The frequency and sophistication of cyberattacks have escalated throughout 2008, reports the San Diego-based Cisco Systems.
"We've seen a streak of capitalism to maximize their profits and an ability for them to work together in ways that are truly mind boggling," Patrick Peterson, Cisco fellow and chief security researcher, told Information Security magazine.
The Internet solutions company's Annual Security Report, released today, catalogues five major Internet and network security developments over the past year.
First, spam has exploded: 90 percent of the 200 billion messages sent each day comprise spam. Second, disclosed vulnerabilities have risen by 11.5 percent over 2007. Third, virtualization products have become less secure: vulnerabilites have grown three-fold over 2007 as more companies embrace the new technology to increase cost-efficiency and productivity. Fourth, threats from legitimate sites have grown by 90 percent as botnets increasingly infiltrate such sites and redirect traffic to fake Web sites. Fifth and finally, nearly one-tenth of the top three Web mail providers' e-mails—Google, Microsoft, and Yahoo— were spam.
Spammers have increasingly sent their spam mail through these recognizable Web mail providers because it increases the chance spam will not get blocked by spam filters, Cisco reported.
In 2009, Cisco says its researchers will track the following threats closely: insider threats, data loss, and new tools.
As the economy slumps, Cisco warns employers that disgruntled or negligent employees may compromise their network and information security. The company also recommends firms invest in technology, education, and clear, well-enforced data protection policies to stop careless employees and hackers from exposing critical data that could lead to financial loss. And while firms invest in virtualization products such as "cloud computing" to increase employee efficiency and productivity, security personnel will have to remain vigilant as the "increasing number of devices and applications in use can make the expanding network more susceptible to new threats."
"Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures," said Peterson. "It is important to upgrade applications, endpoint systems, and networking equipment to help ensure that corporate systems run smoothly and minimize risk."