Network giant Cisco Systems released its 2014 Annual Security Report last week, which should make sobering reading for every business manager and owner. If youโre looking at a career change, the survey even suggests a possible new job.
Over two million of Ciscoโs customers were examined in the survey and every single company had evidence of their systems being compromised in some way, from staff visiting suspicious websites to full-scale hacker break-ins.
The survey points out that IT security risks are evolving quickly as business technology becomes more complex and itโs hard for even industry professionals to keep up with the pace of change.
โEven the most sophisticated and well-funded security teams are struggling to keep on top of whatโs happening,โ the chief security officer of Cisco, John Stewart, told a media briefing yesterday.
That concern was reinforced by Stewartโs colleague Levi Gundert, technical lead at Ciscoโs Threat Research Analysis and Communications (TRAC) group.
โItโs not about are you going to be compromised,โ said Gundert. โThe question is how long is it going to take for you to detect and shorten the remediation window?โ
If even the worldโs biggest corporations are struggling, what can smaller organisations do to control the risk?
The biggest computer security risk is Java software. Cisco found a shocking 91% of software exploits were related to the application, โ2013 was the year of the Java exploit. It was a bad year for Java.โ says Gundert.
It should also be noted that the first successful malware targeting Apple Macs, the Flashback Trojan, was a Java exploit.
The best way to deal with this risk is keep Java off your systems, the problem with that advice is many business applications โ and games if you have a home office or kids use your computer โ need the software to run.
If you have to use Java packages, make sure you have the latest version running on your systems.
Itโs not just Java that is a risk; Cisco identified Adobe PDFs and Microsoft Office vulnerabilities as being other threats. Itโs important that all systems โ Mac, Windows or any other operating systems โ are kept up to date with the latest patches.
Except when your computers are being updated, thereโs no reason for office computers to be running in Administrator mode. Day to day use should be done in restricted user profiles.
On a Windows machine, workers should be logged on as standard users, while on Macs they should be managed users, the only time an Administrator needs to be logged on is when maintenance is being done.
The IT security industry has been watching smartphones for a while and 2013 started seeing large-scale malware appearing on mobile devices, although itโs still small scale compared to PCs.
Ciscoโs survey found only 1.2% of web-based malware coming from mobile devices with almost all the infections being on Android systems.
Most of these Android infections were game add-ons downloaded from unofficial Android app stores, so the message is to stick to the official, trusted services.
Another risky area for businesses identified by Cisco are websites being compromised and hijacked. The software on these needs to be updated to the latest versions just as office computers should be.
Often, disused websites and blogs arenโt updated, the ABC discovered last year that abandoned, neglected websites are a great way for hackers and malware distributors to launch attacks or spread problems.
So if you have older websites or blogs shut them down and redirect the domains to operating addresses.
For those operational websites, password security needs to be beefed up as Cisco found โbrute forceโ attacks โ where automated systems try every conceivable password combinations โ were up threefold in 2013.
A big problem facing the IT industry is a worldwide skills shortage: โThere are essentially a million jobs across the globe that can be filled but we donโt have trained people to fill them,โ says Ciscoโs Stewart. โWeโve got a dearth of talent and skills.โ
For smaller businesses, that means itโs harder to find someone to fix problems when they happen, for both business managers and owners itโs smarter to reduce the likelihood of having a problem rather than scrambling to find an IT professional to help after the event.
The good news from Ciscoโs survey is if youโre thinking of a career change, or you have a teenager moping around looking for a job, then IT security could be the answer.
For everyone else, as business and the world in general becomes more connected we have to start taking security more seriously.
Paul Wallbank is the publisher of Networked Globe, his personal blog Decoding The New Economy charts how our society is changing in the connected century.
Paul Wallbank writes on how IT affects communities, markets and workplaces. He also helps businesses to grow and engage their customers with technology.
Comments