As internet-based attacks become increasingly sophisticated at stealing data from businesses, employees and consumers, organizations must examine every element of security policies and technologies to minimize risk, according to Cisco’s Annual Security Report.
In its report, the company identified the year’s top security threats and offered recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect and exploiting technological and human vulnerabilities.
“Every year we see threats evolve as criminals discover new ways to exploit people, networks and the internet. This year’s trends underscore how important it is to look at all basic elements of security policies and technologies,” said Patrick Peterson, Cisco fellow and chief security researcher. “Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk.”
According to the report, notable trends were that:
- The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007;
- Vulnerabilities in virtualization technology nearly tripled from 35 to 103 year over year;
- Attacks are becoming increasingly blended, cross-vector and targeted;
- The volume of malware successfully propagated via e-mail attachments is declining; and
- Over the past two years (2007-2008), the number of attachment-based attacks decreased by 50 percent from the previous two years (2005-2006).
In 2009, Cisco researchers said they plan to watch the following web threat trends closely:
- Insider threats. Negligent or disgruntled employees can threaten corporate security. The global economic downturn may prompt more security incidents involving employees, making it crucial for IT, HR and other lines of business to collaborate on mitigating threats.
- Data loss. Whether through carelessness, breaches by hackers, or from insiders, data loss is a growing problem that can lead to financial consequences.
- Mobility, remote working, and new tools as risk factors. The trend toward remote working and the related use of web-based tools, mobile devices, virtualization, “cloud computing” and similar technologies to enhance productivity will continue in 2009, making the expanding network more susceptible to new threats.