sb-eu logo
Story image

Cisco report finds AI & machine learning still hot topics in cybersecurity

26 Feb 2018

Artificial intelligence and machine learning in cybersecurity prove to be hot topics amongst security professionals and they’re looking to spend more on tools that can do those very tasks, according to the 11th Cisco 2018 Annual Cybersecurity Report.

According to the report, machine learning is able to help enhance network security and defences by learning how to detect unusual traffic patterns in cloud and IoT environments.

That technology is in hot demand, particularly as the volume of legitimate and malicious web traffic grows. According to Cisco statistics from October 2017, 50% of web traffic is encrypted. Over a 12-month period, Cisco researchers also spotted a threefold increase in malware samples that used encrypted network communication.

Network encryption is causing challengers for defenders who are trying to identify and monitor any potential threats – however security professionals are eager to adopt machine learning.

While machine learning comes with drawbacks such as false positives, security professionals realise that machine learning and AI technologies are still in their infancy.

The report also found that more than half of all cyber attacks result in financial damages of more than US$500,000 (AU$637,630) including lost revenue, customers, opportunities and out-of-pocket costs.

Security solutions are becoming numerous and complex as the scope of breaches expands. Defenders are now using a ‘complex’ mix of products from a cross-section of vendors.

In 2017, 25% of security professionals said they used products from 11-20 vendors. They also said that 32% of breaches affected more than half of their systems.

Cyber attackers are also quick to recognise the value of security holes and they are exploiting the lack of advanced security on cloud platforms.

While 57% of security professionals say they host data in the cloud because it has better data security, attackers are also taking advantage of the fact that security teams are having difficulty defending cloud environments that are evolving and expanding.

Cisco says that a combination of best practices, advanced security technologies such as machine learning and first-line-of-defence tools could help protect cloud environments.

"Last year's evolution of malware demonstrates that our adversaries continue to learn," comments Cisco’s senior VP and chief security and trust officer, John N. Stewart.

"We have to raise the bar now – top down leadership, business led, technology investments, and practice effective security – there is too much risk, and it is up to us to reduce it."

The survey polled 3,600 chief security officers (CSOs) and security operations (SecOps) managers from 26 countries.

Other findings from the report:

Supply chain attacks are increasing in velocity, complexity

  • These attacks can impact computers on a massive scale and can persist for months or even years. Defenders should be aware of the potential risk of using software or hardware from organisations that do not appear to have a responsible security posture.
  • Two such attacks in 2017, Nyetya and Ccleaner, infected users by attacking trusted software.
  • Defenders should review third-party efficacy testing of security technologies to help reduce the risk of supply chain attacks.
  • Security professionals see value in behavioural analytics tools in locating malicious actors in networks
  • 92% of security professionals said behaviour analytics tools work well. Two-thirds of the healthcare sector, followed by financial services, found behaviour analytics to work extremely well to identify malicious actors.

Use of cloud is growing; attackers taking advantage of the lack of advanced security

  • In this year's study, 27% of security professionals said they are using off-premises private clouds, compared with 20% in 2016
  • Among them, 57% said they host networks in the cloud because of better data security; 48%, because of scalability; and 46%, because of ease of use.

Trends in malware volume have an impact on defenders' time to detection (TTD)

  • The Cisco median TTD of about 4.6 hours for the period from November 2016 to October 2017 — well below the 39-hour median TTD reported in November 2015, and the 14-hour median reported in the Cisco 2017 Annual Cybersecurity Report for the period from November 2015 to October 2016.
  • The use of cloud-based security technology has been a key factor in helping Cisco to drive and keep its median TTD to a low level. Faster TTD helps defenders move sooner to resolving breaches.

Additional Recommendations for Defenders:

  • Confirm that they adhere to corporate policies and practices for application, system, and appliance patching.
  • Access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring.
  • Perform deeper and more advanced analytics.
  • Back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons.
  • Conduct security scanning of microservice, cloud service, and application administration systems.
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
California's CCPA now enforced worldwide
“The expansive reach of the CCPA and scope of data it covers can make compliance feel daunting to many,” comments ISACA Privacy Group member David Bowden.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Lazarus Group linked to phishing attacks on cryptocurrency sector
In this case, the attacks were launched through a phishing document sent via LinkedIn to employees at the targeted organisation. This phishing document was styled to look like a job advertisement for a role in a blockchain company.More