Cisco Networking Academy program and certifications in addition to typical customer enablement activities to grow our Security market share. We have a growing list of over 300 partners in Nigeria covering Security in Verticals like Retail, Financial Services, Oil, Healthcare, Hospitality and Public Sector. The Cisco Networking Academy is expanding its causes to include Security Everywhere by providing knowledge and capacity building partnering with government and private educational institutions, this actually aligns with the skills development and jobs creation goal of the Government ensuring that we are also increasing skills in Security IT. We currently have over 130 academies in Nigeria and have more Academies joining this number on a quarterly basis.”Olakunle Oluruntimehin, General Manager, Cisco Nigeria
About the Report
The Cisco Annual Cybersecurity Report, now in it’s tenth year, examines the latest threat intelligence gathered by Cisco security experts, providing industry insights that reveal customer security trends. The 2017 report also highlights key findings from the third annual Cisco Security Capabilities Benchmark Study (SCBS), which examines security professionals’ perceptions of the state of security in their organizations. It shares geopolitical trends, global developments around data localization, and the importance of cybersecurity as a boardroom topic.
For a complete copy of the 2017 Cisco Annual Security Research report, and to read more about Cisco’s recommendations as to how businesses can mitigate against risk, click here.
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
Cisco, the Cisco logo, Cisco Systems and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.