Content, Content

Cisco Report: Cyber Attackers Getting Smarter — Machine Learning, AI the Answer?

Cisco’s John Stewart
Cisco's John Stewart

Cyber attackers are getting smarter and more sophisticated. We all know that. But just how bad are the bad actors depends on how fast they continue to learn. Apparently, as a group the crooks are absorbing technology changes pretty fast, concluded Cisco in its just released 2018 Annual Cybersecurity Report, the 11th such volume the networking giant has produced.

Take the cloud conundrum, for example. Attackers are capitalizing on the difficulties security teams face trying to fortify evolving and expanding cloud environments. The good news is that machine learning and artificial intelligence are looking like an effective mitigation strategy, Cisco said.

“Security teams increasing their investment in advancing technologies, relying on automation, machine learning, and to help protect their organizations,” wrote John Stewart, Cisco’s chief security and trust officer, in a blog post. Some 83 percent of respondents in the study rely on automation, with 74 percent banking on AI to help support the workload of securing their organizations, according to the study. “As these technologies enable detection and prevention of threats so numerous and stealth that no human team can catch, CISOs increasingly look to AI and automation to help counter their adversaries and improve defenses,” said Stewart.

Also, attackers are apparently turning encryption on its head, using technology meant to enhance security to conceal command-and-control activity. “Our threat research team reports that 50 percent of global web traffic was encrypted as of October 2017, a 12 percent volume increase from November 2016,” wrote Stewart. “We also observed a more than threefold increase in encrypted network communication used by inspected malware samples during that time,” he said. “As the volume of encrypted global web traffic grows, adversaries are broadening their use of encryption as a way to mask command-and-control activity, providing them more time to operate and inflict damage sight-unseen.”

Cyber Security Trends from Cisco Systems

Here are some of Cisco’s top-level findings:

How much? More than half of all attacks resulted in financial damages of at least $500,000, including lost revenue, customers, opportunities and out-of-pocket costs.

How bad? Supply chain attacks can impact computers on a massive scale and can persist for months or even years.

How complex? In 2017, 25 percent of security professionals said they used products from 11 to 20 vendors, compared with 18 percent of security professionals in 2016. Security pros said 32 percent of breaches affected more than half of their systems, compared with 15 percent in 2016.

How analytical? Some 92 percent of security professionals said behavior analytics tools work well to detect and combat attackers. Two-thirds of the healthcare sector, followed by financial services, found behavior analytics to work extremely well to identify malicious actors.

How secure? About 27 percent of security professionals said they are using off-premises private clouds, compared with 20 percent in 2016. Among them, 57 percent said they host networks in the cloud because of better data security; 48 percent, because of scalability; and 46 percent, because of ease of use.

Cisco also made a point about the importance of time-to-detection (TTD), offering that at 4.6 hours for the November, 2016 to October, 2017 period (the span of the current report) TTD had dropped substantially from the 39-hour median of November, 2015 and the 14-hour time frame in last year’s report. The point, said Cisco, is faster TTD helps defenders combat breaches sooner.

Best Practices for Proper Cybersecurity

The vendor also listed some best practices/recommendations to improve security defenses:

  • Confirm adherence to corporate policies and practices for application, system, and appliance patching.
  • Access timely, accurate threat intelligence data and processes that allow for such data to be incorporated into security monitoring.
  • Perform deeper and more advanced analytics.
  • Back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
  • Conduct security scanning of microservice, cloud service and application administration systems.
  • Supply chain defenders should be aware of the potential risk of using software or hardware from organizations that do not appear to have a responsible security posture. Defenders should review third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.

“As adversaries continue to use more sophisticated practices, and become more adept at concealing their activity and undermining traditional security technologies, security teams must up the game,” said Stewart. “From the Board to the C-suite, our executive leadership must set the tone and engender a ‘security-first-always-and-everywhere’ culture that flows throughout the organization.”

As for the study, Cisco gleaned the findings from threat intelligence and cyber security trends of the past 12-18 months as observed by researchers and vendors Anomali, Lumeta, Qualys, Radware, Saint and TrapX. Also included in the report are results of the vendor’s annual Security Capabilities Benchmark Study, which this year surveyed 3,600 chief security officers and security operations managers worldwide.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.