• WannaCry and Nyetya are just a taste of what's to come
• Stand by for high-impact event that could potentially disrupt the Internet itself
• Cisco's advice on how to combat today’s increasingly sophisticated attackers

Cisco has just launched its 2017 Midyear Cybersecurity Report. Coming as it does in the wake of the most recent cyber scares with WannaCry and Nyetya, it forecasts tough security times ahead with the rapid “evolution of threats and the increasing magnitude of attacks”. And it ramps the jargon language up a notch, by positing potential “destruction of service” (DeOS) attacks. These more virulent versions of DDOS (distributed denial of service) “could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack,” it claims. It points out that IoT growth (when it comes) increases the “attack surfaces” and so exposes organisations to even greater harm.

Cisco claims WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive and foreshadow attacks that will prove  far more damaging, leaving businesses with no way to recover.

Recent IoT botnet activity, claims Cisco, already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.

So measuring the effectiveness of security practices in the face of these attacks is critical. Cisco says it tracks progress in reducing “time to detection” (TTD), the window of time between a compromise and the detection of a threat.

Since November 2015, Cisco has decreased its median time-to-detection (TTD) from just over 39 hours to about 3.5 hours for the period from November 2016 to May 2017. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.

While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence. It itemises:

• Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
• Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise. Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20 percent of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.

Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks. Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organizations, who face an even greater, underreported threat. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organizations into transferring money to attackers, is becoming highly lucrative. Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Center.

Cisco’s Advice: To combat today’s increasingly sophisticated attackers, organizations must take a proactive stance in their protection efforts. Cisco Security advises:

• Keeping infrastructure and applications up to date, so that attackers can’t exploit publicly known weaknesses.
• Battle complexity through an integrated defense. Limit siloed investments.
• Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints.
• Establish clear metrics. Use them to validate and improve security practices.
• Examine employee security training with role-based training versus one-size-fits-all.
• Balance defense with an active response. Don’t “set and forget” security controls or processes.