The Cisco 2015 Midyear Security Report is a comprehensive breakdown of risk, ransomware, malware and the underlying need to reduce time to detection (TTD). Released yesterday, the report examines attacker methods and patterns.
Above all else, the most prevalent issue is attackers’ ability to source vulnerabilities and evolve to exploit them.
At the time of the report’s release, Flash has seen a 66 per cent jump in vulnerabilities, according to the Common Vulnerabilities and Exposure (CVE) system. This is due to exploit kits like Angler that use program vulnerabilities to stage their attacks.
With malware and ransomware constantly evolving, preventative measures are no longer enough, says Cisco’s principal security business engineer, Jason Brvenik.
“Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware,” said Brvenik. “A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days.”
Legal boundaries between jurisdictions mean that cohesive cyber governance across the globe is near impossible. In order to sustain business innovation, Cisco says, a collaborative and multi-stakeholder cyber governance framework must be established.