The Most Severe Global Attacks Of 2017

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.

Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, according to 3,600 security bods surveyed in Cisco’s annual cyber security report.

Financial damage included lost revenue, customers, opportunities, and out-of-pocket costs, said Switchzilla. Mark Weir, director of cybersecurity at Cisco UK & Ireland told The Register the figure of $500,000 “could even be slightly conservative”.

The survey found one-fifth of UK respondents identified between 250,000 and 500,000 security alerts a day in 2017.

Increased threats could also be expensive for businesses in other ways. Last month the UK government warned that critical infrastructure firms could face fines of up to £17m if they do not have adequate cybersecurity measures in place.

Weir said the increase in severity of attacks is a "worrying trend” but added some of the measures that are being put in place could take a while to have an effect.

One such tactic is the use of multiple security products to try to tackle the threat. Some 25 per cent of security professionals said they used products from 11 to 20 vendors, compared with 18 per cent in the previous year.

Weir noted malware and ransomware attacks have become more significant over the last 12 to 18 months, with denial-of-service attacks also becoming increasingly sophisticated, and impacting the bottom line.

He said email encryption is also on the rise - which creates more challenges and confusion when trying to identify and monitor potential threats.

Cisco threat researchers observed a more than threefold increase in encrypted network communication used by inspected malware samples over a 12-month period. "Our analysis of more than 400,000 malicious binaries found that about 70 percent had used at least some encryption as of October 2017,” the report stated.

Another major challenge spotted was patching systems, as seen during the outbreak of the WannaCry ransomware crypto worm last year. Weir said that is particularly difficult when organisations have complex estates with multiple legacy systems that can no longer be patched.

He said application level security was a key area. "I still think is a real weakness across our entire industry. Some companies do it well, but not anywhere enough in the numbers needed to protect against attack.”

As such companies could see an increase in their financial and reputational loss next year.

“We talk about the threats of ransomware, malware, application level security and IoT threat… but the reality is these people will attack wherever they see weakness. So organisations must have defences across the piece.

"I think the severity of some of those attacks will increase. Security strategy has to start with protecting data... the preservation and security of that data is critical."

"Not surprisingly the people that propagate these attacks are very well funded, and well resourced. They work collaboratively, and I think as an industry we need to [do the same]," he added.

The Register:

You Might Also Read: 

Cisco & INTERPOL: Working Against Cybercrime:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Preventing The Next Active Shooter Attack
Cyberbullying Attacks the Young »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

SlashNext

SlashNext

The SlashNext Internet Access Protection System (IAPS) provides Zero-Day protection against all internet access threats including Social Engineering & Phishing, Malware, Exploits and Callback Attacks.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

Secure IT Disposals

Secure IT Disposals

Secure IT Disposals specialise in professional Computer Recycling, Computer Disposals, Computer Destruction, Data Erasure and end-of-lifecycle solutions.

Security Weaver

Security Weaver

Security Weaver is a leading provider of governance, risk and compliance management (GRCM) software.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

Aptum

Aptum

Aptum is a global hybrid multi-cloud managed service provider delivering complex and high-performance cloud solutions with an integrated secure network.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.