The biggest threats to your organization still include the people you know best: Your staff.
That’s one of the main conclusions of Cisco Systems Inc.’s annual
security report, which the company previewed to reporters in advance of its official release Wednesday.
“(While) super-sophisticated threats are coming from outside our organizations ... our users may be some of the top threats that our companies are facing,” said Scott Olechowski, Cisco’s threat research manager.
“Seventy per cent of employees are willing to admit they’re breaking IT policy with varying regularity,” he said. “They don’t have a sense that they are responsible for protecting information on those devices themselves.”
But he was quick to point out that this isn’t the only problem facing companies going into 2012. There are also questions of education and lack of caution. “Fifty-six per cent of employees have allowed someone to use their computers without supervision, even with people they don’t know -- just being friendly,” he said. This statistic can be startling, but once again points to the difference in thinking between older and younger employees. “One out of three college students don’t mind sharing personal information online,” he said. “(But) one in four has experienced identity theft.”
“These people are actually facing dramatic consequences ... yet, they are sharing their devices and leaving things unattended at rates that are hard to fathom,” Olechowski said. He also found it alarming that, despite experiencing very real consequences themselves, the younger set are still more willing to share and trust than ever.
What is also changing is the nature of the attacks, Olechowski said. “These criminals are more focused on targeted attacks, high value opportunities instead of carpet bombing,” he said. While there was a steep decline in spam in 2011, the rise in data theft and attacks can be attributed to more targeted and sophisticated criminal campaigns.
Instead of campaigns being thrown at millions of email users, smaller campaigns are actually becoming more effective. Mary Landesman, senior security researcher at Cisco Systems Inc., said that the biggest threats are actually the ones with the smallest numbers. “It only takes one to be willing to do it,” she said. “You’re looking at very sophisticated attacks...post infection targeting.”
She also highlighted the growing trend of mobile malware, which was pointed out earlier in the week by Internet Identity, but she debunked the theory that Android devices are the most targeted. “Even though BlackBerry was such a small percentage (of surveyed mobile users), they had the most number of malware encounters,” she said. “So much being said about Android malware, but it’s increased by 30 per cent.”
In fact, the number of raw malware encounters by device, according to Cisco’s statistics was; Blackberry with 81 per cent, Nokia/Symbian with eight per cent, iPhone with seven per cent and Android and Windows Phone Mobile with two per cent.
The information Cisco [Nasdaq: CSCO] culled from its data confirmed trends identified by other groups this year, but network equipment maker also used data from the third part of its Connected World Report to give context to the trends.
The full Cisco 2011 Annual Security Report can be found on Cisco’s Website.