Whoa Nellie. Just when you thought that spam was on its way out, Cisco’s 2017 Annual Cybersecurity Report shows the opposite. Spam is making a surprising comeback as a threat to your network, and has become an important carrier of attacks like spear phishing, ransomware and bots.
This is Cisco's 10th annual report, they use their own routers to measure the spam volume and it shows that now 65% of all corporate email is spam. The new numbers show a tsunami in 2016. In 2010, Cisco recorded around 5K spam messages being sent per second. Over the next 5 years that number was roughly 1.5K, spiking to about 2K for a short while in 2014, but in 2016 it moves up to more than 3K per second.
Phishing as an attack vector is skyrocketing (graph here) and Cisco's Franc Antes, an architect for Cisco’s security business group says. “I should start to double-check my security technologies that are supposed to be intercepting and monitoring for that particular attack vector”.
Antes continues: "The problem is that 8% of that spam is malicious, but with the total volume roughly tripling over the course of 2016, that 8% represents a significant increase in total attempts. That’s something that might fly under the radar of CISOs unless they look for it or CIOs point it out".
When end users fall for these attempts and click on a malicious link or attachment, “It almost always works on the workstation because the end user is executing the binary,” Antes says. Clicking on attachments or links can turn those endpoints into bots nearly instantaneously, he says, or could lead to ransomware infections.
Proactive antivirus detection rates have dramatically declined in 12 months.
Combine the above with the fact that that antivirus is not cutting it anymore, you have powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.
What security pros say
Cisco also surveyed more than 3,000 security pros in organizations ranging from small businesses to large enterprise.
The results raise some eyebrows, as 44% of all security alerts are not being investigated, and 54% of legitimate alerts don’t get remediated. It boils down to security technology catching the incidents but response teams are bombarded with a deluge of alerts they need to sift through.
Respondents blamed insufficient budgets and lack of trained personnel as part of the problem. They also pointed to interoperability problems among security platforms and compliance requirements that dictate where spending is directed. We all know that often compliance is the enemy of actual IT security.
People who answered the survey related to their own --or other people's-- data breaches, said their effect on operations included downtime, damage to the reputation of the company brand and loss of customers.
However, the silver lining was that 38% said that breaches helped promote improved security. Main points mentioned were separating the security team from the IT team and, and increasing end-user security awareness training.
Don’t Miss The February Live Demo... What Is The New Mystery Feature?
Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security. We have added a brand new, patent-pending feature that you want to see.
Join us on Wednesday, February 8, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's game-changing Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
- NEW For the first time, see our new Social Engineering Indicators (SEI) feature.
- NEW Access to the world's largest library of awareness training content through our innovative Module Store.
- Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
- Active Directory Integration allows you to easily upload and synch user management, set-it-and-forget-it.
- Reporting to watch your Phish-prone percentage drop, with great ROI.
Register Now: https://attendee.gotowebinar.com/register/7440314201597421826
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4., Inc