Midsize organizations are among the earliest adopters of new technologies. In general, they conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and Bring Your Own Device (BYOD) technologies. Fast adoption of innovations helps them to compete against larger organizations by meeting customer demands more cost effectively. But these business enablers are also creating security vulnerabilities that adversaries are exploiting for financial gain.
Adversaries aren’t just targeting prized assets like customer and employee data, invoices, and intellectual property. Cybercriminals also recognize that smaller companies are a vector into the networks of larger corporations. A 2013 study conducted by PricewaterhouseCoopers on behalf of the UK Government Department for Business, Innovation and Skills found that 87 percent of small businesses had been compromised, up 10 percent from the previous year. Many small and midsize companies are now mandated by partners to improve their threat defense. Regardless of size, organizations have legal and fiduciary responsibilities to protect valuable data, intellectual property, and trade secrets.
Read More »
Tags: cisco annual security report, Cisco Security, midmarket, Midmarket Security, security, security research
The growing use of mobility is a new threat vector in the extended network. It’s particularly complex to secure and manage when tablets and smartphones are used for both personal and business needs. The Ponemon 2014 Security Impact of Mobile Device Use by Employees study notes that 66 percent of users download mobile apps without their company’s permission. This downloading behavior increases the attack surface by introducing unapproved or personal mobile applications.
As highlighted in the Cisco Annual Security Report for 2015, mobile applications are a new threat vector that could include malware. The potential for this user-appropriated malware to access corporate resources introduces a lot of new risks that need to be addressed by IT security personnel. At Cisco, we’ve just completed a new integration with Samsung to enable workers to be productive while locking down this expanded attack surface.
Read More »
Tags: cisco annual security report, Cisco Annual Security Report 2015, Cisco AnyConnect Secure Mobility Client, mobile security, mobility, security
Let’s face it, malware is everywhere now, and it’s here to stay. The statistics are staggering. According to the 2014 Cisco Annual Security Report, “100 percent of the business networks analyzed by Cisco had traffic going to websites that host malware” and 96 percent of the business networks analyzed had connections to known hijacked infrastructure or compromised sites. It’s a pretty scary reality for organizations and the security teams that are tasked with protecting these organizations from threats.
Not only is malware abundant and pervasive, but it comes in all shapes and sizes, including trojans, adware, worms, downloaders, droppers, ransomware, and polymorphic malware to name a few. Furthermore, it’s attacking us on all fronts, regardless of the device or operating system that we are using.
Read More »
Tags: AMP, cisco annual security report, malware, security
Is the combination of cloud computing and mobility a perfect storm of security threats?
Actually, yes. And you should prepare for them as if there is a storm coming.
As businesses become increasingly mobile, so does sensitive data. In fact, in a recent survey conducted by ESG,
31% of security professionals say that the biggest risk associated with cloud infrastructure services is, “privacy concerns associated with sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider.”
With cloud-based services, it is key to have visibility into applications and provide consistent experience across devices accessing the web and cloud applications. More users are leaving the standard PC behind and engaging cloud applications through a mobile device, making application-layer security and user access security critical. Smartphones and tablets are able to connect to applications running anywhere, including public, private and hybrid cloud applications, opening your data to potential attacks. Security professionals need assurances that their cloud security provider will appropriately secure customer data while ensuring availability and uptime.
The conversation is no longer if you’ll be attacked, but when. And will you be prepared?
Read the full article: Data Security Through the Cloud
Tags: CIO, cisco annual security report, Cisco Security, Cisco Security Grand Challenge, CiscoCloud, cloud, cloud security, data security, ESG, Internet of Everything, IoE, ITaaS, security
Last week, following the release of the 2014 Cisco Annual Security Report, my colleague Levi Gundert and I took questions from you, our partners and customers, about the report and its most interesting findings.
This year’s report highlighted a number of new trends and found unprecedented growth of threat alerts, which reached the highest level we’ve seen in more than a decade of monitoring.
Although the report paints a grim picture of the current state of cybersecurity, we are optimistic that there is hope for restoring trust in people, institutions, and technologies. This must start with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during, and after an attack.
Here is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Levi or I will get back to you.
Tags: 2014 annual security report, asr, cisco annual security report, CSO, cybersecurity, John Stewart, Levi Gundert, Live Social Broadcast, security, skills gap