The Most Severe Global Attacks Of 2017

Uploaded on 2018-03-08 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.

Some 32 per cent of breaches affected more than half of an organisation's systems in 2017, up from 15 per cent the previous year, according to 3,600 security bods surveyed in Cisco’s annual cyber security report.

Financial damage included lost revenue, customers, opportunities, and out-of-pocket costs, said Switchzilla. Mark Weir, director of cybersecurity at Cisco UK & Ireland told The Register the figure of $500,000 “could even be slightly conservative”.

The survey found one-fifth of UK respondents identified between 250,000 and 500,000 security alerts a day in 2017.

Increased threats could also be expensive for businesses in other ways. Last month the UK government warned that critical infrastructure firms could face fines of up to £17m if they do not have adequate cybersecurity measures in place.

Weir said the increase in severity of attacks is a "worrying trend” but added some of the measures that are being put in place could take a while to have an effect.

One such tactic is the use of multiple security products to try to tackle the threat. Some 25 per cent of security professionals said they used products from 11 to 20 vendors, compared with 18 per cent in the previous year.

Weir noted malware and ransomware attacks have become more significant over the last 12 to 18 months, with denial-of-service attacks also becoming increasingly sophisticated, and impacting the bottom line.

He said email encryption is also on the rise - which creates more challenges and confusion when trying to identify and monitor potential threats.

Cisco threat researchers observed a more than threefold increase in encrypted network communication used by inspected malware samples over a 12-month period. "Our analysis of more than 400,000 malicious binaries found that about 70 percent had used at least some encryption as of October 2017,” the report stated.

Another major challenge spotted was patching systems, as seen during the outbreak of the WannaCry ransomware crypto worm last year. Weir said that is particularly difficult when organisations have complex estates with multiple legacy systems that can no longer be patched.

He said application level security was a key area. "I still think is a real weakness across our entire industry. Some companies do it well, but not anywhere enough in the numbers needed to protect against attack.”

As such companies could see an increase in their financial and reputational loss next year.

“We talk about the threats of ransomware, malware, application level security and IoT threat… but the reality is these people will attack wherever they see weakness. So organisations must have defences across the piece.

"I think the severity of some of those attacks will increase. Security strategy has to start with protecting data... the preservation and security of that data is critical."

"Not surprisingly the people that propagate these attacks are very well funded, and well resourced. They work collaboratively, and I think as an industry we need to [do the same]," he added.

The Register:

You Might Also Read: 

Cisco & INTERPOL: Working Against Cybercrime:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Preventing The Next Active Shooter Attack
Cyberbullying Attacks the Young »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

Wipro

Wipro

Wipro Limited is a leading global information technology, consulting and business process services company.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

Cyphra

Cyphra

Cyphra’s team provide cyber security consulting, technical and managed services expertise and experience to support your organisation.

Mitigate Cyber

Mitigate Cyber

Mitigate Cyber (formerly Xyone Cyber Security) offer a range of cyber security solutions, from threat mitigation to penetration testing, training & much more.

Network Perception

Network Perception

Network Perception proactively and continuously assures the security of critical OT assets with intuitive network segmentation verification and visualization.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

CQR

CQR

CQR are at the forefront of innovative cyber solutions, dedicated to securing and fortifying Operational technology (OT) infrastructure.

Intelligent Protection Management (IPM)

Intelligent Protection Management (IPM)

At IPM, we deliver custom technology solutions that empower businesses to thrive. With over 20 years experience, we help companies of all sizes tackle IT, Security, and Cloud.