Cisco's annual security report offers grim outlook for 2014

http://www.zdnet.com/ciscos-annual-security-report-offers-grim-outlook-for-2014-7000025160/

By Rachel King for Between the Lines | January 16, 2014 -- 13:00 GMT (05:00 PST)

The exponential growth for mobile and cloud technologies over the last few years matched by a gap in skilled security professionals to manage these platforms is providing cyber criminals with unimaginable opportunities, based on the Cisco's 2014 Annual Security Report.

Despite ever-present and rampant headlines about security, from somewhat simple phishing to wide-scale attacks as seen with Target, Cisco researchers still suggest that we could be facing "unprecedented growth" for advanced malicious attacks in the coming year.

To be fair, maybe one year ago (or even a few months ago) it would have been hard to predict that cyber criminals could have lifted sensitive personal data from point-of-sale hardware on more than 70 million people -- close to one-third of the U.S. population -- at one major retail chain.

Nevertheless, that's what happened, so it's quite possible we have no idea what is in store for us next.

But to understand how to prepare, perhaps it's best to review how we got here. Here are a few of the contributing factors, according to Cisco:

  • Advanced mobile devices come with plenty of fantastic abilities and can save so much time and money in the long run -- but given how new they are, they also come with "unanticipated weaknesses and inadequately defended assets."
  • Cyber criminals are increasingly targeting Internet infrastructures "with the goal of proliferating attacks across legions of individual assets served by these resources."
  • Organized cyber crime is getting, well, more organized, with more fine-tuned motivations: public vs. private sector, financial rewards vs. inflicting damage on reputations.
  • Looking closer at mobile, approximately 99 percent of all malware targets Android. But Java is the most exploited programming language.
  • Malware is also being more directed toward oil, gas, and energy companies.
  • Based on a sample of 30 of the world's largest Fortune 500 company networks, 100 percent of them generated visitor traffic to Web sites that host malware.

John N. Stewart, senior vice president and chief security officer for threat response intelligence and development, acknowledged in the report that these observations collectively "paint a grim picture."

Regardless, he stressed that "to truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack."