Thursday, August 21, 2014

Cisco Midyear Security Report Highlights Changing Security Landscape

As the frequency and strength of data breaches continue to grow, the cost to the companies sustaining the attacks is also on the rise. A recent study by the Ponemon Institute found that the average cost of a data breach has risen almost a million dollars since last year, to $5.4 million, ZDNet reported. The increasing price of a data breach isn't surprising when one considers the myriad new types of malware and other threats that are being created on a daily basis.

The Cisco 2014 Midyear Security Report, released at last month's Black Hat cybersecurity conference, tracks and analyzes trends in cyberattacks, exploits and the overall threat landscape as it changes to address the emergence of new technology. The study found that, out of the more than 2,000 vulnerabilities Cisco examined, 28 were being actively exploited by cybercriminals across multiple systems. The most vulnerable software continues to be Java, with 93 percent of Web exploits stemming from the service.

Infected networks increasing

The report went on to show that 95 percent of the customer networks surveyed by Cisco were found to have traffic sent and received from sites that were either infected with or hosted malware. The malware discovered on these sites was mainly used to perform distributed denial-of-service attacks and steal information from enterprise networks. Another 70 percent of the networks monitored by Cisco were identified as issuing domain name system queries for dynamic DNS. These types of queries, while not malicious in their own right, often indicate the presence of nefarious activity. Dynamic DNS allows a domain to keep its name while changing its numeric address, making it hard to pin down and therefore frequently utilized by malware's command and control servers to stay hidden from authorities.

The study also discovered that the creation of new exploit kits and the use of point-of-sale system attacks are on the rise. According to Cisco, new versions of exploit kits are gaining popularity after the cybercriminal behind the popular Blackhole kit was arrested and new software flooded the market to take its place. Attacks targeting POS systems are also increasing as a growing number of payment systems are connected to the Internet, making them an enticing target for those hoping to gain access to credit card and other financial information.

Looking forward, the report warns of the impending vulnerabilities that will be created by the ever-increasing Internet of Things. Cisco estimates that there will be 50 billion things connected in the next six years, creating a plethora of devices to exploit.

Threat landscape changing for enterprises

According to the report, the first half of this year saw an increase in attacks aimed at companies in the pharmaceutical and chemical industries, mostly carried out using spam and spearphishing attacks. The media and publishing sectors were also highly targeted, most likely due to the amount of technology and new devices used in all four sectors. To defend against the increasing number of attacks, Cisco suggests enterprises work to operationalize security.

"The decision to view security as a business process often stems out of broader business initiatives designed to improve governance, risk, and compliance throughout the organization," stated the report, according to Financial Post contributor Lynn Greiner. "Many businesses find, often too late, that when it comes to IT security, being compliant is not enough."

As the cybersecurity landscape continues to change, so will the needs of enterprises looking to protect sensitive information. IT professionals with the knowledge and abilities to help businesses defend networks and systems from malicious actors will only become more important and sought after as cyberthreats become more intense. New Horizons of Phoenix offer a great resource for those looking to gain cybersecurity skills and compete in the evolving IT job market. Training courses are offered for a variety of programs and certifications, including Certified Ethical Hacker. Classes are available online and at night to fit into any schedule.


Categories: Training & Certifications, Cisco, Information Technology, CertificationsNumber of views: 1618


Theme picker


Contact author