Findings from Cisco’s Cisco’s 2013 Annual Security Report (ASR) indicate that Middle East and Africa have the highest concentration of online security threats coming from legitimate destinations visited by mass audiences, such as major search engines, retail sites and social media outlets.
The ASR states that security risks rise in businesses are also on the rise because many employees adopt “my way” work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between.
“Each year, the security threats and defenses change as a result of one another. The Cisco Annual Security Report is our expert research, highlighting global threat patterns and trends. Today, we live a blended work-personal life. The hackers know this, and the security threats that we encounter online such as embedded Web malware while visiting popular destinations like search engines, retailers, social media sites and smartphone/tablet apps no longer threaten only the individual; they threaten our organizations by default. This year’s ASR highlights this and other trends while providing the hard data, and ideas, for how we should be approaching security today,” said Raphael Stanley, Cisco’s regional sales manager.
States the report: “Today the trend towards ‘Bring Your Own Device’ (BYOD) is increasingly impacting IT departments. According to Cisco Internet Business Solutions Group (IBSG) Research 95% of organizations globally now allow employee-owned devices in some way, shape or form in the workplace. BYOD does however bring complexity when it comes to security and IT Support. The challenge that the Middle East and Africa will face with BYOD is introducing and managing a solid security strategy. As more and more employees are using devices for both personal and business activities, the issues with potential loss of confidential company data increases as IT departments are less in control. Companies in 2013 will have to ensure that devices have business application and data isolated and protected.”
Below are key findings from Cisco ASR 2013:
- Android malware entered the mainstream consciousness in 2012 with explosive growth and the first documented botnet.
- Malware, short for malicious (or malevolent) software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
- It can appear in the form of code, scripts, active content, and other software.
- Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, adware, malicious BHOs, rogue security software and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses
- Spam volume dropped 18 percent from 2012 to 2011, with spammers working “banker’s hours” for a 25 percent drop in spam over the weekend.
- In 2012, the majority of spam was sent during the workweek – Tuesday was the heaviest spam day of the year.
- India is the top source of spam worldwide, with the U.S. moving from sixth in 2011 to second in 2012. Korea, China and Vietnam round out the top five.
- The top spoofed brands involve prescription drugs and luxury watches like Rolex and Omega. (ASR)
- Spammers maximize the ROI of their efforts, targeting real-world events with specific and short-lived campaigns.
- January-March: Windows software, which coincided with the release of the Microsoft Windows 8 consumer preview.
- February-April: Tax software during U.S. tax season.
- January-March and September-December: Professional networks like LinkedIn, correlated with the desire for a career change during the beginning and end of the year.
- September-November: Cellular providers around the release of the Apple iPhone 5.
The Cisco 2013 Annual Security Report highlights the most important security trends of the year and provides tips and guidance to keep enterprise technology environments more secure. The Cisco Connected World Technology Report magnifies the threats outlined in the security report.