The Cisco 2018 Annual Cybersecurity Report is out. This year’s edition says that malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through their own encryption. Noting that 50 percent of global web traffic was encrypted as of October 2017, it says that “encryption is meant to enhance security. But it also provides malicious actors with a powerful tool to conceal command-and-control activity. Those actors then have more time to inflict damage.” And the report says that security professionals will increasingly use AI and machine learning tools to defend their networks and data from threats. The report, based on interviews with 3,600 CISOs, also calculates that more than half of all cyber attacks in 2017 resulted in financial damages of more than US$500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs. Get the report here.
Interesting article in the Wall Street Journal about how companies should be looking at more closely integrating (and even merging) their cyber security and physical security functions. It notes that things like internet-connected doors, lighting and emergency management equipment need to be seen as digital assets and protected from cyber threats just as the organization's computer networks are. One firm quoted in the article reported last year "that an unnamed casino in North America suffered a cyberattack through a digitally controlled fish tank." Read the article (requires subscription). Meanwhile, on the home front, Forbes has an article about a widely used baby monitor (approximately 50,000 users) that is open to attacks that require little skill on the part of the hacker, and yet allow them to spy on almost anything happening on the device, including the video footage.