Cisco NZ: Security 'god-box' does not exist, but there are solutions
Companies of all sizes – and resellers – need to stop looking for a ‘god-box’ that will solve all their security problems and focus instead on tackling security from people, process and technology angles.
That’s the word from John-Paul Sikking, Cisco New Zealand security specialist, who says organisations need to focus on managing risk, discovering their vulnerabilities, understanding their threats and then doing something about it, calling in the experts as required.
Sikking was speaking in the wake of today’s release of Cisco’s 2016 Annual Security Report, which shows a decline in organisations’ confidence in their security postures, and an increased impact from industrialised attackers.
Sikking says the key takeouts for Kiwi businesses include an increasing security creep, with unpatched operating systems, software and hardware.
“Aging infrastructure is a serious threat,” Sikking says. “Cisco searched the internet for Cisco devices and found that 92% had known security vulnerabilities that all had available patches.
“Just like patching the operating systems and applications, hardware must be maintained.”
Other findings Sikking says will impact New Zealand business are the prevalence of malware and phishing, which are top concerns faced by organisations, and that ransomware optimises the path to monetisation – and everyone a target.
“Rasomware continues to be the get rich quick scheme, where only a 2.9% success in getting ransoms paid still earns the perpetrators $34 million a year, per campaign,” Sikking says.
Sikking says 2015 showed higher motivation to address security threats, but less confidence in current systems, including tools and processes, to handle a breach.
Only 45% of the businesses surveyed were confident in their ability to determine the scope of a network compromise and remediate damage. But, 92% of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cybersecurity risk.
“This points to security as a growing boardroom concern,” Sikking says.
He says while there hasn’t been an explosion in attacks or destruction of our online worlds, the volume of attacks, and sophistication of them, is increasing.
“Where there have been some great takedowns of the bad guys, however, like the mythical Hydra, it is only a matter of weeks or months before a new head arises to fill the gap,” he says.
Sikking says that means businesses need to stick to the basics: “Understand your business, its core assets and risks; ensure you have the right people, process and technology to help protect your business; find your vulnerabilities and understand the threats – before someone else does.
“Manage the creep – rules, policy, processes, systems, hardware, software; and reduce your risk,” he says.
Sikking also highlights ‘the DNS blind spot’, with 91.3% of ‘known bad’ malware using DNS to call home.
“This is frequently a security blind spot, as security teams and DNS experts typically work in different IT groups within a company and don’t interact frequently.”
The report also highlights shifting server activity, as cybercriminals shift to compromised servers, such as those for WordPress, to support attacks, leveraging social media platforms for nefarious purposes. The number of WordPress domains used by criminals grew 221% between February and October 2015.
“If you have a WordPress site, you might want to patch it,” Sikking says. “Attackers are using WordPress as an easy command-and-control proxy for Ransomware.”
Also highlighted is the rise of outsourcing, as businesses of all sizes realise the value of oursourcing services to balance their security portfolios in the wake of talent shortages.
“This includes consulting, security auditing and incident response,” Cisco says.
“SMBs, which often lack resources for an effective security posture, are improving their security approach in part by outsourcing.”
SMBs are not immune
The report also highlights that SMBs remain under-funded and under-secured, while remaining a target.
The report shows as more enterprises look closely at their supply chain and small business partnerships they are finding the SMBs use fewer threat defence tools and processes.
Cisco says as an example, from 2014 to 2015, the number of SMBs using web security dropped more than 10%.
“This indicates potential risk to enterprises due to structural weaknesses,” Cisco says.
Adds Sikking: “Security defences in SMB continues to weaken.
“The hed in the sand defence remains high, with SMB not perceiving themselves to be targets, however any IP address connected to the internet remains a target.”
Resellers as business advisors
Sikking says 2016 should see the continued evolution of security partners to business advisors, with channel partners increasingly getting to understand their customers’ business and advising on strategies and technologies that will help them manage their business.
“I hope to see our partners change their understanding of the threat landscape, where they can team this knowledge with the customers’ vulnerabilities and deliver a robust service to discover, block and remediate attacks.”