45 percent of organizations are confident in their security posture, according to Cisco 2016 Annual Security Report.
92 percent agrees that regulators and investors will expect companies to manage cybersecurity risk exposure. These leaders are increasing measures to secure their organizations’ future, particularly as they digitize their operations.
Direct attacks by cybercriminals, leveraging ransomware alone, put $34 million a year per campaign into their hands.
Global businesses are up against security challenges that inhibit their ability to detect, mitigate and recover from common and professional cyber attacks. Aging infrastructure and outdated organizational structure and practices are putting them at risk.
Majority of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cybersecurity risk.
Between 2014 and 2015, the number of organizations that said their security infrastructure was up-to-date dropped by 10 percent. 92 percent of Internet devices are running known vulnerabilities. 31 percent of all devices analyzed are no longer supported or maintained by the vendor.
As more enterprises look at their supply chain and small business partnerships, they are finding that these organizations use fewer threat defense tools and processes. From 2014 to 2015 the number of SMBs that used web security dropped more than 10 percent.
Enterprises are realizing the value of outsourcing services to balance their security portfolios. This includes consulting, security auditing and incident response. SMBs, which often lack resources for an effective security posture, are improving their security approach, in part, by outsourcing, which is up to 23 percent in 2015 over 14 percent the previous year.
Online criminals have shifted to compromised servers, such as those for WordPress, to support their attacks, leveraging social media platforms. The number of WordPress domains used by criminals grew 221 percent between February and October 2015.
Malicious browser extensions have been a potential source of major data leaks, affecting more than 85 percent of organizations. Adware, malvertising, and even common websites or obituary columns have led to breaches for those who do not regularly update their software.
The industry estimate for time to detection of a cybercrime is an unacceptable 100 to 200 days. Cisco has further reduced this figure from 46 to 17.5 hours, since the 2015 Cisco Midyear Security Report was released.
“With IoT and digitization taking hold in every business, technology capability must be built, bought, and operated with each of these elements in mind. We cannot create more technical debt. Instead, we must meet the challenge head on today,” said John N. Stewart, senior vice president, chief security and trust officer, Cisco.