The state of security today

Since data breaches are on the rise, the findings of the Cisco Security Report may not come as a surprise to anyone. However, the report does present us with solid research on security trends, in which, through collaboration, we can study and strengthen the protection of our most precious resource: data.

The major insights from Cisco’s report are presented across four key areas: trust, threat intelligence, industry, and recommendations on how to increase security measures industry wide.

Trust

As more and more organizations are falling prey to malicious attacks it’s no wonder trust, or lack thereof, is the number one security trend concern. And, organizations should take this concern seriously. Attacks are becoming more sophisticated and harder to pinpoint. When it comes to protecting your valuable data, you need to know you can count on your support systems.

Whether it’s a third-party cloud, data center or network security vendor, it should be crystal clear what their line of defense is. And, if disaster should strike, what their disaster recovery plan entails. In order to strengthen and build trust with your vendor, there needs to be not only collaboration but also transparency, so there are no hidden surprises.

Threat Intelligence

Cisco and Sourcefire have collaborated, analyzed and assembled their resources to provide insight into security trends from last year.

• Malicious agents are masquerading as trusted sources in order to gain access to secure systems. In essence, the users are unknowingly inviting malware to wreak havoc on their devices.
• Threats, attacks and hackers are targeting and exploiting significant assets across the Internet. Such as web hosting servers, name servers and data centers.
• Furthermore, research suggests suspicious traffic or malware is originating from an internal, secure source, in an attempt to spread its reach. Meanwhile, the penetration of the compromised networks may remain undetected for long periods of time.

Industry

While brute-force login attempts may seem like a juvenile approach for cybercriminals, according to Cisco’s report, “their use nearly increased threefold” last year. In fact, 2013’s security trend attacks can be summarized as “old school.” Organizations were so focused on the newest security threats that they forgot to update or monitor older, weaker threats. For example, distributed denial of service (DDoS) attacks, which disrupts traffic to and from websites and can potentially paralyze Internet service providers (ISPs), are not only on the rise but also increasing in severity. According to the report’s findings, both private and public sectors should be concerned, particularly the financial services and energy industries.

Recommendations

So, in the face of constant security threats it’s no wonder organizations are feeling overwhelmed and struggling to develop a clear plan, which will strengthen their data security support systems. Simply put, the best defense is a good offense. Organizations shouldn’t be asking themselves what if an attack happens but rather when.

In order to be better prepared against malicious attacks, organizations should start with a comprehensive examination of current security measures.

• Which tactics are outdated?
• Where are our resources best spent?
• How can we mitigate risk?
• What should we do when disaster strikes?

These questions shouldn’t stop at the IT or network security departments, but should be asked organization-wide. After all, protecting sensitive data and mitigating risk is an all hands on deck effort.

The Cisco 2014 Annual Security Report sheds light on staggering security trend data and reinforces just how vital network security is to our private and public data. Trust is a primary concern with private citizens and organizations alike. However, Cisco’s threat intelligence offers valuable insight to shifting security trend tactics amongst cybercriminals. While attacks may be becoming more sophisticated, their methods are going “old school.” And, even though every organization is susceptible to DDoS security threats, the financial services and energy industries are the primary targets for attacks. Nevertheless, attacks are inevitable. Organizations need to prepare a disaster recovery plan, to mitigate risk and minimize the damage as best as possible.

However, in order to reduce cyber threats, open collaboration amongst various industries needs to take place, to prevent future and similar attacks.

Have you read the Cisco 2014 Annual Security Report? Which findings surprised you the most? How are you planning to use the report to increase your security efforts?