Out-Law News 2 min. read
17 Jan 2014, 2:45 pm
Cisco said that the "maturation of mobile platforms" appears to be "helping criminals gain an edge". The comments were contained in Cisco's Annual Security Report 2014 (registration required to access 81-page / 2.56MB PDF).
"Cisco security experts note that the more smartphones, tablets, and other devices perform like traditional desktop and laptop computers, the easier it is to design malware for them," the report said.
The company said that the growing use of mobile applications is also posing a risk to information security since users often do not think about security implications when downloading them.
"Today’s security teams are grappling with the 'any-to-any problem': how to secure any user, on any device, located anywhere, accessing any application or resource," Cisco said. "The BYOD ('bring your own device') trend only complicates these efforts. It’s difficult to manage all of these types of equipment, especially with a limited IT budget."
"In a BYOD environment, the CISO (chief information security officer) needs to be especially certain that the data room is tightly controlled. Mobility offers new ways for users and data to be compromised. Cisco researchers have observed actors using wireless channels to eavesdrop and gain access to data being exchanged through those channels. Mobility also presents a range of security issues for organisations, including the loss of intellectual property and other sensitive data if an employee’s device is lost or stolen and not secured," it said.
Cisco said that, by October last year, there had already been a 14% rise in the number of "threat alerts" across all platforms identified in 2013 relative to 2012 as a whole. It said that the varied IT landscape, through the growth of mobility and cloud computing especially, made it hard for IT security teams to address all the vulnerabilities in businesses' networks.
"Organisational vulnerabilities are increasing because enterprises are working through disaggregated point solutions and multiple management platforms," Cisco said. "The result: a set of disparate technologies across control points that were never designed to work together. This increases the potential for the compromise of customer information, intellectual property, and other sensitive information, and puts a company’s reputation at risk."
"A continuous capability that provides the best opportunity to meet the challenges of complex threat environments is needed. Relentless attacks do not occur at a single point in time; they are ongoing. So, too, should be a company’s defences," it said.
Cisco said, however, that there is a shortage of experts in IT security which is hampering businesses' ability to combat threats. It said that there may be more than one million fewer IT security experts than the global industry requires.
Cisco said that trust across the internet had been diminished as a result of the details leaked of the surveillance activities of the US' National Security Agency (NSA), including consumers' trust in online businesses. The company called on companies to "examine their security model holistically" and make sure they can see what is going on before an attack happens, during an attack and after an attack.
"We are in a market transition where trust matters, and process and technology must be integral features of product design for a vendor to meet the needs of today’s threats," Cisco chief security officer John N. Stewart said. "A company’s promise is insufficient. Firms need verification through certified products, integrated development processes, innovative technology, and respected standing in the industry. Organisations also must make it an ongoing priority to verify the trustworthiness of the technology products they use and the vendors that supply them."