Security a Differentiator for Users

Thursday, January 22, 2015 @ 04:01 PM gHale


Technology users are increasingly asking about security when choosing between vendors.

“We think security is now beginning to differentiate offers between competitors,” said Cisco CSO John Stewart. “Security needs an all hands on deck approach, where everybody contributes, from the board room to individual users. We used to worry about DoS (denial of service), now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight.”

RELATED STORIES
Security: A Presidential Mandate
Security Spending to Increase in ‘15
Sony: Risk Management in Real Time
Talk to Me: Elevating Security Awareness

In addition, security is becoming a more important issue for top-level management.

That all comes on the heels of a new report from Cisco saying there is a widening gap between what security executives believe to be true and the reality of cyberthreats.

And the number of areas in which the gap is showing up is also increasing, as attackers get more and more sophisticated, said the Cisco 2015 Annual Security Report.

According to the study, which surveyed CISOs and security operations managers at 1,700 companies in nine countries, 90 percent of respondents said they were “confident” in their security efforts.

But 54 percent also reported their companies have had to manage a public security breach.

Meanwhile, fewer than 50 percent of respondents said they used the kinds of standard tools that thwart breaches, such as user provisioning, patching, penetration testing, endpoint forensics, and vulnerability scanning.

Take patching, for example. A browser, for example, needs to be regularly updated in order to protect users against malicious downloads and similar exploits. But companies just don’t patch.

Cisco principal engineer Jason Brvenik said only 10 percent are running the latest version of Internet Explorer.

Even the Chrome browser, which updates itself automatically when restarted, saw only 64 percent penetration of its latest version, not 100 percent — one possible explanation being users don’t fully shut down their computers at night.

Another case in point is the Heartbleed bug.

“We found that 56 percent of SSL versions were more than four years old, and still vulnerable to Heartbleed. They haven’t been patched.”

Stewart said patching is one of the hardest things to do in a complex IT system because devices or software needs to go out of service. And when you have a complex environment with many vendors, there might be more patching than a company can handle.

For attackers, successfully breaching a company’s defenses is how they make their money. And the strategies they use are becoming increasingly profitable as the attackers get more professional.

Take spam, which increased 250 percent by volume this year because spammers have changed their strategies.

In terms of advanced sophistication, spam writers are also carefully tracking their response rates and continuously adjusting the text of the spam emails. Spam messages end up increasingly customized to target individual recipients, helping them bypass spam filters.

Click here to register for the report.



Leave a Reply

You must be logged in to post a comment.