More damaging breaches and the accelerating pace of technology are foiling security defenders’ ability to detect threats, prevent attacks and help organizations recover from an onslaught, Cisco said in its newly released 2017 Mid-Year Cybersecurity Report.
While most “threat actors” are still chasing the money, some have the ability and the “inclination” to lock down systems and destroy data as part of an attack. That ploy, the vendor suggested, is the forerunner to the newly emerging destruction of service (DeOS) attack.
“Botnet activity in the IoT space suggests some operators may be focused on laying the foundation for a wide-reaching, high impact attack that could potentially disrupt the Internet itself,” Cisco said in the report.
What will partners need to keep an eye on? Here’s the starter list:
1. Business email: Some $5.3 billion was stolen due to business email compromise fraud between October 2013 and December 2016, according to the Internet Crime Complaint Center. By comparison, in 2016 ransomware thieves made off with about $1 billion.
2. Spyware: Many organizations underestimate or dismiss spyware but the code can steal user and company information, weaken device security and give a boost to malware.
3. IoT: Security teams usually aren’t aware of IoT devices connected to the network. But hackers now can exploit IoT devices to move laterally across networks without detection.
4. More spam: Adversaries who had relied heavily on exploit kits to deliver ransomware are turning to spam emails that rely on user interaction to infect systems and deliver payloads.
5. Supply chain attacks: Attackers can spread malware to many organizations through a single compromised site.
6. Secure clouds: Cloud is often the “ignored dimension” with enterprise security. Open authorization risk and poor management of single privileged user accounts create security gaps that adversaries can easily exploit.
7. DevOps services: Improper deployment or usage pose a significant risk to organizations.
8. Understaffed/underfunded security teams: A lack of visibility into dynamic IT environments, Shadow IT risks, a flood of alerts and complex IT security environments are weighing down the defenders.
Where’s the play for partners?
“With the expansion of cyber threats, there is a clear opportunity for channel partners to help customers assess their threat risks and develop a strategic plan to minimize risk,” said Dave Gronner, Cisco’s global partner organization, security go-to-market senior manager.
“Threat assessment services and consulting services aimed at building, documenting and implementing cybersecurity strategies will continue to be a growing and profitable opportunity for channel partners,” he said.
Here are Gronner's four suggestions for partners interested in building (or building out) a security practice:
- Cross platform solutions: Partners can increase their success in security by developing an architectural understanding of cross-platform solutions and threat intelligence.
- Layers: Achieving the highest level of security for end customers requires providing a layered security approach to address the multi-faceted threat vectors, including web, email, mobile workers and cloud applications.
- Portfolios: Mid-sized to large partners should build their security practices as a complement to their existing networking and data center practices.
- Verticals: Partners should tap into new opportunities by building specialized practices for specific vertical markets and competencies in IoT security.
As for Cisco’s full report, it covers new developments in malware, trends in web attack methods and spam, the risks of potentially unwanted applications like spyware, business email compromise, the changing economics of malicious hacking and medical device compromise. It also looks at vulnerabilities that can leave organizations and user susceptible to an attack, such as slow patching, not limiting privileged access to cloud systems, and unmanaged infrastructure and endpoints.
In addition, the report includes supplemental findings from Cisco’s latest Security Capabilities Benchmark Study, specifically key security concerns of eight verticals: service providers, public sector, retail, manufacturing, utilities, healthcare, transportation and finance.