Encryption Use Growing for Both Data Traffic and Malware, Cisco Finds

Not only has the volume of encryption used on the internet grown in the past year, but so has its use by malware authors, according to Cisco’s 2018 Annual Cybersecurity Report. The 68-page report, released on Feb. 21, provides insight from a benchmark survey of 3,600 chief information security officers (CISOs) as well as Cisco’s own data collection efforts. According to Cisco, half of all global web traffic was encrypted at the end of 2017, a big jump from the previous year. Malware authors aren’t getting left behind when it comes to encryption either, with 70 percent of the malicious binary files analyzed by Cisco using some form of encryption. Organizations are now also using an increasing number of cyber-security vendors, which is causing orchestration challenges, according to the Cisco survey respondents. In this slide show, eWEEK takes a look at some of the key insights from the Cisco 2018 Annual Cybersecurity Report.

The use of HTTPS for encrypted global web traffic grew to 50 percent in October 2017, up from 38 percent in November 2016.

Malware binaries are also increasingly making use of encryption in an attempt to evade detection by defenders.

Malicious files can have any extension, although according to Cisco Security Research, Office files top the list at 38 percent.

A phishing website can make use of any top-level domain (TLD), though according to Cisco Security Research, dot-com remains the top choice at 43 percent of all phishing sites.

The majority (53 percent) of cyber-attacks in 2017 resulted in damages to the victim organization of $500,000 or more.

Regarding obstacles to security, budget constraints once again came out on top in the Cisco survey. Thirty-four percent of participants say that is the greatest obstacle to security.

A big concern is that organizations do not investigate nearly half (44 percent) of the cyber-security alerts they receive, the study found.

Cisco’s report noted that organizations are using more cyber-security products from more vendors than ever before. Twenty-five percent of the respondents reported that in 2017 they used cyber-security technologies from 11 to 20 vendors, up from 18 percent in 2016. Cisco noted that as the number of security vendors increase, so does the challenge of orchestrating security alerts.