New ways of doing business are leaving behind wide security gaps too. Cloud computing, mobility and bring-your-own-device (BYOD) might be the hot topics of discussions and high on the adoption charts for most forward-looking enterprises, but they are increasing security complexity at a feverish pace. Much to the chief information officer’s (CIO) nightmare, two things appear to be helping criminals gain an edge. First is the maturation of mobile platforms. Security experts believe that the more smartphones, tablets, and other devices perform like traditional desktop and laptop computers, the easier it is to design malware for them.
Second is the growing using of mobile apps. Many users download mobile apps regularly without any thought of security. The moot point is that threats designed to take advantage of users’ trust in systems, applications and personal networks have reached startling levels.
According to the Cisco 2014 Annual Security Report, a worldwide shortage of nearly a million skilled security professionals is impacting organisations’ abilities to monitor and secure networks, while overall vulnerabilities and threats reached their highest levels since 2000.
The report’s findings offer a broad picture of rapidly evolving security challenges facing businesses, IT departments and individuals. Attacker methods include
socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.
A quick look at some of the findings. Overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000. As of October 2013, cumulative annual alert totals increased 14% year-over-year from 2012. Distributed denial of service (DDoS) attacks—which disrupt traffic to and from targeted websites and can paralyse internet service providers—have increased in both volume and severity. Multipurpose trojans counted as the most frequently encountered web-delivered malware, at 27% of total encounters in 2013. Almost 99% of all mobile malware targeted Android devices.
According to the Cisco report, specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry—formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.
John Stewart, senior vice-president, chief security officer, Threat Response Intelligence and Development, Cisco, said: “Although the report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people,