Cisco Midyear Security Report Surveys Network Security Landscape
July 2010 by Cisco
Businesses must change their mindset on security to help ensure that their networks and vital corporate information are protected from evolving security threats, according to the Cisco 2010 Midyear Security Report released today. Tectonic shifts – the increasing use of social networking, the proliferation of network-connected mobile devices, and virtualization – continue to alter the security landscape. As a result, enterprise professionals must act immediately to put effective security practices into place in order to protect their companies’ reputation and maintain a competitive edge. The report outlines five recommendations for improving corporate security.
Cisco 2010 Midyear Security Report: Key Findings
Tectonic Pressures Mounting – Major forces are changing the enterprise security landscape. Social networking, virtualization, cloud computing and a heavy reliance on mobile devices continue to have a dramatic impact on the ability of information technology departments to maintain effective network security. To help manage these converging trends, enterprises should:
o Enforce granular per-user policies for access to applications and data on virtualized systems.
o Set strict limits for access to business data.
o Create a formal corporate policy for mobility.
o Invest in tools to manage and monitor cloud activities.
o Provide employees with guidance on the use of social media in the workplace.
Virtual Farms Being Tended – Cisco Security Intelligence Operations research found that 7 percent of global sample of users accessing Facebook spend an average of 68 minutes per day playing the popular interactive game “FarmVille.” “Mafia Wars” was the second most popular game, with 5 percent of users each racking up 52 minutes of play daily, while “Café World,” played by 4 percent of users, accounted for 36 minutes of wasted time per day.
o Although loss of productivity is not a security threat, cybercriminals are believed to be developing ways to deliver malware via these games.
Company Policies Ignored – Fifty percent of end users admitted that they ignore company policies prohibiting the use of social media tools at least once a week, and 27 percent said they change the settings on corporate devices to access prohibited applications.
Innovation Gap Being Bridged – Cybercriminals are using technological innovation to their advantage. They exploit the gap between how quickly they can innovate to profit from vulnerabilities and the speed at which enterprises deploy advanced technologies to protect their networks.
o While legitimate businesses spend time weighing the decision to embrace social networking and peer-to-peer technologies, cybercriminals are among the early adopters, using them to not only commit crimes but also to enhance their communications and to speed transactions with each other.
Spam Continuing Meteoric Rise – Despite recent disruptions to criminal spam operations, in 2010 the worldwide volume of spam is expected to grow by as much as 30 percent over 2009 levels, according to new research compiled by Cisco Security Intelligence Operations.
o The United States is once again the country where the largest amount of spam originates, pushing Brazil to third place. India currently ranks second, and Russia and South Korea round out the top five.
o Brazil experienced a 4.3 percent decrease in the amount of spam originating in-country, most likely because more ISPs in that country are limiting Port 25 access.
Multivector Spam Attacks Rising – Cybercriminals remain intent on targeting legitimate websites but are launching strategically timed, multivector spam attacks with a focus on establishing keyloggers, back doors and bots.
Terrorists Going Social – Social networks remain a playground for cybercriminals, with an increasing number of attacks. New threats are now emerging from a more dangerous criminal element: terrorists. Indeed, the US Government is concerned enough that they have awarded grants to examine how social networks and other technologies can be used to organize, coordinate, and incite potential attacks.