How strong is your weakest link? Cisco Midyear Security Report Highlights Weak Links in Threat Landscape

This summer saw the release of the Cisco 2014 Midyear Security Report, the latest examination of “weak links” in organizations – such as outdated software, bad code, and user errors – that could pose serious security threats.

The Report indicated an unusual increase in the number of malware within vertical markets, malicious botnets, and standard “Man-in-the-Browser” attacks (traffic is redirected to websites that host malware). All of these leave organizations vulnerable to exploits through DNS queries, exploit kits, malvertising, ransomware and other methods.

Most interesting, though, is the report’s insistence that organizations are spending too much time focusing on high-profile vulnerabilities, rather than on high-impact, common and stealthy threats. While there’s no doubt that boldface vulnerabilities, such as the recent Heartbleed threat, need to be addressed, it’s a mistake to think that attackers have abandoned weaknesses found in low-profile legacy applications and infrastructure.

What the Report underlines to me is that the security landscape continues to be vast and constantly evolving. It’s imperative that organizations be aware of every potential threat, whether large or small. This Report, along with others released in the market, are a means for organizations to educate themselves so they are better prepared.

It’s not uncommon for me to run into people during business trips who ask about the validity of such reports. “Are they really useful? Or are they just a marketing tool?”

On the surface it does appear that many security reports tell the same story: there are a lot of threats out there and you need to be prepared. But there are two key things to remember.

First, companies like Cisco have a unique perspective on the industry and the resources to carry out vital examination. The research conducted is in-depth, with deep data and metrics that give a detailed analysis of the situation, not a cursory glance. And of course, we do more than simply tell you about security threats; we also provide potential solutions, something that would not be possible if we didn’t have a clear understanding of the situation.

Second, in my experience, there are still a large number of organizations that don’t understand how to approach the many threats that exist. Organizations have to stop thinking like consumers when it comes to security threats. A person at home whose computer has been compromised by a virus, for example, has more control over the situation and is usually able to solve the problem quickly and easily with a number of available tools – many of which are free.

Organizations, however, have to deal with more complex challenges and need to assume that they will, inevitably, be compromised. This means they need to go beyond mere prevention and understand what their critical data is and have the proper detection tools – and people – in place.

That’s why at Cisco, we tell our customers they need to be ready across the attack continuum – before, during and after – they are attacked. Investing a balanced amount of time and effort across these phases results in a business that can limit the attack surface (before), identify an attack when it happens (during) and be ready to react and restore normal operations when an attack is successful (after).

I think that resources such as the Cisco Midyear and Annual Security Reports help organizations make the decisions necessary in order to remain protected and prepared across the attack continuum.  Do you agree? Leave a comment below, and download the Midyear Security Report on our website.

About Ahmed Etman

Ahmed Etman is the General Manager of Security and Enterprise Networking for Cisco Canada. In this role, he is responsible for Canadian growth within Cisco’s core technologies including enterprise routing, switching, and wireless networking. He is also responsible for managing Cisco’s cross-portfolio security solutions and leads a team of dedicated sales specialists across the country. Etman has over 12 years of experience in the telecommunications industry. He joined Cisco’s Europe, Middle East and Africa team in 2006 as a security business development manager, based in Dubai. He is a mechanical engineer by training and started his career as a security systems engineer. Before joining Cisco, he held various positions at Internet Security Systems (now part of IBM), including Director of Technical Solutions, and was responsible for opening the ISS operation in the Middle East and Africa region. Etman holds a bachelor of science degree from The American University in Cairo. Ahmed Etman est le directeur général de la sécurité et du réseautage d'entreprise de Cisco Canada. À ce titre, il est responsable de la croissance des affaires canadiennes en lien avec les technologies de base de Cisco, notamment les technologies de routage, de commutation et de réseautage sans fil d'entreprise. Il est aussi responsable de la gestion de l'ensemble de la gamme de solutions de sécurité de Cisco et dirige une équipe de spécialistes des ventes dévoués d'un océan à l'autre. M. Etman possède plus de 12 ans d'expérience dans l'industrie des télécommunications. Il est entré au service de l'équipe Cisco de l'Europe, du Moyen-Orient et de l'Afrique en 2006 en tant que directeur du développement des affaires de sécurité affecté à Dubaï. Il a une formation d'ingénieur mécanique et il a commencé sa carrière à titre d'ingénieur de systèmes de sécurité. Avant de grossir les rangs de Cisco, il a occupé divers postes au sein d'Internet Security Systems (qui fait maintenant partie d'IBM), y compris celui de directeur général des solutions techniques. Il a aussi été responsable de la mise sur pied de l'équipe ISS de la région du Moyen-Orient et de l'Afrique. M. Etman est titulaire d'un baccalauréat ès sciences de la American University du Caire.
This entry was posted in Cisco, Security and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s