Advertise Here!Call +234 (0) 8035007778
Cisco 2009 Midyear Information Security Report
1 Aug 2009 - Cisco's security intelligence team has released Cisco's midyear security report for 2009. The report is based on Cisco's findings and views on threats and trends from beginning till mid 2009. The report presented by Cisco as "An update on global security threats and trends" includes data on new threats, observations and forecasts for information security in the future.
Cisco states that "The Cisco Midyear Security Report presents an
overview of Cisco security intelligence, highlighting threat
information and trends from the first half of 2009. The report also
includes recommendations from Cisco security experts and predictions
of how identified trends will evolve".
According to the report though attacks are becoming "more
sophisticated and targeted", collaboration as well as enhanced
security policies is not only making it possible for attacks to
succeed and spread, but prosecution of attackers is being enabled.
The report states that criminal sophistication and business acumen have increased since the publication of last year's annual security report. Criminal organizations have gone to the extent of innovating new models based on genuine real world business practices. Examples are the creators of botnets—networks of compromised computers that can carry out the bidding of online scammers. So just as you have Software application service providers there are now providers of botnets as a service. It is possible to pay to use a compromised network to carry out illegal activities.
In the words of Tom Gillis, Vice President and General Manager of
Cisco Security Products, "We see many signs that criminals are
mimicking the practices embraced by successful, legitimate
businesses to reap revenue and grow their enterprises. It seems the
best practices espoused by Fortune magazine and Harvard Business
School have found their way into the online underworld."
Causes for Concern
A cause for concern identified in the report certain areas of concern is the Technical Innovation of Online Criminals. The Conficker worm example is used to describe remarkable technical innovation and capabilities of online criminals. "Several million computer systems have been under Conficker's control at some time as of June 2009, which means the worm appears to have created the largest botnet to date". This example exploits traditional vulnerabilities that security experts and users are ignoring. It is a case of criminals using "older tactics in new ways."
Also it's apparent that attackers are monitoring and using security
best practices and trends to develop newer and more dangerous
weapons. The offensive is mounted through the exploitation of
"proper and enhanced security tools and concepts" to beat security
experts and protection agencies.
Another cause for concern noted by the report is the Criminal Sophistication and Collaboration. Cooperation and collaboration amongst attackers is at an all time high. Just like in the normal business scenario online criminals combine strengths, share expertise tools and overcome weaknesses together to achieve illegal business objectives. Shutting down this networked, online mafia is notoriously difficult to achieve. The collaboration between the two large botnets, Conficker and Waledac was highlighted in the report.
Collaborations of this nature that are networked and persistent can
cause severe damage.
The report expects this trend of illegal collaboration to continue. According to the report, "One security researcher discovered that a major botmaster used an online forum to ask other criminals for help after his own botnet was hacked".
Cause for Optimism
However, organizations are also collaborating aggressively to
shut down online threats. This is identified as a cause for
optimism. Just as online criminals collaborate and refine their
strategies the report states that collaboration between
organizations to shut down online threats is succeeding. The efforts
of the Conficker Working Group to block the Conflicker worm is shown
as an excellent example. Other positive examples were highlighted in
Also seen as positive are the efforts of several countries to boost information protection and address the global menace of cybercrime. The Obama administration's decision to appoint a "cybersecurity coordinator" to oversee "a new comprehensive approach to securing America's digital infrastructure" is mentioned. It noted that the United Kingdom and other countries are also currently conducting cybersecurity reviews and evaluations. Cisco provides evidence to show that the greater focus from both government and international law enforcement on combating cybercrime and improving cybersecurity is yielding results. Already in 2009 there have already been some high-profile arrests.
Other report highlights include the fact that Web 2.0 applications, cherished for their ease of use and flexibility, have become attractive to attackers. And criminals are still compromising legitimate websites for the purpose of propagating malware to great effect while online banking customers are being targeted by criminals
Click this link for
learn more about the African Information Security Association (AISA)
Join the African Information Security Online group on Facebook
Join the African Information Security Online Group on LinkedIn
AISA Content is provided by Jidaw Systems on behalf of The African Information Security Association (AISA)
Jidaw Systems Limited (Jidaw) is an information technology solution provider that specializes in IT Consulting, e-business, Content provision, Web Publishing, Computer Networking and Training. Jidaw Systems Limited, developed and runs www.jidaw.com
Jidaw Systems Limited is the originator of the IT Entrepreneurship Guide series - Success in IT Business programs and a Foremost Authority on IT Career development. Jidaw Systems is a NASITEA partner.
IT Career Development.
A major focus of Jidaw (Mastercomputers) is the promotion of IT Career Development. Jidaw presents
FREE IT Career Seminars
The one and only Information Technology Entrepreneur Guide
Success in IT Business (SITB) training program is designed to help you start your New IT Business. Now You have an uncommon, hard-to-find opportunity to learn first hand from the real world ideas and experience of IT Entrepreneurs.
Prepare Yourself for the no-nonsense Information Technology Entrepreneurship Business program -Success in Information Technology Business (SITB) program. Discover the Reality and Principles required to create your own Profitable and Sustainable IT Business.
What Do you Have to Say? Post Your Comments about this Content Resource Here.
August 12, 2009
Ani Michael of Jos, Plateau State, Nigeria says:
A good one from Cisco. Hope other vendors will take note, and AISA too gets involved.
DISRUPT THE STATUS QUO!
Ideas are not enough. You must be action oriented to improve your future.
Don't just think but act. You get results not only from thinking but from acting.
You have ideas. You want to achieve. You want opportunity.
But what are you still doing in your comfort zone? The comfort zone is a dangerous place.
"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.
Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.
GO on the offensive now with IT Education and Empowerment.
What is the use of ideas without action?
Start becoming the achiever you deserve to be.
MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.