Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.
The Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 have been released together because the Connected World Technology Report Chapter 3 is also focused on security issues and providing additional data to complement the 2011 Annual Security Report. Several highlights from the reports focus on the shifting technologies, expectations, and employee behaviors already impacting many work environments and that are expected to further shift the work dynamics in the future. The results include some possibly alarming attitudes and behaviors that security teams and managers may not be aware of, but are likely occurring in their work environment. To highlight just a few of the data points from the reports:
- 70% of employees admitted to breaking policy with varying regularity (the most common reason was to get their work done)
- 61% believe they are not responsible for protecting information on devices
- 80% said their company’s IT policy on social media was either outdated or weren’t sure if such a policy existed
- 56% of employees have allowed others to use their computers without supervision
- 81% of college students believe they should be able to choose the devices they need to do their jobs
Combine this data with the current threat and vulnerability analysis and trends in the 2011 Annual Security Report and you have accurate data and context for the security decisions facing organizations about remote access, “Bring Your Own Device,” social media, and IT policies that can either undermine workplace security or create a highly efficient, productive, and secure environment.
That’s what’s happening in your workplace, but what about the bad guys? They’ve been keeping up too—moving from mass spam campaigns to highly targeted phishing attacks and the more lucrative (according to the Cisco Cybercrime Return on Investment Matrix) cloud infrastructure attacks and mass account compromises. As governments and law enforcement partner with the private sector to take down criminal operations, the criminals are moving away from those areas to countries where they can operate with less fear of prosecution. This year also saw the rise of “hactivism” and activist groups targeting government and corporate organizations across the Internet, and retaliatory attacks that could impact any organization that comes in to their focus.
There is, however, some good news found in the report:
- Vulnerabilities have shifted to indicate improvements in coding practices
- Spam has dropped to lower levels
- Cisco security experts provide 10 recommended actions to improve your security
Get all the latest data, analysis, and trends from these reports, and stay updated throughout the year with the daily updates from Cisco Security Intelligence Operations.