Artificial intelligence and machine learning in cybersecurity prove to be hot topics amongst security professionals and they're looking to spend more on tools that can do those very tasks, according to the 11th Cisco 2018 Annual Cybersecurity Report.
According to the report, machine learning is able to help enhance network security and defences by learning how to detect unusual traffic patterns in cloud and IoT environments.
That technology is in hot demand, particularly as the volume of legitimate and malicious web traffic grows. According to Cisco statistics from October 2017, 50% of web traffic is encrypted. Over a 12-month period, Cisco researchers also spotted a threefold increase in malware samples that used encrypted network communication.
Network encryption is causing challengers for defenders who are trying to identify and monitor any potential threats – however security professionals are eager to adopt machine learning.
While machine learning comes with drawbacks such as false positives, security professionals realise that machine learning and AI technologies are still in their infancy.
The report also found that more than half of all cyber attacks result in financial damages of more than US$500,000 (AU$637,630) including lost revenue, customers, opportunities and out-of-pocket costs.
Security solutions are becoming numerous and complex as the scope of breaches expands. Defenders are now using a ‘complex' mix of products from a cross-section of vendors.
In 2017, 25% of security professionals said they used products from 11-20 vendors. They also said that 32% of breaches affected more than half of their systems.
Cyber attackers are also quick to recognise the value of security holes and they are exploiting the lack of advanced security on cloud platforms.
While 57% of security professionals say they host data in the cloud because it has better data security, attackers are also taking advantage of the fact that security teams are having difficulty defending cloud environments that are evolving and expanding.
Cisco says that a combination of best practices, advanced security technologies such as machine learning and first-line-of-defence tools could help protect cloud environments.
"Last year's evolution of malware demonstrates that our adversaries continue to learn," comments Cisco's senior VP and chief security and trust officer, John N. Stewart.
"We have to raise the bar now – top down leadership, business led, technology investments, and practice effective security – there is too much risk, and it is up to us to reduce it."
The survey polled 3,600 chief security officers (CSOs) and security operations (SecOps) managers from 26 countries.
Other findings from the report:
Supply chain attacks are increasing in velocity, complexity
- These attacks can impact computers on a massive scale and can persist for months or even years. Defenders should be aware of the potential risk of using software or hardware from organisations that do not appear to have a responsible security posture.
- Two such attacks in 2017, Nyetya and Ccleaner, infected users by attacking trusted software.
- Defenders should review third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.
- Security professionals see value in behavioural analytics tools in locating malicious actors in networks
- 92% of security professionals said behaviour analytics tools work well. Two-thirds of the healthcare sector, followed by financial services, found behaviour analytics to work extremely well to identify malicious actors.
Use of cloud is growing; attackers taking advantage of the lack of advanced security
- In this year's study, 27% of security professionals said they are using off-premises private clouds, compared with 20% in 2016
- Among them, 57% said they host networks in the cloud because of better data security; 48%, because of scalability; and 46%, because of ease of use.
Trends in malware volume have an impact on defenders' time to detection (TTD)
- The Cisco median TTD of about 4.6 hours for the period from November 2016 to October 2017 — well below the 39-hour median TTD reported in November 2015, and the 14-hour median reported in the Cisco 2017 Annual Cybersecurity Report for the period from November 2015 to October 2016.
- The use of cloud-based security technology has been a key factor in helping Cisco to drive and keep its median TTD to a low level. Faster TTD helps defenders move sooner to resolving breaches.
Additional Recommendations for Defenders:
- Confirm that they adhere to corporate policies and practices for application, system, and appliance patching.
- Access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring.
- Perform deeper and more advanced analytics.
- Back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
- Conduct security scanning of microservice, cloud service, and application administration systems.