Cisco Blogs

Cisco Releases the 2011 Annual Security Report

December 14, 2011 - 3 Comments

Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.

The Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 have been released together because the Connected World Technology Report Chapter 3 is also focused on security issues and providing additional data to complement the 2011 Annual Security Report. Several highlights from the reports focus on the shifting technologies, expectations, and employee behaviors already impacting many work environments and that are expected to further shift the work dynamics in the future. The results include some possibly alarming attitudes and behaviors that security teams and managers may not be aware of, but are likely occurring in their work environment. To highlight just a few of the data points from the reports:

  • 70% of employees admitted to breaking policy with varying regularity (the most common reason was to get their work done)
  • 61% believe they are not responsible for protecting information on devices
  • 80% said their company’s IT policy on social media was either outdated or weren’t sure if such a policy existed
  • 56% of employees have allowed others to use their computers without supervision
  • 81% of college students believe they should be able to choose the devices they need to do their jobs

Combine this data with the current threat and vulnerability analysis and trends in the 2011 Annual Security Report and you have accurate data and context for the security decisions facing organizations about remote access, “Bring Your Own Device,” social media, and IT policies that can either undermine workplace security or create a highly efficient, productive, and secure environment.

That’s what’s happening in your workplace, but what about the bad guys? They’ve been keeping up too—moving from mass spam campaigns to highly targeted phishing attacks and the more lucrative (according to the Cisco Cybercrime Return on Investment Matrix) cloud infrastructure attacks and mass account compromises. As governments and law enforcement partner with the private sector to take down criminal operations, the criminals are moving away from those areas to countries where they can operate with less fear of prosecution. This year also saw the rise of “hactivism” and activist groups targeting government and corporate organizations across the Internet, and retaliatory attacks that could impact any organization that comes in to their focus.

There is, however, some good news found in the report:

  • Vulnerabilities have shifted to indicate improvements in coding practices
  • Spam has dropped to lower levels
  • Cisco security experts provide 10 recommended actions to improve your security

Get all the latest data, analysis, and trends from these reports, and stay updated throughout the year with the daily updates from Cisco Security Intelligence Operations.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. “70% of employees admitted to breaking policy with varying regularity (the most common reason was to get their work done)”

    User awareness is all well and good, however a degree of technical controls is required in most organizations. The human factor cannot be trusted. Application whitelisting, content filtering and locked down remote access can go along way.

  2. In my opinion excellent contribution vulneravilidad let us see that we meet the new tecgnologias but even better are the security policies with Cisco in terms of security, great contribution.

  3. You mentioned a decrease in SPAM as detailed in the annual report. The report attributes that one reason for a decrease in SPAM is more targeted attacks, “using their resources to reach out to specific people in an organization (such as financial or IT personnel) with a scam message designed to obtain sensitive network login data or other account
    information”. I’m not sure this actually good news (as mentioned above) or not… Volume may be down, but it sounds like targeted SPAM sophistication is on the rise.

    We are certainly seeing more targeted and sophisticated SPAM techniques on our end, where SPAM is so well done that it appears authentic.