Increasingly sophisticated malware and the high cost of cyberattacks -- with damages exceeding $500,000 in half...
of cases -- is driving widespread enterprise investment in AI in cybersecurity. These findings, among many others, were published in Cisco's 2018 Annual Cybersecurity Report, released last week.
According to the report, with up to 50% of traffic encrypted, and that volume expanding, defenders face greater challenges sifting legitimate data from malicious traffic. At the same time, hackers are increasingly embracing encryption as a tool to cloak their own malicious activities; Cisco said it found a threefold increase in the amount of encrypted traffic infected with malware samples.
To combat those attacks, Cisco said organizations should deploy cybersecurity automation initiatives, anchored by machine learning and AI in cybersecurity, to help IT teams spot anomalous patterns in encrypted traffic.
Supply chain attacks grow
Throughout 2017, supply chain attacks continued to grow, both in frequency and complexity, Cisco said. Supply chain attacks can affect organizations for months or even years at a time and risk is substantially increased when using technology from vendors without a good security posture, the report found. Cisco said organizations should monitor their supply chain vulnerabilities by conducting third-party efficacy testing to reduce risks.
Cisco issued a general recommendation to combat all types of threats through the use of behavior analytics tools, which 92% of respondents said work well for identifying threat actors. Cisco found high rates of use and adoption of behavior analytics tools in healthcare and finance.
The report said cloud-related security threats are also growing, particularly as more companies migrate to off-premises private clouds.
Although the cloud typically offers greater security, hackers are increasingly exploiting the blind spots that pop up with cloud migrations. For instance, hackers -- and particularly state-sponsored groups -- use legitimate services for command and control, generating activity that is difficult to sort from valid traffic. In addition, often legitimate services are hard to inspect because decrypting Secure Sockets Layer is not always possible. Cloud security platforms, integrated with machine learning, offer potential safeguards, according to the report.
Time to detection (TTD) for attacks, meantime, has fallen by 88% in the past two years, according to the study -- from a median of 39 hours in 2015 to 4.6 hours last year. While the increased amount of malware poses continued challenges for further reducing TTD, cloud-based security systems have played a key role in driving down median TTD.
What organizations should do
Cisco offered a slate of recommendations for enhancing AI in cybersecurity as part of a strategy to reduce threats more broadly. Among other steps enterprises should take, Cisco said organizations should adhere strictly to corporate policies and employ good practices for appliance patching.
In addition, teams should rely on advanced analytics and routinely access threat intelligence data. Data from threat assessments should be integrated with security monitoring and made actionable. Security measures can also include security scans of cloud service, application administration and microservices. Cisco also recommended regular data backups and testing data restoration processes, to prepare for the possibility of large-scale ransomware attacks.
"Last year's evolution of malware demonstrates that our adversaries continue to learn," John Stewart, Cisco's senior vice president and chief security and trust officer, said in a statement. "We have to raise the bar now -- top down leadership, business led, technology investments, and practice effective security -- there is too much risk, and it is up to us to reduce it," he added.
Cisco's 2018 Annual Cybersecurity Report analyzed responses from 3,600 chief information security officers from 26 countries.