Cybercriminals are being savvier with each passing day, finding new ways to evade detection and get away with malicious activity. Although it seems to take an army of security professionals to defend our networks, reality dictates that security teams need to band together to stay on top of their game.
Networking giant Cisco endorses such an approach to defend against today’s cyberattacks. In its 2015 Annual Security Report, Cisco identifies three interconnected key discoveries that pinpoint how attackers take advantage of loopholes in our systems:
Attackers have become more proficient at taking advantage of gaps in security to hide and conceal malicious activity.
- In 2014, 1 percent of high-urgency common vulnerabilities and exposure (CVE) alerts were actively exploited. Therefore, organizations must prioritize and patch that 1 percent of all vulnerabilities quickly. Even with leading security technology, excellence in process is required to address vulnerabilities.
- Flash malware can now interact with JavaScript to help conceal malicious activity, making it much harder to detect and analyze.
- Spam volume increased 250 percent from January 2014 to November 2014.
Users and IT teams have become unwitting parts of the security problem.
- Users’ careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure.
- Malware creators are using web browser add-ons as a medium for distributing malware and unwanted applications. This approach to malware distribution is proving successful for malicious actors because many users inherently trust add-ons or simply view them as benign.
The Cisco Security Capabilities Benchmark Study reveals disconnects in perceptions of security readiness.
- Fifty-nine percent of chief information security officers (CISOs) view their security processes as optimized, compared to 46 percent of security operations (SecOps) managers.
- About 75 percent of CISOs see their security tools as very or extremely effective, with about one-quarter perceiving security tools as only somewhat effective.
- Less than 50 percent of respondents use standard tools such as patching and configuration to help prevent security breaches.
Download Cisco’s 2015 Annual Security Report here.
======
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.
======
