Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries' time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, the 11th Cisco 2018 Annual Cybersecurity Report finds.
While encryption is meant to enhance security, the expanded volume of encrypted web traffic (50% as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.
Applying machine learning can help enhance network security defenses and, over time, "learn" how to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments. Some of the 3,600 security professionals interviewed for the report stated they were reliant and eager to add tools like machine learning and AI, but were frustrated by the number of false positives such systems generate. While still in its infancy, machine learning and AI technologies over time will mature and learn what is "normal" activity in the network environments they are monitoring.
The financial cost of attacks is no longer a hypothetical number:
According to study respondents, more than half of all attacks resulted in financial damages of more than $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs.
Supply chain attacks are increasing in velocity, complexity:
These attacks can impact computers on a massive scale and can persist for months or even years. Defenders should be aware of the potential risk of using software or hardware from organizations that do not appear to have a responsible security posture.
Use of cloud is growing; attackers taking advantage of the lack of advanced security. In this year's study, 27% of security professionals said they are using off-premises private clouds, compared with 20% in 2016. Among them, 57% said they host networks in the cloud because of better data security; 48%, because of scalability; and 46%, because of ease of use.
While cloud offers better data security, attackers are taking advantage of the fact that security teams are having difficulty defending evolving and expanding cloud environments. The combination of best practices, advanced security technologies like machine learning, and first-line-of-defense tools like cloud security platforms can help protect this environment.
For more details, visit www.cisco.com.