Today, we live in a connected world with complex security challenges. Technological innovations are fundamentally changing the way people live, work, play, share information and communicate with each other. Employees around the globe are now using business networks to communicate, collaborate and access data. Furthermore, businesses eager to increase productivity have embraced the growing integration of network communications, encouraging employees to take advantage of wireless devices and public hotspots.
In 2010, about 5 connected devices per person were in operation worldwide—but that number will pale into insignificance in 2013, when it is projected that 140 devices per person will be in operation globally. At the same time, security threats will be on a similarly dramatic trajectory; from 2.6 million identified threats last year, to 5.7 million in 2013.
With a number of forces converging in the marketplace, now is the time for enterprises to transform their IT model to accommodate these emerging borderless networks and face increasing security challenges.
Threats to online security
Online crime embraces technical innovation and collaborates with like-minded enterprises to develop new strategies. In a trend which has evolved dramatically over the last few years, attacks are no longer just driven by notoriety, but by profit.
Through businesses embracing borderless networks, productivity is booming – however, network-based collaboration introduces corporate data into a broader environment which is more vulnerable and open to attack. Attackers often use stealth tactics in order to plan a slow and sustained method to ensure a successful, and profitable, attack. Business systems contain sensitive and lucrative data that needs protecting – the loss of intellectual property can damage a company’s reputation, undermine its brand or jeopardize its competitive edge. Breaches of regulatory requirements for handling sensitive customer data can reduce customer confidence and lead to fines being imposed.
In addition to this, the volume of spam production can pose serious threat. In previous years, emerging economies showed the sharpest increase in spam production. However, in 2010 the shift focused onto developed nations. One likely reason for this spam growth is the spread of broadband Internet in these countries. In the United Kingdom, for example, spam volume rose almost 99 percent from 2009 to 2010, according to Cisco research. However, Brazil, China and Turkey all of which figured high on the 2009 list of spam nations— showed significantly lower volumes of spam in 2010. In particular, Turkey’s spam volume dropped 87 percent. This follows the global trend, as for the first time in Internet history, spam volumes declined.
What are the problems facing cyber security?
Online criminals are continuing to exploit users’ trust in consumer applications and devices, increasing the risk to organizations and employees. As a result, traditional security, which relies on layering of products and the use of multiple filters, is not enough to defend against the latest generation of malware, which spreads quickly, has global targets, and uses multiple vectors to propagate.
In addition, the increasing use of social networking continues to alter our security landscape. Within the workplace, social networking sites pose a number of threats to companies – ranging from cybercriminals developing ways to deliver malware via social media games, to criminals masquerading as someone the social media user knows and figuring out how to assume someone’s identity. Click through rates for most malware or spam incidents consistently hover at around 3 percent, according to data from Cisco ScanSafe. This small percentage is the equivalent of having a gaping hole in the network firewall that cannot be closed.
The challenge is that we need to block their exploits 100 percent of the time if we are to protect our networks and information. They can be right once; we have to be right all of the time. Consequently, enterprises must act immediately to put effective security practices into place in order to protect their assets, information, and themselves online.
With the threats facing cyber security evolving all the time, it is important that businesses change their mindset in security to help ensure that their networks and vital corporate information continue to be protected.
Cyber security – an increased awareness
Governments recognize the need to develop common standards for security solutions, yet they also want autonomy over how technology is deployed within their borders. Some countries and companies are leading efforts to expand the reach of these common standards, since they present the best opportunity for improved security and continued product innovation.
Furthermore, as governments become more focused on improving cyber security and developing global standards, private industry is stepping up to help ensure legislation does not stifle innovation.
Ultimately, it is important to understand that the security challenges we face today require a solution, and not just a product. Specialised companies now work in delivering enterprises with effective cyber security systems.
In particular, Cisco is focused on offering our channel partners solutions that address and deliver business security. Anti-spam systems have become the blueprint for this model. For years now, new attacks have been developed and new techniques have been deployed to meet those threats effectively. All threats are heading in this direction and solutions must do the same. The list of vulnerabilities grows every day, as does the number of new applications (and versions of existing applications). Meanwhile, the complexity of attacks is increasing.
Thus, it is clear that IT must work directly with management and employees to create and implement relevant, flexible, user-friendly policies that can be practiced and enforced throughout all levels of the organisation. With criminals ready to leverage an arsenal of techniques to carry out their attacks, we must work to implement cyber security solutions to combat and prevent attacks in the future.
Gaf Khan, Cisco South Africa Business Development Manager for Network Security