Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

The Rising Threat of Offensive AI

Can we trust what we see, hear and are told?

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Cisco 2016 ASR

Is Your Security Up to Date?

Its 'all quiet on the western front' was was the sit-rep I received from our SOC recently.

In case it might have escaped your attention, there's been a stunning lack of a major cyber breach thus far this year. This may have lulled some into a false sense of security into believing that the forces of good were finally winning the battle against the Dark Side, however Cisco’s 2016 Annual Security Report (ASR) sheds a mixed light on the fight against cyber crime.

Vastly outnumbered, cyber defenders are fighting to keep up with rapid global digitization and increasingly bold adversaries, who seem intent on the theft and ransom of non-public information and the disruption of legitimate business activities.

Almost by the day, the report claims, attackers seem to grow more bold, adaptable, and resilient, setting up professional business organizations and technical infrastructures that mimic legitimate enterprises.

On the global front, the report sees fluctuations in cyber Internet governance across regions, which inhibits collaboration and the ability to respond to attacks.

Despite these challenges, and despite a gloomy outlook, the ASR describes some of the successes against the Dark Side and the ‘take-down’ of a number of cyber-criminal groups.

This years’ ASR reveals that attackers increasingly use legitimate online resources to launch their malicious campaigns. Though the news might speak to zero-day attacks, hackers also continue to deploy age-old malware to take advantage of weak spots such as unpatched servers. Furthermore, aging infrastructure and uneven or inconsistent security practices remain a challenge for many businesses.

Other key insights from the 2016 ASR include a growing encryption trend (particularly HTTPS) for web traffic, which often provides a false sense of security to users. For companies it potentially cloaks suspicious activity. The report also witnesses the increased use of compromised WordPress servers to support ransomware, bank fraud, and phishing attacks.

The ASR portrays the latest installment of an ongoing epic battle between the forces of good and evil, with some attacks successful, some repelled, and some wicked counter-attacks that have sent the forces of evil running – (no doubt to regroup and ready themselves for another battle). A veritable source of information, it not only reports on the current state of cybersecurity but makes recommendations for the implementation of defensive measures, and how to prepare for the next wave of attacks.

Adversaries and defenders are both developing technologies and tactics that are growing in sophistication. For their part, bad actors are building strong back-end infrastructures with which to launch and support their campaigns. Watch Cisco CEO Chuck Robbins and Chief Security Officer John N. Stewart discuss these key findings and more from the Cisco 2016 Annual Security Report.