Cisco’s Annual Security Report: Are We Approaching a Crisis of Trust?

Paula Musich

Paula Musich

Summary Bullets:

  • Mobility and the ‘Internet of Things’ are increasing the attack surface from which cybercriminals are launching new and more sophisticated attacks.
  • Yet, consumers are still too trusting.  In 2013, an alarming increase occurred in the exploitation of web hosting infrastructure for launching cyber attacks.

This past week, Cisco delivered its Annual Security Report, looking back at 2013 and the evolving attack landscape.  The theme for this iteration of the report surrounds trust.  Quite frankly, I think too many consumers adopting new technologies, particularly mobile devices, are decidedly too trusting.  They are not asking the right questions; nor are they concerning themselves with the security of these new technologies they are embracing.  In our rush to adopt mobile computing and to bring intelligence and connectivity to everything from refrigerators to TVs and home heating and air conditioning systems, we are not bringing a skeptical eye to the exercise.  In fact, on January 16, Proofpoint claimed to have uncovered what could be the first ‘Internet of Things’ cyber attack, which used connected and comprised multi-media centers, TVs, and a connected refrigerator to launch an attack.   This is dangerous, because as the Cisco 2014 Annual Security Report highlights, attackers are not only more organized and better financed, but also outnumber IT security professionals.   Cisco’s report claims there is a shortage of over 1 million IT security professionals going into 2014. 

At the same time, cybercriminals are exploiting vulnerabilities and weaknesses in infrastructures such as web hosting centers to do harm to companies, government bodies, and economies around the globe.  The rapid growth of cloud computing and the ever-expanding footprint of these large data centers create a giant bull’s eye on the backs of these hosting companies, so it should be no surprise that cybercriminals are increasingly exploiting the thousands and thousands of servers housed there to carry out their attacks by taking control of those resources.  The exponential increase in the number of distributed denial of services attacks aimed at disrupting business and creating a distraction to hide fraudulent activity should serve as a wake-up call to cloud hosting providers to re-examine their security practices.  In fact, the Cloud Security Alliance announced in December 2013 that it had formed an anti-bot working group to research this growing problem and create best practices for thwarting exploitation of hosted servers.  Such best practices could include quarantining servers identified as being part of a botnet and creating a communications mechanism at hosting centers to allow operators to be alerted by outside sources when their facilities are being used to carry out attacks.   The CSA may also create certification for hosting companies that follow the best practices that the anti-bot working group identifies.  This cannot happen soon enough.

About Paula Musich
Paula brings 20 years of experience in the networking technology and management markets to Current Analysis clients. As Senior Analyst for Enterprise Network and Security, Paula is responsible for tracking and analyzing the evolving technological and competitive developments in the threat management segments of the information security market. Paula is responsible for coverage of the Anti-X, IPS, DLP, secure messaging, and Web security markets. In addition, she covers major technological, strategic and tactical developments in the enterprise networking market.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: