Cisco 2016 ASR

Is Your Security Up to Date?

Its 'all quiet on the western front' was was the sit-rep I received from our SOC recently.

In case it might have escaped your attention, there's been a stunning lack of a major cyber breach thus far this year. This may have lulled some into a false sense of security into believing that the forces of good were finally winning the battle against the Dark Side, however Cisco’s 2016 Annual Security Report (ASR) sheds a mixed light on the fight against cyber crime.

Vastly outnumbered, cyber defenders are fighting to keep up with rapid global digitization and increasingly bold adversaries, who seem intent on the theft and ransom of non-public information and the disruption of legitimate business activities.

Almost by the day, the report claims, attackers seem to grow more bold, adaptable, and resilient, setting up professional business organizations and technical infrastructures that mimic legitimate enterprises.

On the global front, the report sees fluctuations in cyber Internet governance across regions, which inhibits collaboration and the ability to respond to attacks.

Despite these challenges, and despite a gloomy outlook, the ASR describes some of the successes against the Dark Side and the ‘take-down’ of a number of cyber-criminal groups.

This years’ ASR reveals that attackers increasingly use legitimate online resources to launch their malicious campaigns. Though the news might speak to zero-day attacks, hackers also continue to deploy age-old malware to take advantage of weak spots such as unpatched servers. Furthermore, aging infrastructure and uneven or inconsistent security practices remain a challenge for many businesses.

Other key insights from the 2016 ASR include a growing encryption trend (particularly HTTPS) for web traffic, which often provides a false sense of security to users. For companies it potentially cloaks suspicious activity. The report also witnesses the increased use of compromised WordPress servers to support ransomware, bank fraud, and phishing attacks.

The ASR portrays the latest installment of an ongoing epic battle between the forces of good and evil, with some attacks successful, some repelled, and some wicked counter-attacks that have sent the forces of evil running – (no doubt to regroup and ready themselves for another battle). A veritable source of information, it not only reports on the current state of cybersecurity but makes recommendations for the implementation of defensive measures, and how to prepare for the next wave of attacks.


Adversaries and defenders are both developing technologies and tactics that are growing in sophistication. For their part, bad actors are building strong back-end infrastructures with which to launch and support their campaigns. Watch Cisco CEO Chuck Robbins and Chief Security Officer John N. Stewart discuss these key findings and more from the Cisco 2016 Annual Security Report.