The Cisco Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and November 2011. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2012.
“The older generation assumes everything is private, except what they choose to make public,” explains David Evans, chief futurist for Cisco. “To the younger generation, everything is public, except what they choose to make private. This default position—that everything is public—goes against how enterprises have worked in the past. They’ve competed and innovated based on protecting their information from being exposed. However, they need to realize that the benefits they receive from sharing information are greater than the risks of keeping information within their walls.”
Facebook and Twitter long ago moved beyond mere novelty sites for teens and geeks, and became vital channels for communicating with groups and promoting brands. Young professionals and college students know this, and weave social media into every aspect of their lives.
As more employees become mobile workers and use multiple devices to access company assets and rely on collaborative applications to work with others while outside the traditional “four walls” of the enterprise, the potential for data loss grows. “The potential for data loss is high,” says David Paschich, web security product manager for Cisco. “Enterprises are steadily losing control over who has access to their corporate network. And the simple fact that more employees are using mobile devices for work—and sometimes, multiple devices—means that the potential for data loss due to theft or loss of a device is greater.”
Enterprises now must consider another potential security threat that could be even more disruptive to their operations if they were to be targeted: hacktivism. “Hacktivism is a morph of traditional hacking,” says John N. Stewart, vice president and chief security officer for Cisco. “Hackers used to hack for fun and notoriety. Then, it was for a prize or monetary gain. Now, it’s often about sending a message, and you may never know what made you a target. We’re defending a new domain now.”
There is, however, some good news found in the report:
- Vulnerabilities have shifted to indicate improvements in coding practices
- Spam has dropped to lower levels
Following are 10 recommendations from Cisco’s security experts:
- Assess the totality of your network.
- Re-evaluate your acceptable use policy and business code of conduct.
- Determine what data must be protected.
- Know where your data is and understand how (and if) it is being secured.
- Assess user education practices.
- Use egress monitoring.
- Prepare for the inevitability of BYOD.
- Create an incident response plan.
- Implement security measures to help compensate for lack of control over social networks.
- Monitor the dynamic risk landscape and keep users informed.
More information about the report could be found on http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2011.pdf