Cisco’s 2018 Annual Cybersecurity Report revealed that security leaders rely on and invest in automation, machine learning and artificial intelligence to defend against threats.
Findings from the report show 39 percent of organisations are reliant on automation, 34 percent are reliant on machine learning, and 32 percent are highly reliant on AI.
Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity.
To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, reported in the 11th Cisco® 2018 Annual Cyber-security Report (ACR).
While encryption is meant to enhance security, the expanded volume of encrypted web traffic, both legitimate and malicious, has created more challenges for defenders trying to identify and monitor potential threats.
Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.
Senior Vice President and Chief Security and Trust Officer, Cisco, John Stewart, states “Last year’s evolution of malware demonstrates that our adversaries continue to learn, so we have to raise the bar now, there is too much risk, and it is up to us to reduce it.’’
Some additional highlights from Cisco 2018 Annual Cyber-security Report include: The financial cost of attacks is no longer a hypothetical number; Supply chain attacks are increasing in velocity and complexity; although security is extremely vital, it’s getting more complex and the scope of breaches is expanding.
Also, from the report, it was revealed that security professionals see value in behavioral analytics tools in locating malicious actors in networks; Use of cloud is growing; attackers taking advantage of the lack of advanced security; Trends in malware volume have an impact on defenders’ time to detection (TTD), etc.
The report had in it some recommendations for defenders, which include; to confirm that they adhere to corporate policies and practices for application, system, and appliance patching; access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring; to back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransom ware worms and destructive cyber weapons. Etc.