Rule of law on internet cracks down on cybercrime: Cisco
The Cisco 2015 annual security report has revealed that as attackers have become more proficient in taking advantage of security gaps and concealing malicious activity, governments worldwide are getting better at enforcing the rule of law on the internet.
Speaking to ZDNet, Anthony Stitt, Cisco Australia and New Zealand security general manager, said the enforcement of the rule of law on the internet has been a missing component in the past, but as more attackers are being caught, it indicates that governments worldwide are starting to work together.
"I think, in general, the internet is becoming a more lawful place. There are more criminals being found and prosecuted, which shows the ability of governments to collect and track communications and metadata, and use that to prosecute criminals. So I think the internet is getting better from a law-enforcement perspective, not worse," he said.
Stitt, however, noted that there still remain some parts of the world that do not have a strong rule of law in place on the internet, which is indicated in the attacks that are being seen.
"Some of those countries where you don't have a strong rule of law, you find there's more organised crime. This is an indication that there's a link between organised crime and their activities, and governments of those countries. We're getting better, but we're not there yet, because some countries aren't as lawful as other countries," he said.
The report also revealed that it's up to security teams within organisations to constantly improve their approach to defend against sophisticated attacks. In fact, while 90 percent of the companies surveyed said that they were confident about their security policies, 54 percent admitted that they have faced public scrutiny following a security breach.
"Like previous reports, we're continuing to see all of the organisations, whose data we have access to, have connections to websites hosting malware, and that's been a fairly common refrain over the last few years. I don't think there's any great cause of concern there if organisations are in a position to be able detect that and clean it up quickly," he said.
To further gauge perceptions of security professionals, the Cisco security report also includes findings from the Cisco security capability and benchmark study, which surveyed chief information security officers (CISOs) and security operations (SecOps) managers for the first time.
The study showed that 75 percent of CISOs see their security tools as being very or extremely effective. However, less than 50 percent of respondents use standard tools, such as patching and configuration, to help prevent security breaches and ensure that they are running the latest versions. For example, during the Heartbleed vulnerability, 56 percent of all OpenSSL versions were more than 4.5 years old, indicating that security teams were not patching.
The study also revealed that there is a gap between perceptions of the level of readiness between CISOs and SecOps. For example, 62 percent of CISOs said they strongly agree that security processes in their organisation are clear and well understood, compared to only 48 percent of SecOps managers.
According to Stitt, the reason behind the confidence gap is due to a perception difference that exists between SecOps and CISOs when it comes to dealing with compromises.
"SecOps are the people who see those compromises happening, and very often we talk about the threat continuing before, during, and after, and after is about scope containment, remediation, and cleaning up from issues quickly, and if organisations can do that quickly, their chances of being a big new story is greatly reduced.
"And very often, the organisations itself, CISOs included, don't always have a particularly good appreciation of how often users are doing the wrong thing and how many machines are being compromised."
As to how attackers have been breaching security, the report showed that there are three popular methods. These include using snowshoe spam, where attackers are sending low volumes of spam from a large set of IP addresses to avoid detection; web exploits hiding in plain sight; and malicious combinations through Flash and JavaScript.
The method by which attackers are gaining a foothold within organisations is ever-changing, Stitt said, highlighting that malware is increasingly more complex and well written.
"We see blended attacks that mix different compromises and vectors, and that's only going to increase because the processes organisations are using are clearly having an effect, and this is forcing attackers to go to different places in order to gain foothold in networks," he said.
One area that Cisco suggested has played a partial role in helping provide attackers with greater options to access networks is the rise of the Internet of Things (IoT).
Stitt said that traditionally, organisations operated a client-server model where data is inherently stored in a centralised place, and is accessed by users located within the organisation. However, the Internet of Things is a more diverse model, where communication happens between devices and relies heavily on wireless communication, which, according to Stitt, breaks down the usual security barrier that would normally exist in a closed, controlled environment.
"This means the devices are more open to being attacked directly rather than having to go through a central getaway in order to attack them. So there are more vectors and greater attack surfaces that have opened up because of the Internet of Things," he said.
Further, Stitt said that the Internet of Things also opens up the potential opportunity for personal data to be accessed more easily. He said the onus is on developers of IoT technologies to engage in securing against obvious vulnerabilities.