UK Firms’ Faith In Security Tools And Policies Is Misplaced

Cisco has warned that many businesses’ faith in their security tools and policies is misplaced, as just 42 percent of UK firms have highly sophisticated measures in place – less than India, the US and Germany.

The networking firm’s Annual Security Report found that 75 percent of Chief Information Security Officers (CISOs) believe their tools are ‘very’ or ‘extremely’ effective yet less than half take standard steps like patching and updating software to the latest versions, increasing their protection.

“We see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches,” said Jason Brvenik, principal engineer of Cisco’s security business group. “Even with leading security technology, excellence in process is required to protect organizations and users from increasingly sophisticated attacks and campaigns.”

Security at all levels

The firm notes that despite the discovery of the Heartbleed vulnerability last year, just 56 percent of all installed OpenSSL versions are more than four years old, indicative of this less than active approach.

Overall, utility and telecoms firms have the most sophisticated measures in place, with government agencies much better equipped to deal with malicious attacks than financial service organisations and transport companies.

Cisco is urging all firms to adopt a ‘hands on deck’ approach to security as attackers become more adept at exploiting all kinds of vulnerability. The report notes that hackers are more likely to target individual users rather than compromising servers and operating systems in their attacks, with many unwitting users providing assistance by falling for browser and email scams.

New trends

New methods by hackers include ‘snowshoe spam’, which is the sending of low volumes of spam from large sets of IP addresses to avoid detection, the use of less common exploit kits that security firms are unaware of and malicious combinations, which involves combining two types of exploit, such as one in Flash and one in JavaScript, which combine weaknesses to make it more difficult for security tools to detect and block the threat.

“Security needs an all hands on deck approach, where everybody contributes, from the board room to individual users,” explained John N. Stewart, senior vice president, chief security and trust officer at Cisco. “We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure.

“Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight. Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind.  Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future.  It requires leadership, cooperation, and accountability like never seen before in our industry.”

Do you know all about the Internet of Things? Take our quiz.

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago