Cisco has warned that many businesses’ faith in their security tools and policies is misplaced, as just 42 percent of UK firms have highly sophisticated measures in place – less than India, the US and Germany.
The networking firm’s Annual Security Report found that 75 percent of Chief Information Security Officers (CISOs) believe their tools are ‘very’ or ‘extremely’ effective yet less than half take standard steps like patching and updating software to the latest versions, increasing their protection.
“We see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches,” said Jason Brvenik, principal engineer of Cisco’s security business group. “Even with leading security technology, excellence in process is required to protect organizations and users from increasingly sophisticated attacks and campaigns.”
Overall, utility and telecoms firms have the most sophisticated measures in place, with government agencies much better equipped to deal with malicious attacks than financial service organisations and transport companies.
Cisco is urging all firms to adopt a ‘hands on deck’ approach to security as attackers become more adept at exploiting all kinds of vulnerability. The report notes that hackers are more likely to target individual users rather than compromising servers and operating systems in their attacks, with many unwitting users providing assistance by falling for browser and email scams.
New methods by hackers include ‘snowshoe spam’, which is the sending of low volumes of spam from large sets of IP addresses to avoid detection, the use of less common exploit kits that security firms are unaware of and malicious combinations, which involves combining two types of exploit, such as one in Flash and one in JavaScript, which combine weaknesses to make it more difficult for security tools to detect and block the threat.
“Security needs an all hands on deck approach, where everybody contributes, from the board room to individual users,” explained John N. Stewart, senior vice president, chief security and trust officer at Cisco. “We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure.
“Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight. Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind. Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future. It requires leadership, cooperation, and accountability like never seen before in our industry.”
Do you know all about the Internet of Things? Take our quiz.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…