New Cisco Annual Security Report is Out

It is good to review this Annual report:

http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf (may have to fill out some information to get it)

key discoveries:

1) 1% of all high urgency CVE (Common vulnerabilities and Exposure) were actively exploited.

This means organizations must prioritize and patch high urgency vulnerabilities.

2) Since Blackhole exploit kit in 2013, it has not been topped by a newer better one.

3) Java exploits decreased by 34% (go to easier attack vectors?)

4) Flash malware can now interact with Javascript to conceal activity – hard to analyze and detect

5) Spam volume increased by 250% from january 2014 to November 2014

6) Snowshoe spam (low volumes of spam from a large set of IP addresses is a threat (avoids detection)

7) Online criminals rely on users to install malware (still highest point of entry)

8) Heartbleed – the security flaw that exposes OpenSSL, 56% of all OpenSSL versions are older than 50 months and still vulnerable.

9) 59% of CISO (Chief of Information Security Officers) view their security processes as optimized compared to 46% of Security Operations (SecOPS) managers.

10) Less than 50% of respondents use standard tools such as patching and configuration to help prevent security breaches.

11) 75% of CISO’s see their security tools as very effective.

12) larger and midsize organizations are more likely to have highly sophisticated security postures, compared to organizations of other sizes in the study.

Also some interesting java related info details:

“Of the top 25 vendor- and product-related vulnerability alerts from January 1, 2014, to November 30, 2014, only one was Java-related (see Table 1’s Common Vulnerability Scoring System [CVSS] chart on page 10). In 2013, Cisco Security Research tracked 54 urgent new Java vulnerabilities; in 2014, the number of tracked Java vulnerabilities fell to just 19. This should not detract online criminals from the popularity and effectiveness of attacking these older vulnerabilities that persist today.”

As mentioned web malware attack methods are highest problem in the security field (and in this report)

But this is the most disturbing of all graphs:

6576 security alerts in 2014 and that was less than 2013 by 1.8% but that is still almost 7000 security alerts in one year. there were 537 alerts in January alone.

Now you know why cyber security must be taken seriously and especially if 56% of OpenSSL is still a 50 month old version. It is no wonder the attackers are winning, since 59% of CISO’s believe their processes are optimized. there seems to be a disconnect with actual results and what executives believe is happneing.

You know I am going to recommend testing to ensure your processes are running as they should.

We happen to have

Alpha and Sigma Scanning to test your systems. (Omega is custom – and Psi is for wireless)

We test your systems to reduce your Security risks with our 4 service products (listed below: A,Σ, Ω, and Ψ)

and