Cisco’s recently published 2015 Annual Security Report summarized the security trends it found in 2014 and advised on best practices to address predicted threats in 2015. Some of the key security findings were:
1) Malware is getting better at evading detection
2) Spam is growing in volume and sophistication
Cisco found that the volume of spam increased 250% from January to November in 2014 and spammers are finding more ways of evading spam filters. Spam content, sender addresses, and originating IP addresses can all be difficult to differentiate from legitimate emails. In the case of hiding the sender’s IP address spammers have been using a “snowshoe” method of emailing in where the emails are sent from a large number of (often infected) computers. So it isn’t possible to track the email back to a specific blacklisted address.
3) Known threats are still problems on outdated software
2014’s headline security threats – Heartbleed and Shellshock – are still issues. Cisco’s surveys found that 56% of the OpenSSL implementations were using versions greater than 4 years old and only 10% of the IE browsers accessing sites were using the current version. The problem is not that patches aren’t being applied, it’s that versions aren’t being updated to ones where patches are available for vulnerabilities. Cisco provided the following recommendation:
To overcome the guaranteed eventual compromise that results from manual update processes, it may be time for organizations to accept the occasional failure and incompatibility that automatic updates represent.
4) Users are a significant vulnerability
Malware may be inadvertently downloaded from seemingly safe websites – Cisco found that many high-ranking, short lived websites contained malware. Malware was also installed through browser add ons and software downloads – often with misleading and confusing install options that trick the user into agreeing to install the malware. In Cisco’s survey of 70 companies there were 711 users affected by malware at the beginning of the year. Rising to a peak of 1751 users affected during the month of September.
Cisco provided several recommendations on how to deal with the current security climate:
- Adopt a more sophisticated endpoint visibility, access, and security (EVAS) control strategy. Even if you are able to secure your network you still have to plan for what to do if an attack occurs. Determining the scope of an attack that makes it past a network’s front door means monitoring the potential target endpoints within the network. EVAS monitors the endpoint activity within a network before, during, and after attacks, allowing you to formulate a plan to deal with mitigating the threat and providing the tools to conduct a forensic analysis to prevent the problem from occurring again.
- Security must be integrated into the business. Business planners and security staff must work together to ensure that security is an integral part of all IT plans. However security that makes it difficult for users to access resources can result in users finding ways to circumvent security measures. Security planning must consider both protection from threats and accessibility for users.
- Users must be included in the security plans. No security plan will be able to address all problems. There are too many possible threats and they change too quickly. Users must be trained on what activities are potentially dangerous and how to recognize when there is a problem as well as how to report problems.