Actu
Cisco Annual Security Report - Comments
January 2016 by David Kennerley, Threat Research Manager, Webroot Darren Anstee, Chief Security Technologist, Arbor Networks
In response to Cisco releasing their Annual Security Report this afternoon, security vendors Webroot and Arbor Networks have issued the following comments.
David Kennerley, Threat Research Manager, Webroot
“For too long have smaller companies adopted the attitude that they are too small or too “low value” to be targeted, and for too long has cyber-security taken a back seat. As this research shows, the outsourced approach is increasingly a viable alternative to the “go at it alone” status quo. It opens the door to a world of experienced MSPs, the best of which offer comprehensive, lightweight security solutions that are affordable, easy-to-install and provide real-time protection against modern threats. These small businesses are often targeted by advanced and persistent threats because of their partnerships with bigger fish. Without addressing these security capabilities SMBs will find it increasingly difficult to work with larger enterprises. It’s encouraging, however, that SMBs are broadly conscious of their cybersecurity failings. Our research shows that overall, 81% of SMBs plan on increasing their annual IT security budget for 2016, by an average of 22%.”
Darren Anstee, Chief Security Technologist, Arbor Networks
“This report serves as yet another confirmation that attackers are becoming ever more sophisticated and, as a result, it is becoming ever more difficult to identify and stop their activities before they reach their goal. Although detection technologies, threat intelligence sharing and IR processes are improving in many cases, many businesses are still not able to prevent a breach, something that can have huge legal and financial consequences - as well as a significant loss of customer trust, especially if disclosure is not handled well.
“Fundamentally, attackers are moving more quickly than the technologies that we deploy to counter them. Further improvements in intelligence sharing, and better resourcing of IR teams will help but we need to make sure we are focusing our resources on the attacks that have the highest risk - and this isn’t necessarily just those that pop up as ‘red’ in our SIEM. To do this our incident responders need to spend more of their time in the right parts of the IR process, and we can drive this by giving them the right tools. If we can speed up the triage and investigative aspects of IR then we can obviously respond more quickly, but we can also free resources for more proactive exploration of suspicious activities that may otherwise have gone un-investigated. By giving IR teams unfettered access to network and threat activity over time, via workflows aligned with the IR process, we can allow existing resources to do a better job at reducing our risk of compromise.”
