The Cisco Midyear Cybersecurity Report has found that while traditional threats like email and spyware continue to rise, new issues around malware-as-a-service, cloud, DDoS and the internet of things are also growing.
These present a significant opportunity for partners who can help customers with emerging threat areas, with a managed security and architecture-based approach, said Dave Gronner, senior manager of security-go-to-market, global partner organisation at Cisco.
"There hasn't been anything this big in a consultative, trusted adviser requirement in quite a while," Gronner said.
Here are 10 threat trends that solution providers should have their eye on, as highlighted in the Cisco report.
Cisco has seen a decline in the number of exploit kits, as several were taken offline and hackers start to use more malware-as-a-service offerings.
While Cisco said some of that decline is likely temporary, the rise in malware-as-a-service also could be driving this trend.
Just as more businesses are starting to use as-a-service offerings, Francisco Artes, architect, Cisco security business group, said hackers are following the same trend, looking for scalability, to minimize cost, and to meet demand.
"Cybercriminals are using the same tools that we are using to expand our businesses," Artes said.
2. Evolution of ransomware
Ransomware is one of the hottest security topics of the year, with two major ransomware campaigns so far, WannaCry and Petya.
Cisco has seen different forms of ransomware emerge, particularly leveraging and repurposing the same pieces of open-source code that was previously available for educational purposes, according to Artes.
Cisco also is seeing a rise in Ransomware-as-a-service and predicts a future trend around "destruction of a service", where instead of information being encrypted it is destroyed by the malware.
3. Email security still a challenge
When it comes to threat vectors, "email is still king," Artes said.
Business email compromise, in particular, continues to cost companies a significant amount, totaling US$5.3 billion between October 2013 and December 2016. Ransomware attacks, meanwhile, cost businesses an estimated US$1 billion in 2016.
Cisco noted a particular increase in malicious content through spam, with 65 percent of business email spam and 8 percent of that malicious content, Artes said.
Cisco continues to see the overall volume in spam increasing, and hackers have evolved to make that malicious content more effective, including password-protecting documents to get them past spam filters, he said.
4. Spyware on the rise
Cisco continues to see spyware and adware as a threat vector. Spyware is particularly concerning, according to Artes, because it can steal company information and increase malware infections.
In organisations sampled, he said Cisco found more than 60 percent of those affected by spyware got it through Hola VPN.
Other common spyware included RelevantKnowledge and DNS Unlocker.
5. New forms of malware
In addition to malware-as-a-service, Cisco said it is seeing new, emerging malware tactics.
One trend was around a rise in file-less malware, which evades endpoint security technology by staying resident in RAM and makes forensics difficult, Artes said.
Cisco also saw rising trends around fansomware-as-a-service and anonymised and decentralised infrastructure for CNC, which both obfuscates hackers and allows for greater scalability, he said.
6. IT, OT convergence causes security challenges
The convergence between information technology and operational technology around IoT is driving significant security challenges, Artes said.
Cisco has seen some case studies of malware moving from IT networks to OT networks, which often control things like critical infrastructure.
For example, he said a European automaker was hit by WannaCry targeting its IT systems, but because of connected IoT devices the malware spread and ultimately took down the company's production plant.
This is particularly a challenge as 40 percent of IoT devices on corporate networks are either unknown or unmanaged, according to Artes.
7. Shadow IT still a problem
Shadow IT continues to be a challenge for businesses, especially as there is greater business adoption of cloud services and applications and users continue to adopt their own cloud offerings, Artes said.
The challenge from a security perspective, he said, is that open authentication could provide a path from those cloud applications into the organisation's critical information, especially because it creates an excessive amount of privileged users and users frequently reuse user names and passwords.
8. DDoS attacks escalating
Cisco continues to see momentum growing behind DDoS attacks, with attacks growing to the 1-TBps range, up from the 600-MBps range with the Dyn attack last fall.
Artes credited a large part of that to the growth in IoT devices, which he said are often left unsecured and leveraged in these types of attacks.
IoT devices are easily hackable without endpoint protection and can be built quickly into a botnet, he said.
9. Privilege becoming important in the cloud
When it comes to the cloud, Cisco said there is a "security gap" when it comes to privileged user accounts.
Poor management and open authentication have created that gap, making it easier for hackers to move into the cloud and breach cloud environments.
"When it comes to enterprise security, cloud is the ignored dimension," the report said.
10. Danger in DevOps
Cisco is also seeing a growing risk around DevOps services.
The report said many of these services have been "deployed improperly or left open intentionally for convenient access by legitimate users." It said this trend causes a "significant risk to organisations".
The percentage of DevOps servers left "wide open" is also creating a "huge ransomware risk", Artes said.