Executive Summary The Trust Problem
The exploitation of trust is a common mode of operation for online attackers and other malicious actors. They take advantage of users’ trust in systems, applications, and the people and businesses they interact with on a regular basis. And this approach works: There is ample evidence that adversaries are coming up with new methods for embedding their malware in networks, remaining undetected for long periods, and stealing data or disrupting critical systems.
Using methods ranging from the socially engineered theft of passwords and credentials to stealthy, hide-in-plain-sight infiltrations that execute in minutes, malicious actors continue to exploit public trust to effect harmful consequences. However, the trust problem goes beyond criminals exploiting vulnerabilities or preying on users through social engineering: it undermines confidence in both public and private organizations.
Today’s networks are facing two forms of trust erosion. One is a decline in customer confidence in the integrity of products. The other is mounting evidence that malicious actors are defeating trust mechanisms, thus calling into question the effectiveness of network and application assurance, authentication, and authorization architectures.
In this report, Cisco offers data on and insights into top security concerns, such as shifts in malware, trends in vulnerabilities, and the resurgence of distributed denial-of-service (DDoS) attacks. The report also looks at campaigns that target specific organizations, groups, and industries, and the growing sophistication of those who attempt to steal sensitive information. The report concludes with recommendations for examining security models holistically and gaining visibility across the entire attack continuum—before, during, and after an attack.