Cisco Warns of Increased Information Security Threats

In its annual security report, Cisco has warned IT (Information Technology) managers about seven categories of risk management that are continually growing.

These categories are based on issues of vulnerability, trust, legal, human, identity, and geopolitical, all of which primarily require protection against data leakage, anti-malware measures, disaster planning, and risk management for enterprises.

Chief Security Officer for Cisco, John Stewart, explained how cyber crime is evolving with frequent use of sophisticated techniques that were previously seen only electronically. Stewart said that threats to information security can't be viewed as a duel against only a phishing attack or virus. They need to be analyzed as a social engineering technology in its pervasive use. EFYtimes reported this on December 22, 2007.

One indication from the report is that attacks and threats are more sophisticated and global in nature, a trend that is likely to continue through 2008. With the evolution of Web 2.0 technology and the increased adoption of IP-connected applications, devices, and methods for communication, there would unfold a lot more opportunities for attacks. In a combined form, these trends lead to the creation of a fresh chapter on security risks and attack methods that would be etched down in history.

Enterprises that are keen to know about security trends will find Cisco's report showing substantial decreases in flaws for execution of arbitrary code, exploited mis-configurations, backdoor trojans and directory-related attacks. However, attacks for stealing identities would likely be a continuous problem for businesses in 2008, according to the report.

The enormous increase in flaw occurrence is due to software vulnerabilities and attacks involving buffer overflow. Cisco therefore advises businesses to focus their efforts on defense against critical flaws that are important and active targets for abuse.

According to the news that itVARnews published on December 20 2007, Stewart said that IT security does not just involve a fight against a spam or virus attack. It now has political, identity-based, and legal factors involved as well. He cited the ID thefts at large retailing businesses and the recent DDoS (Distributed Denial-of-Service) attack by Russian hackers against Estonia over relocation of a Soviet-era memorial as examples.

Related article: Cisco Finds Two Vulnerabilities and Recommends for Patches

» SPAMfighter News - 1/7/2008