The question companies face today about the vulnerability of their data is not if their network will be comprised but rather when, the 2015 Cisco Annual Security Report finds.
Security professionals say they are optimistic that they can hold back attackers, the report states. However, in the end “security is a numbers game: Even if an organization blocks 99.99 percent of billions of spam messages, some with make it through.” When the messages get through, they go to end users “who become the weak point in the networks.”
“Technology solutions rarely empower users to take charge of security as active participants,” according to the report. “Instead, they force them to work around security tools that get in the way of their workday—thus leaving the business less secure.” To combat this feeling, “Security teams need to educate users about safe habits that they should apply no matter where they are using technology—at the office, at home, on the road—so they can make good decisions and feel empowered to seek timely assistance when they think something is wrong,” the report says.
The report does find that, while spam volume in the United States is on the decline, levels rose in other countries. One popular spam method is spear-phishing messages. “These messages, which target specific individuals with a well-crafted message, appear to come from well-known vendors or service providers from whom users commonly receive messages—for example, delivery services, online shopping sites, and music and entertainment providers. Emails with a trusted name and a logo, even if spoofed, carry more weight than the old-school spam messages touting pharmaceuticals or watches.”
Cybercrime is flourishing around the world “especially in areas of weak governance,” such as Eastern Europe, the report notes. “In areas of weak governance, it is not unusual to find evidence of strong ties between government intelligence services and organized groups involved in cybercrime.”
Even though terrorist groups such as ISIS or ISIL rely heavily on the Internet, especially social media, they are “making enough money through traditional fundraising activities such as extortion, human trafficking, and oil. But as these organizations grow, they could turn to cybercrime as a way to fund their efforts around the world.” The report warns there “is also the potential that budding terrorist organizations that do not have access to the same resources as more established groups may explore cybercrime as a fast path to growth.”
The Cisco Report is based upon research, insights, and perspectives provided by Cisco Security Research and other security experts within the company.