Attackers currently enjoy unconstrained time to operate.
Their campaigns, which often take advantage of known vulnerabilities that organisations and end users could have—and should have—known about and addressed, can remain active and undetected for days, months, or even longer.
Defenders, meanwhile, struggle to gain visibility into threat activity and to reduce the time to detection (TTD) of both known and new threats. They are making clear strides but still have a long way to go to truly undermine adversaries’ ability to lay the foundation for attacks—and strike with high and profitable impact
In this report, Cisco examines the many ways organisations can and should take action to start improving their defences.
Recommendations from Cisco researchers include:
- Instituting and testing an incident response plan that will enable a swift return to normal business operations following a ransomware attack
- Not blindly trusting HTTPS connections and SSL certificates
- Moving quickly to patch published vulnerabilities in software and systems, including firewalls, servers, routers and switches that are the components of critical Internet infrastructure
- Educating users about the threat of malicious browser infections
- Understanding what actionable threat intelligence really is
This Cybersecurity Report—which presents research, insights, and perspectives from Cisco Security Research—updates security professionals on the trends and developments that may affect the security landscape in the coming year.