The Most Severe Global Attacks Of 2017

Uploaded on 2018-03-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.

Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, according to 3,600 security bods surveyed in Cisco’s annual cyber security report.

Financial damage included lost revenue, customers, opportunities, and out-of-pocket costs, said Switchzilla. Mark Weir, director of cybersecurity at Cisco UK & Ireland told The Register the figure of $500,000 “could even be slightly conservative”.

The survey found one-fifth of UK respondents identified between 250,000 and 500,000 security alerts a day in 2017.

Increased threats could also be expensive for businesses in other ways. Last month the UK government warned that critical infrastructure firms could face fines of up to £17m if they do not have adequate cybersecurity measures in place.

Weir said the increase in severity of attacks is a "worrying trend” but added some of the measures that are being put in place could take a while to have an effect.

One such tactic is the use of multiple security products to try to tackle the threat. Some 25 per cent of security professionals said they used products from 11 to 20 vendors, compared with 18 per cent in the previous year.

Weir noted malware and ransomware attacks have become more significant over the last 12 to 18 months, with denial-of-service attacks also becoming increasingly sophisticated, and impacting the bottom line.

He said email encryption is also on the rise - which creates more challenges and confusion when trying to identify and monitor potential threats.

Cisco threat researchers observed a more than threefold increase in encrypted network communication used by inspected malware samples over a 12-month period. "Our analysis of more than 400,000 malicious binaries found that about 70 percent had used at least some encryption as of October 2017,” the report stated.

Another major challenge spotted was patching systems, as seen during the outbreak of the WannaCry ransomware crypto worm last year. Weir said that is particularly difficult when organisations have complex estates with multiple legacy systems that can no longer be patched.

He said application level security was a key area. "I still think is a real weakness across our entire industry. Some companies do it well, but not anywhere enough in the numbers needed to protect against attack.”

As such companies could see an increase in their financial and reputational loss next year.

“We talk about the threats of ransomware, malware, application level security and IoT threat… but the reality is these people will attack wherever they see weakness. So organisations must have defences across the piece.

"I think the severity of some of those attacks will increase. Security strategy has to start with protecting data... the preservation and security of that data is critical."

"Not surprisingly the people that propagate these attacks are very well funded, and well resourced. They work collaboratively, and I think as an industry we need to [do the same]," he added.

The Register:

You Might Also Read: 

Cisco & INTERPOL: Working Against Cybercrime:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Preventing The Next Active Shooter Attack
Cyberbullying Attacks the Young »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Cyber Castle

Cyber Castle

Linux Demands Sophisticated, Purpose-Built Security. Cyber Castle is the solution. A safe, deployable platform down to the edge device for monitoring Linux security anywhere across the globe.