Cisco, a Peak 10 technology partner, recently published its mid-year report on the state of Internet security. The company’s findings are, as always, comprehensive, thorough and sobering. It’s hard to not come away with the feeling that highly organized, sophisticated and smart criminal entities are at work around the clock to do harm, and this will only intensify with time.
A major contributing factor to the persistent rise and creativity of attacks is that opportunity for illicit gain is increasing. The Internet of Things is entering rampant-growth mode, increasing the attack surface with each new connection, each inter-relationship, and each new “thing” that links to other things that link to people. It’s like its own infinitely expanding universe.
In compiling the report, Cisco researchers found malicious traffic on 100 percent of the networks they sampled. Based on their observations, this group of networks had likely been penetrated for an extended period and the core infiltration had not yet been detected.
However, the mid-year report makes an important distinction: very few threats are truly serious and deserving of best efforts to neutralize. Cisco issued thousands of known multi-vendor vulnerability alerts during the 2014 first half; only one percent were deemed extremely critical. Of the 2,528 new vulnerabilities, only 28 were actively exploited by cyber crooks soon after published reports appeared.
“Organizations should prioritize their investments of time and money into patching the small number of vulnerabilities that criminals are most actively exploiting. Other vulnerabilities can be managed by more routine processes,” the report recommends.
The challenge is to figure which are routine and which are potentially crippling because, at some level, they all much be dealt with. In his Cisco Blog about the mid-year report, Jeff Shipley writes, “Adversaries tend to cluster their efforts around vulnerabilities that they can easily exploit—hence the heightened activity for some reported vulnerabilities versus others. It is these vulnerabilities that merit a stepped-up approach to patching—while, of course, not neglecting all other vulnerabilities.”
Strong security intelligence to identify high-urgency vulnerabilities is necessary to maintain what Cisco calls a high-urgency patching process that runs in tandem with standard patching processes. By addressing targeted priority vulnerabilities quickly, other, less-urgent vulnerabilities can be integrated into the regularly scheduled maintenance and patching process. “The result is more accurate risk management: better than trying to install all patches or not installing them until regularly scheduled maintenance periods.”
Many of the more routine activities around intrusion detection, prevention, patching and unified threat management are perfect candidates for outsourcing, leaving companies with more internal resources and time to focus on addressing critical threats. “A huge advantage of managed security outsourcing is that a provider has many customers, giving it a broader, real-time and multi-faceted view of the threat landscape,” said David Kidd, Peak 10 director of quality and compliance. “The accumulated daily surveillance, detection and prevention experience can be immediately applied for each customer’s benefit.”
The report goes on to say that effective security requires that it be “organizationalized,” and that it be viewed holistically across the “security chain,” which extends well beyond a company’s own systems and operations. “Strengthening weak links across the security chain rests largely upon the ability of individual organizations and industry to create awareness about cyber risk at the board level and make cybersecurity an imperative for the business. Aligning business strategy, security operations and the controls that enable cyber resilience is also critical, as is the aptitude to create greater network visibility across a “noisy” network by employing emerging, intelligent solutions such as predictive analytics.”
Cisco 2014 Midyear Security Report
Cisco Blog: Cisco 2014 Midyear Security Report: Focusing on Common Vulnerabilities is Smart Security Strategy