Security needs an "all hands on deck" approach
Organisations will need to continually improve their approach to protecting against cyberthreats to keep up with increasingly proficient attackers, according to Cisco.
The vendor’s latest Annual Security Report shows that cybercriminals are expanding their tactics to cover methods that are harder for security teams to detect and analyse.
The report details an emergence of “snowshoe” spam - low volumes of spam sent from a large set of IP addresses to avoid detection - as well as attacks involving a combination of vectors, such as sharing exploits over Flash and JavaScript simultaneously.
Malware creators are meanwhile using web browser add-ons as a medium for distributing malware, which is proving a successful threat vector because many web users inherently trust browser add-ons.
But fewer than 50% of security teams are using standard tools such as patching to help prevent security breaches. Despite the high profile and significant threat posed by the Heartbleed bug, for example, 56% of all installed OpenSSL versions are over four years old.
Despite this, 75% of CISOs see their security tools as very or extremely effective and 59% of CISOs view their security processes as optimised.
Cisco said this demonstrates that there is a growing gulf between organisations’ perceptions of their security capabilities and the reality of their exposure to threats. Of those companies with sophisticated security, 91% agree that company executives consider security to be a high priority.
“Security needs an all hands on deck approach, where everybody contributes, from the boardroom to individual users,” Cisco Chief Security and Trust Officer John N Stewart commented.
“We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight. Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind.”
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.