Malware sophistication is increasing and hackers are better evading detection with encryption, leading CISOs to rely more heavily on automation, according to Cisco.
With malware growing increasingly sophisticated, CISOs are turning to artificial intelligence (AI) to combat cyberthreats and protect their companies’ assets, according to a Wednesday security report from Cisco.
Some 39% of CISOs said their organizations are reliant on automation for cybersecurity, the report found. Another 34% said they are reliant on machine learning, and 32% said they are highly reliant on AI.
Encryption, while meant to improve security, is also causing challenges and confusion for cyber defenders, the report found. As of October 2017, 50% of global web traffic—both legitimate and malicious—was encrypted. This makes it more difficult to identify and monitor potential threats, because encryption offers malicious actors a tool to conceal command-and-control activity, giving them more time to operate and wreak havoc.
SEE: Intrusion detection policy (Tech Pro Research)
Over a 12-month period, Cisco researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples, the report noted.
Machine learning security tools over time can learn to automatically detect unusual patterns in encrypted web traffic, cloud, and IoT environments, the report stated. However, while many CISOs report using these tools for security purposes, they also said they were frustrated by the high number of false positives these systems generate. It’s likely that these tools will improve over time, the report noted, as the technologies mature and learn what normal network activity looks like.
Attacks remain extremely costly to businesses: More than half of all attacks reported by respondents resulted in financial damages of more than $500,000, including lost revenue, customers, opportunities, and out-of-pocket costs. Security professionals surveyed said that in 2017, 32% of breaches affected more than half of their systems—up from 15% in 2016.
“Last year’s evolution of malware demonstrates that our adversaries continue to learn,” John N. Stewart, Cisco’s senior vice president and chief security and trust officer, said in a press release. “We have to raise the bar now – top down leadership, business led, technology investments, and practice effective security – there is too much risk, and it is up to us to reduce it.”
Cisco recommends the following for enterprises to ensure they remain cybersecure:
- Confirm that you adhere to corporate policies and practices for application, system, and appliance patching
- Access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring
- Perform deeper and more advanced analytics
- Back up data often and test restoration procedures
- Conduct security scanning of microservice, cloud service, and application administration systems
This article originally appeared on TechRepublic.