The Cisco 2014 Annual Security Report is a cracking (if sometimes terrifying) read.
For my money, the key findings in this report should be understood by everybody who ever goes online – not just those charged with network security in their job role. The bad guys are getting smarter in the way they operate, our lives are more and more online every year, and the balance between trust and privacy online is at best precarious, and at worst a massive hole through which the bad guys operate.
Some highlights for me were:
We’re much too trusting online, and our hunger for real-time information makes us vulnerable. Spammers prey on people’s desire for more information in the wake of a major event. We are much more likely to click on a link if it’s about a breaking news item, especially if we are on a mobile device. There should be an assumption by all users, that nothing in the cyber world can or should be trusted.
We’re super mobile, and the increasing number and diversity of devices connecting to corporate networks is a massive security challenge. Many users download mobile apps regularly without any thought of security. BYOD policies are struggling to keep up. Mobile devices introduce security risk when they are used to access company resources.
The old tools aren’t working. Traditional security is not enough to defend against the latest generation of malware. Many organisations still rely on point in time firewall and AV solutions. Point-in-time solutions can’t respond to the myriad technologies and strategies in use by malicious actors.
The malicious actors are getting very clever and focused. Criminals go to great lengths to make sure breaches go undetected. The end goal of many cybercrime campaigns is to reach the data center and exfiltrate valuable data. However, their routes and techniques change constantly.
The report doesn’t make happy reading. However, it does conclude with some answers about how we address the challenge. Every organisation needs to think about how it will prevent attacks, how it will detect attacks, and how it will recover from attacks. We’ll be publishing more on this later.
The Cisco 2014 Annual Security Report is important reading for everybody, and essential reading for anybody with responsibility for security.
We’ve published a copy via our website, and you can download it here.
Grab yourself a cup of tea and have a look. I promise you won’t be disappointed.
