As informational and operational technology converge, businesses need to improve their security positioning. Recent incidents such as WannaCry and NotPetya show the rapid spread and wide impact of cyberthreats. According to Cisco’s 2017 Midyear Cybersecurity Report, cyberattacks will only become more destructive and sophisticated, requiring a fresh look at security measures. These new cyberthreats are known as destruction of service attacks (DDoS) and are potentially far more damaging than ransomware, leaving victims with no way to recover their data.
Destruction of service attacks have one major attribute: they can potentially eliminate an organization’s backups and critical safety nets that restore systems and data – even after an attack has been “cleared”. Generally, DDoS attacks seem innocuous, but have the potential to wreak long-lasting havoc on systems that have been infected. Recent examples are, of course, WannaCry and NotPetya, although more malicious attacks seem to be in the making. Cisco’s report states that recent botnet activity suggests hackers are already laying the foundations for more wide-reaching, high-impact threats that could potentially disrupt the entire internet.
More users across more devices mean plenty of gaping holes in IoT services that are ripe for DDoS exploitation. In order to combat this serious potential threat, Cisco has invested in reducing its time-to-detection window for IoT devices, shrinking it from 35 hours in 2015 to about 3.5 hours in 2017, a model that most companies would benefit from. Furthermore, it’s critical for businesses to implement defense in depth with the goal of protecting multiple layers of a system.
What makes DDoS attacks so dangerous is they are often disguised as older, less harmful cyberthreats. Many of these traditional threats are often treated simply as a nuisance. Cisco’s report sampled 300 companies over a four-month period and found that three prevalent spyware families infected over 20 percent of the businesses. Additionally, a vast majority of DDoS threats are activated by requiring victims to click on links to file-less malware that lives in memory and is much harder to detect. Assuming that what seems like a traditional cyberattack is benign can potentially open the gates for a DDoS attack on critical business network systems.
The key to combatting these increasingly harmful cyberattacks is proactivity and keeping fundamental security requirements up to date—don’t “set and forget” security measures. Additionally, limiting silos and deploying integrated defense in depth measures go a long way in responding to various threats. According to Cisco’s VP and Chief Information Security Officer, “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.” However, the biggest proactive defense is proper, role-based security training rather than a one-size-fits-all crash course.
If you want to explore the finding of Cisco’s 2017 Midyear Cybersecurity report more in-depth, view some graphs that highlight key findings from the study here.