Security Report Shows a Rapidly Evolving Attack Landscape
Although 74 percent of security professionals believe their tools are effective against known threats, and 71 percent think their security solutions detect and adjust effectively to network anomalies, 44 percent of security alerts are never investigated, and 54 percent of legitimate alerts go unremediated, a new security report from Cisco finds.
The study attributes this problem to two root causes: too many tools and not enough cybersecurity talent. Cisco discovered 55 percent of organizations use five or more security vendors, but they often fail to integrate multiple tools into a cohesive defense strategy. A quarter of organizations cited a lack of talented security professionals as a significant obstacle to effective threat response. Other challenges included compatibility issues, certification requirements and budget restraints.
Old Threats, New Problems
Older attack vectors like adware and email spam have proven resurgent in recent months: 75 percent of organizations are affected by adware infections resulting from “malvertising,” or malicious advertising, largely facilitated by crafty browser redirection.
The ShadowGate malvertising campaign, as explained by SC Magazine, planted malicious ads using a technique called domain shadowing, which creates malicious subdomains on a range of legitimate domains. Visitors were then redirected, without clicking the ad, through intermediate servers before landing on pages containing the Neutrino Exploit Kit. If the user’s machine had installed Flash, Neutrino dropped a payload including ransomware into the user’s machine. Because the landing page was designed to render above and to the left of any monitor space, users weren’t aware they’d even opened it.
Challenges With Application Security
Shadow IT continues to be a problem for many organizations because it exposes their environments to risky, unauthorized applications. Cisco estimates that 27 percent of third-party applications pose serious risks based on the wide permissions they have to view and even alter and delete organizational data. Many applications gain permissions and then, via OAuth, can access corporate software-as-a-service applications thanks to programmatic APIs.
Cisco also warns of vulnerabilities in middleware, which performs functions that connect two platforms or applications. These vulnerabilities often appear in code that handles PDFs, images and functions related to file compression. Middleware libraries aren’t updated as often as those of client-facing applications, and middleware is often overlooked in software audits. Of the 14 third-party software vulnerabilities Cisco uncovered on average every month, a plurality originated with middleware.
The Security Report: Data Breaches Are Costly
According to the study, 49 percent of security professionals work for organizations that have faced public scrutiny because of data breaches, and 38 percent experienced substantial loss of revenue. To prevent breaches, over half outsource security advice and consulting, and 45 percent outsource incident response, partly due to a shortage of security professionals.
“Respondents to the benchmark study believe they have the tools that will thwart attackers,” the security report concludes. “But they also acknowledge that constraints such as a lack of manpower and poor product compatibility can render good tools much less effective than they’d hoped.”
Other security concerns include a steady increase in malware targeting the Android platform, the most commonly used mobile operating system for smartphones and tablets. Links within Facebook posts, which lead to fake offers, survey scams and malicious media, also cause significant problems for organizations.