New Cisco research recommends role-based security training rather than a ‘one-size-fits-all’ approach in response to a range of growing threats including ‘destruction of service’ (DeOS) attacks.
The Cisco 2017 Midyear Cybersecurity Report (MCR) uncovers a rapid evolution of threats and increasing magnitude of attacks, posing ever-greater threats to organisations of all sizes. And this variation in threats, coupled with the view that security is now the responsibility of all employees, means there is a need for different levels and degrees of training.
In a view that echoes the recent thoughts of the Institute of Information Security Professionals (IISP), the report recommends that organisations should examine their employee security training and consider the merits of opting for role-based training solutions rather than a one-size-fits-all approach.
The IISP voiced concerns over whether cyber-security training that provides only high-level or regurgitated content would be adequate in that it fails to reflect the evolving threat landscape, new technologies and significant changes in cyber-skill profiles and challenges, and Cisco obviously has similar worries.
And there are very real reasons to be concerned with the advent of what Cisco has termed ‘destruction of service’ (DeOS) attacks which could eliminate the backups and safety nets that businesses need in order to restore systems and data following an attack.
Other key threats identified in the report include increasing volumes of Spam, the continued use of spyware and adware (with the research finding that three prevalent spyware families had infected 20% of the survey sample) and evolutions in ransomware, such as the growth of Ransomware-as-a-Service, which reportedly brought in more than £750 million for criminals in 2016.
So, aside from the training issues, what else should your organisation be doing to combat these threats? Helpfully, the report includes the following suggestions:
- Keep infrastructure and applications up-to-date, so that attackers can’t exploit publicly known weaknesses
- Battle complexity through an integrated defence – limit siloed investments
- Engage executive leadership early to ensure they completely understand the risks, rewards and budgetary constraints
- Establish clear metrics – use them to validate and improve security practices
- Balance defences with an active response – don’t ‘set and forget’ security controls or processes
Steve Martino, Vice President and Chief Information Security Officer at Cisco, summed-up the overall approach saying: “Security effectiveness starts with closing the obvious gaps and making security a business priority.”
As the leading and most flexible Cisco Learning Solutions Partner, we have the capability to offer the full range of Cisco Certified training solutions at locations throughout the UK. Visit our website for more information.