Right now, we’re happy to launch our annual Defending In opposition to Important Threats report. Inside, we cowl essentially the most important vulnerabilities and incidents of 2021, with skilled evaluation, insights and predictions from our safety and risk intelligence groups throughout Cisco Talos, Duo Safety, Kenna Safety, and Cisco Umbrella.
It’s clear that 2021 – and, certainly, the beginning of 2022 – has been very difficult for safety defenders. To convey our Defending In opposition to Important Threats: Analyzing Key Incident Tendencies report back to life, I sat down with six skilled risk hunters and analysts from these groups, and requested them to inform me about their findings on one particular cybersecurity risk, or incident, from the previous 12 months. Every skilled selected to debate a subject which tells us loads in regards to the present priorities of risk actors – under you’ll discover a temporary abstract on among the key themes we coated.
We additionally performed a survey amongst 190+ safety and know-how leaders by way of PulseQA to gauge their views on the present risk panorama. We discovered that 66% of respondents felt that the complexity and quantity of cybersecurity assaults had escalated in 2021, while 36% felt that assaults had stayed in step with the earlier yr.
Within the survey, we additionally requested in regards to the high risk issues safety leaders had for 2022. Ransomware got here in as the highest concern, with 38% of respondents selecting that choice. Within the report, we focus on the evolution of ransomware and the way it has reached a vital degree for sure unhealthy actors, frightening a extra extreme and structured governmental response. You’ll examine this in Matt Olney’s (Talos’ Director of Menace Intelligence and Interdiction) part in regards to the Colonial Pipeline assault.
Matt’s part additionally discusses provide chain assaults, which as Matt says, is without doubt one of the most difficult forms of threats we face immediately. Forty-three p.c (43%) of our Pulse respondents informed us that they have been impacted in a provide chain assault in 2021. Make sure you try this part for recommendation on methods to make your group a smaller goal for attackers.
Zero-day vulnerabilities got here in because the second greatest concern for safety practitioners, in keeping with our survey. The report discusses the influence of Log4j with Talos’ Incident Response Apply Lead Liz Waddell, and the way it has continued to trigger an influence in 2022. Liz additionally gives an in depth seven-point motion plan on methods to cope with future zero-day assaults.
Moreover, we additionally take a look at essentially the most impactful disclosed vulnerabilities of 2021 with Jerry Gamblin, Kenna’s Director of Safety Analysis (now a part of Cisco). This part is especially useful for defenders who want to transfer to a extra predictive-based, prioritized vulnerability administration plan.
You’ll additionally examine the influence of Emotet in Artsiom Holub’s (Senior Safety Analyst for Cisco Umbrella) part. Emotet is a really highly effective loader that got here again from the useless in 2021 to trigger a variety of destruction, and the indicators are that it has some very nefarious plans for 2022.
Coping with legacy or unintegrated safety know-how, or ‘safety debt,’ is a subject we’re very captivated with serving to our clients to fight, and on this report, our Advisory CISO Dave Lewis discusses why it’s turning into an growing goal of alternative for cyber criminals. We requested respondents in the event that they have been coping with safety debt and to what extent; the overwhelming majority (75%) stated they have been – but it surely was manageable. Sadly, 13% stated that it’s an enormous concern for them. Dave’s part comprises loads of recommendation on methods to handle this concern in your group.
Lastly, for readers concerned with studying a couple of day within the lifetime of a Talos risk hunter, you’ll little doubt discover Ashlee Benge’s part on the rise of macOS malware very thought-provoking.
The skilled evaluation you’ll learn on this report highlights the essential function of our defenders, and the capabilities that we, as an trade, have constructed primarily based on the meticulous examine of previous attacker conduct.
The excellent news is that in keeping with our Pulse respondents, nearly all of cybersecurity professionals undertake common incident response testing. Forty-one (41%) are testing their plans twice a yr, and 29% are testing greater than 3 times a yr. Solely 4% stated they didn’t have an incident response plan in place.
If you happen to’re a safety defender trying to prioritize your focus areas and handle patterns of concern, we hope that this yr’s report will probably be useful to you. It was put collectively by a devoted group of safety leaders, whose job it’s to identify key incident developments.
Right here’s what we cowl within the new Defending In opposition to Important Threats:
- Colonial Pipeline: Shifting Past Ransomware Ideas and Prayers with Matt Olney, Director of Menace Intelligence and Interdiction, Cisco Talos
- Safety Debt: An Growing Goal of Alternative with Dave Lewis, Advisory CISO, Cisco Safe
- The Most Important Vulnerabilities (You Would possibly Not Be Considering About) with Jerry Gamblin, Director of Safety Analysis, Kenna Safety (now a part of Cisco)
- Log4j and How To Plan for Zero-Days with Liz Waddell, Apply Lead, Cisco Talos Incident Response
- What’s Emotet Doing Now? with Artsiom Holub, Senior Safety Analyst, Cisco Umbrella
- The Rise of macOS Malware with Ashlee Benge, Lead, Strategic Intelligence and Knowledge Unification, Cisco Talos
You possibly can obtain the complete report right here: Defending In opposition to Important Threats: Analyzing Key Incident Tendencies
Be aware: Nearly all of the content material on this report relies on cyber-attacks that occurred in 2021, and the report was written earlier than the occasions unfolded in Ukraine. We advise all readers to remain updated with new developments of cyber-attacks in Ukraine by following the Cisco Talos risk advisory weblog.
Along with the risk advisory, you’ll be able to examine Cisco Talos’ efforts to-date in info gathering, risk searching and the assigning of devoted Cisco engineers to Ukrainian organizations in search of to safe their operations.
We’d love to listen to what you assume. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!
Cisco Safe Social Channels