Cisco's 2014 Annual Security Report, released last week, looks back at the threat landscape in 2013; it is a grim reminder that as mobile, cloud, storage, server, communication and other technologies continue to advance and evolve, so does the cyber threat landscape. There is even some indication that those who are working to exploit weaknesses and attack businesses may be better funded, better trained, and have access to more sophisticated technologies than the average IT organization and security professional.
The 81-page security report identifies "trust in the system" as being one of the most important problems. Like a con man playing on a person's desire to trust others, cybercriminals are counting on people to implicitly trust the systems they use.
As cyber-attacks and intrusions become more sophisticated, a person's belief that the mobile device, application, social media site, network, or computer they use is secure will allow cybercriminals to more easily disrupt businesses, commit fraud, steal identities, or perpetrate any number of other criminal acts. This scenario is not new, but what is making the situation more urgent is what Cisco refers to as the larger "threat landscape" which simply means cybercriminals have a greater number of targets to work with.
Not many years ago, using a mobile phone for work meant making a phone call. Now it can mean accessing a business' confidential information over the internet from anywhere in the world. Until recently, many organizations had tight restrictions on accessing social media sites and now many openly endorse having their employees use those sites in order to stay in contact with customers and peers. Cloud computing was limited to a few specialized applications and now businesses are moving large portions of their data to the cloud. All of these new areas create potential security gaps that cybercriminals are working to exploit.
Cisco's report indicates that the threat landscape is more sophisticated than it was ten years ago. Today's cybercriminals are likely better funded, have more sophisticated tools at their disposal, and the threats they pose go beyond simply creating a virus or spam. With all of the access from mobile, network, social media, browsers, and other access points that organizations have into sensitive data, the threats have become much more complicated. Additionally, the availability of so many different management solutions to secure specific technologies is part of the problem.
"Organizational vulnerabilities are increasing because enterprises are working through disaggregated point solutions and multiple management platforms. The result: a set of disparate technologies across control points that were never designed to work together. This increases the potential for the compromise of customer information, intellectual property, and other sensitive information, and puts a company’s reputation at risk," Cisco's report states.
According to Cisco's estimates, the IT industry will be short about a million security professionals worldwide in 2014. While Cisco has many recommendations, to implement many of them would require organizations to ensure they have security professionals who have up to date training. With the shortage of available security professionals, some organizations will find it difficult to cope with security issues in the future.
Cisco's report points out that while cyber-threats have been around for decades, the sophistication and complexity is evolving to the point that organizations which have kept pace with new technologies have also opened the door to threats they have no way to address.
Cisco's main recommendations for 2014 are for organizations to:
- verify the trustworthiness of systems and the supply chain,
- align security operations with business objectives,
- hire security professionals who have the skills to help the organization manage the risk assessment and threats.
To read Cisco's full 2014 Annual Security Report download the PDF.
[ Get IT news updates right in your inbox -- Sign up for Tom's IT Pro's Weekly Newsletter ]
ABOUT THE AUTHOR
Bill Oliver has worked in IT as a techie, trainer, manager, and in business roles supporting IT for 20+ years. For the past 12 years his focus has been on the business side of IT Contracts, Software Licensing, and all things related to IT Purchasing.