On October 22, a Cisco press conference was held in Moscow, during which the company's experts spoke about the key trends in the information security market. Thus, the journalists were presented the results of the Email Security Report, Threat Hunting Report and CISO Benchmark Study conducted by Cisco in 2019.
The CISO Benchmark Study summarizes the results of a comparative study of the performance of information security directors, in which more than 3,000 respondents from 18 countries participated. The results showed that information security professionals are giving increasing priority to vendor consolidation, collaboration between network and information security teams, and raising awareness of information security issues. However, cybersecurity directors increasingly rely on cloud migration as the best security measure.
It also turned out that complex environments of solutions from 10 or more vendors significantly complicate the process of providing information security. 65% of respondents noted that when using such environments, it is difficult to determine the scale of data compromise, contain it, and also cope with the consequences of an exploit. Unknown threats outside the enterprise infrastructure - users, data, devices, and applications - are also key issues. To respond to these challenges, respondents are taking the following steps: 44% have increased spending on cyber defense technologies, 39% are conducting training in the field of information security for employees, 39% are focused on implementing risk mitigation practices.
In addition, the survey participants noted the persistence of a high impact of leaks on the financial performance of companies. Interestingly, among the specialists who declared the cost of the most significant incident of the last year at the level of USD 5 million or more, 2% are Russian companies. At the same time, 44% of Russian information security directors indicated the cost of leaks not exceeding $ 100. Operations (45%), customer loyalty (35%) and brand reputation (31%) suffered most in Russian companies.
Email Security Report - How to Protect Against Phishing, Cyber Fraud and Other Threats
The Email Security Report focuses on information security (IS) threats contained in emails. Email is ideal for criminals: you can induce the recipient to take the desired action, which would entail the compromise of the corporate information security system. The severity of such attacks is also confirmed by the heads of information security departments: almost all of the interviewed specialists answered that e-mail is the most popular tool for distributing malware (92.4%) and phishing (96%).
The study notes that the most common types of email threats are phishing in Office 365, leaked business correspondence (a cybercriminal pretends to be a boss and tries to trick the recipient, for example, transfer funds), digital extortion and fraudulent advance payments.
For malicious programs sent by mail, the most common fraudulent files are .doc (41.8%), .zip (26.3%) and .js (14%). Hackers use two main methods to launch spam campaigns: botnets (Necurs, Emotet, Gamut) and bulk email tools. Clear signs of phishing emails include mismatches between the address from the "To" field and the email address; numerous grammatical errors or unclear logos; demands for immediate urgent action; requests for personal or confidential information; Unusual URLs, etc. Cisco offers a number of best practices to help users work securely with email. These include trainings in recognizing phishing attacks, regular software updates, multifactor authentication, etc.
Threat Hunting Report - hunting hidden threats
Latent (or unknown, which have never been encountered before) information security threats are one of the greatest threats to companies around the world. They are difficult to identify and even more difficult to resist. The Threat Hunting Report study contains an answer to the question of how to start an effective “hunt” for them in your company. The main thing in this process is a proactive approach to information security instead of the traditional response to attacks. Thus, the report details the algorithm of how an organization should behave in order to timely identify unknown threats and minimize the associated risks.
Key ways to hunt for threats include:
Analysis of logs. One of the easiest ways to start hunting is to check the system logs for indicators of compromise. Command line programs or simple scripts are enough to get you started. Another quick and efficient way to check logs is by using SIEM.
Testing the theory. It is necessary to compare logs with known indicators of compromise. After that, it will be possible to guess where the threat might be hiding and what tools or methods an attacker might use.
Search for a source. You identified the threat, figured out how the attackers managed to infiltrate the network, and took steps to stop a similar attack in the future. However, with the subsequent "hunt" it may turn out that the attackers have found a new way to penetrate the network. That is why, you need to find out who is attacking you, what infrastructure they are using, and then put an end to their activities. Of course, doing this yourself is quite difficult. In such cases, security threat research organizations such as Talos Intelligence or Cisco's Incident Response Services come to the rescue.
