Security needs an "all hands on deck" approach


By Dylan Bushell-Embling
Wednesday, 21 January, 2015


Security needs an "all hands on deck" approach

Organisations will need to continually improve their approach to protecting against cyberthreats to keep up with increasingly proficient attackers, according to Cisco.

The vendor’s latest Annual Security Report shows that cybercriminals are expanding their tactics to cover methods that are harder for security teams to detect and analyse.

The report details an emergence of “snowshoe” spam - low volumes of spam sent from a large set of IP addresses to avoid detection - as well as attacks involving a combination of vectors, such as sharing exploits over Flash and JavaScript simultaneously.

Malware creators are meanwhile using web browser add-ons as a medium for distributing malware, which is proving a successful threat vector because many web users inherently trust browser add-ons.

But fewer than 50% of security teams are using standard tools such as patching to help prevent security breaches. Despite the high profile and significant threat posed by the Heartbleed bug, for example, 56% of all installed OpenSSL versions are over four years old.

Despite this, 75% of CISOs see their security tools as very or extremely effective and 59% of CISOs view their security processes as optimised.

Cisco said this demonstrates that there is a growing gulf between organisations’ perceptions of their security capabilities and the reality of their exposure to threats. Of those companies with sophisticated security, 91% agree that company executives consider security to be a high priority.

“Security needs an all hands on deck approach, where everybody contributes, from the boardroom to individual users,” Cisco Chief Security and Trust Officer John N Stewart commented.

“We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight. Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind.”

Image courtesy of David Goehring under CC

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd