Home / / Cisco says businesses falling behind on security threats

Cisco says businesses falling behind on security threats

Cisco's 2010 Midyear Security Report highlights changing threats to IT security

Companies need to take more care over security around social networking, cloud computing and mobility.
Companies need to take more care over security around social networking, cloud computing and mobility.

Cisco is warning that IT managers and security professionals are failing to keep up with the emerging threat landscape, according to its 2010 Midyear Security Report.

The company says that there are ‘tectonic shifts' in the information security sphere, as the ongoing boom in social networking, virtualisation and mobile devices continue to drive change in the market, and lead to security threats outstripping measures to prevent them.

Tarek Houbballah, systems engineering manager, Cisco, commented: "Technological innovations are fundamentally changing the way people live, work, play, share information and communicate with each other. Because consumers are typically the early adopters, enterprises often struggle to adapt existing polices to address their employees' preferred use of technology. With a number of tectonic forces converging in the marketplace, now is the time for enterprises to transform their IT model to accommodate the emerging borderless network and increasing security challenges."

The Cisco report includes five key recommendations for IT security managers to protect against threats, including enforcing granular, per-user security policies for application and data access, particularly on virtualized systems; strict limits on access to business data; creation of corporate policies to manage mobile device usage; investment in tools to manage and monitor cloud activities; and guidance for employees on usage of social media in the workplace.

Cisco did warn however, that corporate policies on social media may not prove effective, with 50% of respondents to the Cisco global survey ignoring company policy at least once a week, and 27% reporting that they change settings on corporate devices to access prohibited applications.

While not strictly a security threat, Cisco warned of the ongoing loss of productivity caused by social networking applications, and games in particular. Cisco Security Intelligence Operations reported that in a global sample of Facebook users, 7% of spend an average of 68 minutes per day playing FarmVille, 5% play Mafia Wars for 52 minutes per day, and 4% play Cafe World for 36 minutes per day. The report also raised the possibility of criminals embedding malware in such applications.

Among other threats noted in the report were the continued growth of spam, with spam volume for 2010 expected to be up 30% from 2009, and the emergence of multivector spam attacks with a focus on establishing keyloggers, back doors and bots; and the emerging profile of cybercriminals as early adopters of new technology, both in terms of using technology as a means of attack, and as a method to co-ordinate attacks and share intelligence.

The report also noted the growing concern among security forces that terrorists may also be using social networks for communications and co-ordination.