SAN JOSE, CA--(Marketwire - December 18, 2007) - In an effort to shed greater light on growing
trends involving security threats around the world, Cisco® (
NASDAQ:
CSCO)
announced the release of its first annual report on the global state of
security. The report spotlights the risks and challenges that businesses,
government organizations and consumers increasingly face and offers
suggestions on guarding against them.
The 2007 Cisco Annual Security Report, released in conjunction with the
launch of the company's updated Cisco Security Center site
(
www.cisco.com/security), provides a concise summary of the past year's
major issues. It offers predictions for security threats in 2008 and
recommendations from Cisco security practitioners, such as Chief Security
Officer John Stewart and Vice President of Customer Assurance and Security
Programs Dave Goddard. While many end-of-year industry reports focus on
content security threats (viruses, worms, trojans, spam and phishing), the
Cisco report broadens the discussion to a set of seven risk management
categories, many of which extend well beyond isolated content security
issues. The categories are vulnerability, physical, legal, trust, identity,
human and geopolitical, and together they encompass security requirements
that involve anti-malware protection, data-leakage protection, enterprise
risk management, disaster planning, and more.
The report's findings reinforce the fact that security threats and attacks
have become more global and sophisticated. As the adoption of more and more
IP-connected devices, applications, and communication methods increases,
the opportunity emerges for a greater number of attacks. These trends are
writing a new chapter in the history of security threats and attack
methodologies.
Years ago, viruses and worms (Code Red, Nimda, and others) ransacked
computer systems to cause damage and gain notoriety. As Internet adoption
and e-commerce increased, blended threats (spam-enabled phishing attacks,
botnets, etc.) evolved with the intent to steal money and personal
information. This "stealth-and-wealth" approach subsequently evolved into a
more worldwide phenomenon that frequently features more than one of the
seven risk categories.
According to Stewart, information security is no longer just a battle
against a virus or spam attack. There are oftentimes legal, identity-based
and geopolitical factors involved. As examples, he points to identity theft
at major retailers and a recent distributed denial-of-service attack
allegedly launched by politically motivated hackers within Russia on its
neighbor Estonia this spring. The cyber attack, which reportedly stemmed
from outrage over Estonian authorities' decision to move a Soviet-era war
memorial from a park, shut down many of the country's government Web sites.
"Cybercrime is evolving before our eyes, oftentimes using well-known
techniques seen before only in electronic form," Stewart said. "You just
can't afford to view information security threats as a standalone duel
against a virus or a phishing attack; threats involve social engineering
and technology, trust and pervasive use. Today, the effort to secure
businesses, personal identities and countries requires a greater level of
coordination among parties that have not traditionally worked together as
closely as they'll need to. IT security teams, businesses, government, law
enforcement, consumers, citizens: They're all targets, yet they're also
allies. The effectiveness of national, enterprise and personal security
will depend on the collaboration and communication among all of these
constituencies."
According to Stewart and Goddard, the key to this collaboration is
education. The Cisco report offers several recommendations for each of the
seven risk-management categories. Some of the noteworthy recommendations
include:
-- Conduct regular audits within organizations of attractive targets and
evaluate the avenues that can be used to attack them. "Exploits are too
often successful because of not following security basics: host-based
intrusion prevention, patches and upgrades with security fixes, and regular
audits," Stewart said.
-- Understand the notion that threats follow usage patterns. "Where the
majority goes, attackers will follow," Goddard said. "Every time a new
application or device enters the fold, new threats will emerge."
-- Change the mindset of employees, consumers and citizens who consider
themselves innocent bystanders and empower them to become active
influencers with shared ownership over security responsibilities. IT teams
should help lead this charge, but it's not solely their problem.
-- Make security education a priority. Businesses, security vendors, and
government agencies need to invest in security education and awareness-
building. This effort should include industry-wide collaboration among
partners and competitors.
-- Institutionalize IT security education by incorporating it into school
curricula.
-- Consider more than just performance when building a secure network.
Focus on the network's ability to collaborate, inspect, adapt and resolve
security issues end to end, from gateways and servers to desktops and
mobile devices.
-- Security vendors need to provide comprehensive security solutions that
extend throughout the network infrastructure, application mix and data
itself.
To access the free report:
http://www.cisco.com/web/about/security/cspo/docs/Cisco2007Annual_Security_Report.pdf
About Cisco
Cisco (
NASDAQ:
CSCO) is the worldwide leader in networking that transforms
how people connect, communicate and collaborate. Information about Cisco
can be found at
http://www.cisco.com. For ongoing news, please go to
http://newsroom.cisco.com.
Cisco, the Cisco logo and Cisco Systems are registered trademarks or
trademarks of Cisco Systems, Inc. and/or its affiliates in the United
States and certain other countries. All other trademarks mentioned in this
document are the property of their respective owners. The use of the word
partner does not imply a partnership relationship between Cisco and any
other company. This document is Cisco Public Information.
For direct RSS Feeds of all Cisco news, please visit "News@Cisco" at the
following link:
http://newsroom.cisco.com/dlls/rss.html
Contact Information: Media Relations:
Neil Wu Becker
Cisco Systems, Inc.
408 525 7415
nebecker@cisco.com
Industry Analyst Relations:
Sarita Kincaid
Cisco Systems, Inc.
408 525 0733
skincaid@cisco.com
Investor Relations:
Marisa Ross
Cisco Systems, Inc.
408 527 9830
mariross@cisco.com