Mass spam declines, targeted attacks rise
Cisco says in its global Cisco Security Intelligence Operations (SIO) report that 2010 saw a cybercrime turning point, after which spam levels started dropping. Spam volumes dropped from 379 billion spam e-mail messages a day around the world in 2010, to around 124 billion a day last year.
However, the number of vulnerabilities increased, there are fewer widespread attacks but greater numbers of smaller, more focused attacks.
Cisco SIO estimates that the cybercriminal benefit resulting from traditional mass email-based attacks declined more than 50% from June 2010 to June 2011 – from USD1billion to USD500 million. In September, the biggest spam originator was India (on 13.9%), followed by Vietnam and Russia.
The Cisco CROI Matrix, which made its debut in the Cisco 2009 Annual Security Report, analyzes types of cybercrime that Cisco’s security experts predict profit-oriented scammers will channel their resources toward in 2012. Based on performance in 2011, the matrix predicts that mobile devices, along with cloud infrastructure hacking will rise in prevalence in 2012.
Money laundering is also expected to remain a key focus area for cybercrime investment.
Cisco also noted that seven out of 10 young employees frequently ignore IT policies, and one in four is a victim of identity theft before the age of 30.
Considering that at least one of every three employees (36%) responded negatively when asked if they respect their IT departments, balancing IT policy compliance with young employees’ desires for more flexible access to social media, devices, and remote access is testing the limits of traditional corporate cultures. At the same time, these employee demands are placing greater pressure on recruiters, hiring managers, IT departments, and corporate cultures to allow more flexibility in the hope the next wave of talent can provide an edge over competitors.
The Cisco Annual Security Report lists 10 recommendations from Cisco’s security experts on what they see as the most important action items for enterprise security.
1. Assess the totality of your network. “Know where your IT infrastructure begins and ends—so many enterprises simply have no idea of the entirety of their network. Also, know what your ‘normal’ is so you can quickly identify and respond to a problem.”—John N. Stewart, vice president and chief security officer for Cisco
2. Re-evaluate your acceptable use policy and business code of conduct. “Get away from the laundry list approach with security policies. Focus only on these things you know you must and can enforce.”—Gavin Reid, Cisco CSIRT manager
3. Determine what data must be protected. “You cannot build an effective Data Loss Prevention (DLP) program if you don’t know what information in the enterprise must be secured. You also must determine who in the enterprise is allowed to have access to that information, and how they are allowed to access it.”—David Paschich, web security product manager for Cisco
4. Know where your data is and understand how (and if) it is being secured. “Identify every third party that has permission to store your company’s data—from cloud providers to email marketers—and confirm that your information is being secured appropriately. Compliance requirements, and now the trend in cybercrime toward ‘hack one to hack them all,’ means enterprises must never assume their data is secure, even when they put it in the hands of those they trust.”—Scott Olechowski, threat research manager for Cisco
5. Assess user education practices. “Long seminars and handbooks aren’t effective. Younger employees will be more receptive to a targeted approach to user education, with shorter sessions and ‘just-in-time’ training. Peer training also works well in today’s collaborative work environment.”—David Evans, chief futurist for Cisco
6. Use egress monitoring. “This is a basic thing, but not enough enterprises do it—although compliance demands have more organizations adopting this practice. Egress monitoring is a change in focus from just blocking ‘the bad’ from coming in. You monitor what is being sent out of your organization and by whom and to where—and block things from leaving that shouldn’t be.”—Jeff Shipley, manager for Cisco Security Research and Operations
7. Prepare for the inevitability of BYOD. “Organizations need to stop thinking about ‘when’ they are going to move to a BYOD model and start thinking more about ‘how.’”—Nasrin Rezai, senior director of security architecture and chief security officer for Cisco’s Collaboration Business Group
8. Create an incident response plan. “IT-related risk should be treated like any other business risk. This means enterprises need to have a clear plan in place to respond quickly and appropriately to any type of security event, whether it’s a data breach resulting from a targeted attack, a compliance violation due to an employee’s carelessness, or an incident of hacktivism.”—Pat Calhoun, vice president and general manager of Cisco’s Secure Network Services Business Unit
9. Implement security measures to help compensate for lack of control over social networks. “Do not underestimate the power of technology controls, such as an intrusion prevention system for protecting against network threats. Reputation filtering is also an essential tool for detecting suspicious activity and content.”— Rajneesh Chopra, director of product management, Cisco Security Technology Group
10. Monitor the dynamic risk landscape and keep users informed. “Enterprises and their security teams need to be vigilant about a much broader range of risk sources, from mobile devices and the cloud to social networking and whatever new technology tomorrow may bring. They should take a two-step approach: reacting to security vulnerability disclosures, while also being proactive about educating their employees on how to protect themselves and the enterprise from persistent and potent cyber threats.”—Ambika Gadre, senior director of Cisco’s Security Technology Group