Although high-ranking executives have no confidence in the company's security capabilities, 92% of them believe that both authorities and investors expect companies to propose ways to effectively manage cybersecurity risks, prompting business leaders to begin to strengthen Security measures to protect the future of the company, especially when the digital business transformation.
The report emphasizes that the steep challenges facing enterprises come from the rapidly evolving cyberattacks. More and more hackers use legitimate resources to effectively attack and profit from it. In addition, direct cyberattacks are increasing, and in the case of ransomware alone, $34 million in unlawful benefits can be earned each year, and these unscrupulous people continue to use the limits of network monitoring to do whatever they want.
Today's enterprises are facing many security challenges that limit the ability of enterprises to detect, transfer, and recover from common and professional cyber attacks. Old and outdated infrastructure, organizational structures and defensive techniques will put companies in a high-risk environment.
The Cisco Annual Security Report calls for global companies to have greater cooperation and investments in processes, technology, and people to improve their defense against corporate attacks. The main findings of the report include:
· Declining confidence and increasing transparency--only less than half of the companies surveyed have confidence in their cyberattacks and ability to recover from losses, but most senior executives in finance and business departments agree that In the face of future cybersecurity risks, authorities and investors want the company to have greater transparency, and showing network security has become a growing focus of the board.
· Infrastructure aging - From 2014 to 2015, the proportion of companies with the latest security infrastructure dropped by 10%. The survey found that 92% of network devices have known vulnerabilities, and one-third of them no longer have vendor support or maintenance services.
· SMEs become a potential weakness – more and more large companies are paying close attention to relationships with supply chains and SME partners who find they use fewer threat defense tools and relatively simple defense processes. For example, from 2014 to 2015, the proportion of SMEs using cybersecurity protection fell by more than 10%, and these structural vulnerabilities will become potential risks for large enterprises.
· Outsourcing services continue to increase--The shortage of talents in Zi'an now becomes a trend, and companies of all sizes are gradually realizing the value that outsourcing services can bring to the shortage of Zi'an talents, and can balance the security portfolio of enterprises. Outsourcing services include consulting, security audits and security incident response. SMEs often lack the resources to maintain an effective security status, and outsourcing services can improve their security defenses to a certain extent. The proportion of SMEs using outsourcing services is as high as 23% in 2015, and 14% compared with 2014. .
· Server behavior changes - cybercriminals have moved their targets to unsecured servers, such as using WordPress servers to support their attacks and using social media platforms for unlawful purposes. From February to October 2015, the number of criminals using WordPress domains grew by 221%.
· Browser-based data leaks - malicious browser plug-ins are often the main source of potential data leaks, affecting more than 85% of businesses, but are often considered low-level threats by security teams. Users who do not update their software frequently will suffer losses due to advertising software, malicious advertisements, and even general websites or network bulletin boards.
· DNS blind spots -- Nearly 92% of "known" malware uses DNS as the primary means of attack. Because security teams and DNS experts are often affiliated with different IT teams within the company, in the absence of close interaction, they are often seen as a "blind spot" in security considerations.
· Faster detection time - The industry estimates that it takes about 100 to 200 days to detect cybercrime, which is unacceptable. Since the release of the Cisco 2015 Mid-Security Report, Cisco has further reduced detection time from 46 hours to 17.5 hours. Reduced detection time has been proven to significantly reduce the damage caused by cyber attacks and reduce risks and impacts for customers and infrastructure around the world.
· Trust is paramount--As companies increasingly adopt digital business strategies to integrate data, devices, sensors, and services, customers will generate new demands for corporate transparency, trust, and accountability.