Not logged in » Login
Feb 02 2015

Cisco Publishes Annual Security Report 2015

Spammers who build and exploit botnets, malware distribution via browser add-ons, and the Heartbleed bug posed the biggest threats to global cybersecurity in 2014 – that's the main takeaway from the latest edition of Cisco's yearly 'bug report' the networking giant put forth at the end of January. At the same time, ongoing reports about government surveillance overreach by the United States and their allies have spurred increasing demands for data sovereignty and data localization that could "restrict the flow of data across borders" and render existing global security strategies unusable.

As per usual, the company's experts rely on a vast trove of telemetry data gleaned from Cisco hardware (routers and switches) deployed all over the world. In addition, the firm conducted a survey among Chief Information Security Officers (CISOs) and Security Operations Managers (SecOps) from nine different countries who work for organizations of different sizes; the results of this study are exclusively available with Cisco's Annual Security Report 2015, which can be ordered here.

Altogether, the analysis of those data led to the following key discoveries:

  • Criminals have further expanded their tactics and technical capabilities, resulting in more sophisticated attack concepts and particularly audacious (and successful) raids. That's not really a surprise; however, several of the advancements open up new attack vectors that deserve extra scrutiny in future. For example, more and more cyber crooks tend to work with software kits that exploit the respective weaknesses of Flash and JavaScript and use different files and file formats to launch attacks, thus making them harder to detect. Unlike in previous years, the researchers were unable to identify a dominant exploit kit – a fact that indicates offenders have become more flexible and versatile and may even be able to "hide in plain sight." Spammers for their part have successfully adopted the concept of "snowshoe spam" – using bots from a wide range of IP addresses to send out low volumes of unsolicited mails, thus making it more complicated to detect and take down single sources and "creating an opportunity to leverage compromised accounts in multiple ways." The success was phenomenal: according to Cisco's experts, the total volume of spam and so-called malvertising attacks rose by 250% between January and November last year.
  • Although the most efficient exploits always required some kind of customer interaction – or by contrast, a lack of initiative – end users and IT teams usually didn't bear the main responsibility for an attack's success. According to Cisco's researchers, this changed dramatically in 2014; they even describe both groups as integral (if unwitting) "parts of the security problem." For example, 56% of the companies surveyed were still running OpenSSL implementations aged 50 months or older – and therefore wide open to last year's catastrophic Heartbleed exploit. End users on the other hand often work with outdated or unpatched browsers – only 10% of all Internet Explorer users ran the latest version of Microsoft's browser, compared to 64% of Chrome users – and tend to fall victim to 'evil' browser add-ons that are used to spread malware or unwanted applications.
  • The researchers found strong "disconnects" between how companies perceive their own "security readiness" and the level of protection they actually achieve. For instance, 75% of all CISOs think that the security tools they've deployed work very or extremely effective, even though less than half of them use standard measures such as regular software updates or configuration restrictions to prevent exploits and attacks. On a more positive note, midsize organizations tend to be better prepared against aggressors – with 67% achieving high or upper-mid security levels – than large corporations or small shops.

In a rather unusual move, Cisco's experts also dedicated the larger part of a chapter to the consequences of "U.S. government surveillance overreach," noting specifically the calls for data sovereignty and data localization that have emerged in states such as Brazil or Germany, which have been exposed to digital spying for well over a decade. Like other analysts before, they warn against a 'balkanization' of the Internet, which might occur if at some point these calls translate into national laws and/or become part of international agreements. However, they also point out that a majority of respondents who participated in a separate Data Protection Heat Index Survey Report (sponsored by Cisco and the Cloud Security Alliance) would prefer binding international treaties, such as a "consumer privacy bill of rights" based on standards to be developed by the United Nations or the OECD – a concept that Cisco can easily agree with.

For more background info, including an interview with Cisco Australia's chief security and trust officer John Stewart, please see Iain Thomson's article at The Register.


Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now