The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. Encompassing threat and trends information collected between January and October 2008, this 49-page document provides a snapshot of the state of security for that period. The report also provides recommendations from Cisco security experts and predictions of how identified trends will continue to unfold in 2009.
There was an enormous amount of activity related to data and online security during the past year. Although no single, overwhelming attack—such as the spread of Melissa, Slammer, or Storm malware in previous years—turned into the signature security event of 2008, the need for increased security protection and continued vigilance remains.
Compared to previous years, online criminals are becoming even more sophisticated and effective, employing a greater number of relatively smaller, more targeted campaigns to gain access to sensitive data. Human nature—in the forms of insider threats, susceptibility to social engineering, and carelessness that leads to inadvertent data loss—continues to be a major factor in countless security incidents. And the increasing use at many organizations of technologies designed to increase collaboration and productivity (such as mobile devices, virtualization, cloud computing, and other Web-based tools and Web 2.0 applications) is stretching the edges of corporate networks, potentially increasing security risks.
This year’s report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect.
Key report findings include:
- Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide
- The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007
- Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity
- Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007
- Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers’ mail
Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.
Presentation of the “Cisco 2008 Annual Security Report”