printer friendly version

Surveying the network security landscape

Report outlines effective security practices for strengthening and protecting enterprises’ competitive edge.

Businesses must change their mindset on security to help ensure that their networks and vital corporate information are protected from evolving security threats, according to the Cisco 2010 Midyear Security Report.

Tectonic shifts – the increasing use of social networking, the proliferation of network-connected mobile devices, and virtualisation – continue to alter the security landscape. As a result, enterprise professionals must act immediately to put effective security practices into place in order to protect their companies’ reputations and maintain a competitive edge. The report outlines five recommendations for improving corporate security.

Key findings

* Tectonic pressures mounting – Major forces are changing the enterprise security landscape. Social networking, virtualisation, cloud computing and a heavy reliance on mobile devices continue to have a dramatic impact on the ability of information technology departments to maintain effective network security. To help manage these converging trends, enterprises should:

- Enforce granular per-user policies for access to applications and data on virtualised systems.

- Set strict limits for access to business data.

- Create a formal corporate policy for mobility.

- Invest in tools to manage and monitor cloud activities.

- Provide employees with guidance on the use of social media in the workplace.

* Virtual farms being tended – Cisco Security Intelligence Operations research found that 7% of a global sample of users accessing Facebook spend an average of 68 minutes per day playing the popular interactive game FarmVille, Mafia Wars was the second most popular game, with 5% of users each racking up 52 minutes of play daily, while Café World, played by 4% of users, accounted for 36 minutes of wasted time per day.

- Although loss of productivity is not a security threat, cyber criminals are believed to be developing ways to deliver malware via these games.

* Company policies ignored – 50% of end users admitted that they ignore company policies prohibiting the use of social media tools at least once a week, and 27% said they change the settings on corporate devices to access prohibited applications.

* Innovation gap being bridged – Cyber criminals are using technological innovation to their advantage. They exploit the gap between how quickly they can innovate to profit from vulnerabilities and the speed at which enterprises deploy advanced technologies to protect their networks.

- While legitimate businesses spend time weighing the decision to embrace social networking and peer-to-peer technologies, cyber criminals are among the early adopters, using them to not only commit crimes but also to enhance their communications and to speed transactions with each other.

* Spam continuing meteoric rise – Despite recent disruptions to criminal spam operations, in 2010 the worldwide volume of spam is expected to grow by as much as 30% over 2009 levels, according to new research compiled by Cisco Security Intelligence Operations.

- The United States is once again the country where the largest amount of spam originates, pushing Brazil to third place. India currently ranks second, and Russia and South Korea round out the top five.

- Brazil experienced a 4,3% decrease in the amount of spam originating in-country, most likely because more ISPs in that country are limiting Port 25 access.

* Multivector spam attacks rising – Cyber criminals remain intent on targeting legitimate Websites but are launching strategically timed, multivector spam attacks with a focus on establishing keyloggers, back doors and bots.

* Terrorists going social – Social networks remain a playground for cyber criminals, with an increasing number of attacks. New threats are now emerging from a more dangerous criminal element: terrorists. The US Government is concerned enough that it has awarded grants to examine how social networks and other technologies can be used to organise, coordinate, and incite potential attacks.

The report includes several other findings and concludes with recommendations to help enterprises strengthen their security.

Share this article:

Further reading: