Over 1m IT professionals needed to tackle cyber threat — Cisco


UF Member

As systems, applications and personal networks become increasingly vulnerable to cyber-attack, up-to-date cybersecurity defences are crucial to the health and reliability of the digital systems.

This development, experts warn must be addressed head-on otherwise no success story will be recorded in the fight against cyber security challenges.

The Wired World: A graphic representation of the Internet

While unprecedented growth of malicious traffic continues to cause more harm than good to both organizations and service providers around the world, latest Cisco 2014 annual security report has revealed shortage of over one million security professionals across the globe in 2014 to tackle the growing security threats.

The report’s findings offer a vivid picture of rapidly evolving security challenges facing businesses, IT departments and individuals.

Attacker’s methods, according to the report, include socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.

The 2014 annual report further reveals that threats designed to take advantage of users’ trust in systems, applications and personal networks have continued to grow in geometric progression.

According to the report, the sophistication of the technology and tactics used by online criminals and their nonstop attempts to breach networks and steal data have outpaced the ability of IT and security professionals to address these threats.

Most organisations, the report indicated, do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner.

Key findings

Overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000. As of Oct. 2013, according to the report, cumulative annual alert totals increased 14 percent year-over-year from 2012.

One-hundred percent of a sample of 30 of the world’s largest Fortune 500 company networks, the report indicated generated visitor traffic to Web sites that host malware.

Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.

According to Cisco findings, Java continues to be the most frequently exploited programming language targeted by online criminals.

According to the report, Data from Sourcefire, now a part of Cisco, also shows that Java exploits make up the vast majority (91 percent) of indicators of compromise (IOCs).

Most affected sectors

Specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, historically, the report said have had high malware encounter rates.

In 2012 and 2013 respectively, the report indicated that there was remarkable growth in malware encounters for the agriculture and mining industry formerly a relatively low-risk sector.

Similarly, the report revealed that Malware encounters also continued to rise in the energy, oil and gas sectors.

Highlights of the report

Simple attacks that caused containable damage have given way to organized cybercrime operations that are sophisticated, well-funded, and capable of significant economic and reputational damage to public and private sector victims.

Increased complexity of threats and solutions due to rapid growth in intelligent mobile device adoption and cloud computing provide a greater attack surface than ever before. New classes of devices and new infrastructure architectures offer attackers opportunities to exploit unanticipated weaknesses and inadequately defended assets.

Cybercriminals have learned that harnessing the power of Internet infrastructure yields far more benefits than simply gaining access to individual computers or devices.

These infrastructure-scale attacks seek to gain access to strategically positioned web hosting servers, nameservers and data centers with the goal of proliferating attacks across legions of individual assets served by these resources.

By targeting Internet infrastructure, attackers undermine trust in everything connected to or enabled by it.

Speaking last week in Lagos to unfold the 2014 security report, the , General Manager, Cisco Nigeria, Ghana, Liberia and Sierra-Leone. Mr. Dare Ogunlade told Technology Journalists that it was time organizations must be proactive to tackle cyber security challenges.

“Organizations across Africa must realize that it is no longer if they will targeted by cyber-attacks, but rather when,”

“Chief Information Security Officers face growing pressure to protect terabytes of data on an increasingly porous network, manage information safely especially on the cloud, and evaluate the risks of working with third-party vendors for specialized solutions – all in the wake of shrinking budgets and leaner IT teams.”, he explained.

According to him, “Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies and that starts with empowering defenders with real-world knowledge about expanding attack surfaces.

“To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack. Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions.

“Web and Email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. With the Sourcefire acquisition Cisco is now able to provide customers in East Africa with the best advanced malware protection from the cloud to the network to the endpoint”.