Businesses are risking their very existence by failing to protect their systems from the threat of a new kind of "destruction" attacks, new reports have claimed.
The latest security research from Cisco warned that "Destruction of Service" attacks could soon become a very real threat to companies of all sizes, as criminals target the elimination of backups and safeguards and requiring huge amounts of resources to get back to normal.
In its 2017 midyear cybersecurity report, Cisco urged businesses that, following the likes of Wannacry and NotPetya, the next hugely damaging attack could be just around the corner, with the Internet of Things potentially becoming a major risk factor.
“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks," said Steve Martino, Cisco vice president and chief information security officer. "While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
The company also revealed that supposedly 'traditional' attacks such as spam are significantly increasing, as criminals stick to tried-and-tested methods. These attacks primarily require their victims to click on links or open files to launch malware, a trend that is expected to continue to be popular as long as it continue to pay dividends.
Spyware attacks, which can steal valuable corporate information without the victim even realising, also remain popular, with a separate Cisco investigation of 300 companies over a four-month period finding that just three prevalent spyware families were responsible for 20 percent of infections.
Elsewhere, the growth of ransomware as a service systems are also putting businesses at risk, allowing criminals to start creating and disseminating attacks with ever-lower barriers to entry.
The sheer number of different attacks targeting modern businesses means that IT security services are often overwhelmed by the complexity of the threats they face. Cisco also surveyed nearly 3,000 security professionals across 13 countries and found a worrying lack of action when it comes to new online risks. The study found that fewer than two-thirds of organisations are investigating security alerts, with this figure closer to 50 per cent in certain industries such as healthcare and transportation.
“Complexity continues to hinder many organisations’ security efforts," David Ulevitch, senior vice president and general manager of Cisco's security business group, added. "It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts. To effectively reduce Time to Detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”