Cisco, Verizon cybersecurity reports say finding potential threats is increasingly difficult

cybersecurity, 2017, Accenture Security
Cisco and Verizon's latest security breach reports reveal the growing challenges of fighting cyber threats. (Image: Accenture)

New cybersecurity reports just released by Cisco and Verizon Wireless say that businesses are faced with more sophisticated security threats from wireline and wireless devices running on their networks.

In its 2018 Annual Cybersecurity Report, Cisco found that malware sophistication is increasing as hackers begin to weaponize cloud services and evade detection through encryption, which is used as a tool to conceal command-and-control activity.

To battle the rising tide of malware threats, Cisco says security experts will use and spend more on tools that use artificial intelligence and machine learning.

RELATED: Cisco takes on service provider network automation with Crosswork platform

Isolating threats with encryption technology is one option to enhance security, but Cisco noted that the expanded volume of encrypted web traffic (50% as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.


Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

In 2017, 25% of security professionals told Cisco they used products from 11 to 20 vendors, up from 18% of security professionals in 2016. What’s more, security professionals said 32% of breaches affected more than half of their systems, compared with 15% in 2016.

By using machine learning, a business could enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments. 

Some of the 3,600 chief information security officers (CISOs) interviewed for the Cisco 2018 Security Capabilities Benchmark Study report, said they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate. Cisco said that while machine learning and AI are still relatively nascent technologies, they will over time will mature and learn what is “normal” activity in the network environments they are monitoring.

Another key threat is coming from mobile devices as more companies enable their workforce to use mobile devices to access company data. Despite the fact that security risks are serious and growing, Verizon said in its new Mobile Security Index that the overwhelming majority of businesses could not say the measures they have in place for mobile devices were “very effective.”

Only 33% of organizations, according to the Mobile Security Index report, use mobile endpoint security and less than half (47%) said their organization uses device encryption.

Interestingly, many businesses don’t take basic precautions. Only 39% said they change all default passwords and over half (51%) didn’t have a public Wi-Fi policy. Most know they need to take more action. 93% agreed that organizations should take mobile security more seriously.

Fundamental cybersecurity practices are being ignored and large majority of respondents (62%) feel that a lack of understanding of threats and solutions are a barrier to mobile security.

Perhaps the more disturbing revelation of Verizon’s study is that it’s not hacktivists, criminals or those engaging in corporate espionage that pose the greatest threat, but a company’s own employees. However, only 50% of all organizations provide IT training when a new employee joins a company.

Suggested Articles

Arista Networks beat out some big names in its deal to buy Big Switch Networks, which came to light last week.

MoffettNathanson reports that the CAF II money that the incumbents received was typically more than the cost of the network builds.

Last year the number of data center mergers and acquisitions deals closed passed the 100 mark for the first time, according to a report.