In its annual security report , which analyzes the Internet security scenario and trends, Cisco pointed out that companies need to adopt a more collaborative strategy in combating cyber threats and attacks. Expanding and extending security actions for users, in addition to servers and systems.
As security techniques advance, hackers become more efficient. Therefore, it is increasingly necessary for companies to seek constant improvement and evolution of their protection and security techniques.
Changes to attack techniques
Criminals have expanded their tactics and adapted the techniques and tools used, with the aim of making it more difficult to analyze and detect viruses and compromised systems.
Among the most used techniques, spam sending stands out, where low amounts of spam are sent from a large set of IPs and different locations. Another widely used method is the malicious combination of codes, exploiting small vulnerabilities in Flash and Javascript, such as outdated versions and low security levels when browsing.
Users become the target
Cisco's research revealed that attackers stopped focusing their attacks on servers and operating systems and started targeting users, who, due to a lack of knowledge and poor use of the Internet, end up accessing and downloading malicious files from compromised websites. For example, attacks through spam and malicious messages increased by 250% in 2014.
Security in companies
A highlight of the research shows a greater distance between intention and practical defensive actions. The study indicates that 75% of those responsible for security in companies consider their techniques and tools to be effective. However, only 50% of these use recommended and standard tools to prevent security breaches and guarantee the execution of updated versions of applications.
A positive point of the research shows that in Brazil 34% of organizations have an advanced level of security. However, still behind countries like the United States with 44% and India with 54%.
How to increase security?
The most relevant point to be considered in the research is the changes that the security market has been undergoing, mainly due to the expansion of techniques used by Internet criminals. In view of this, there is a clear need for adaptation also on the part of security managers, for this it is necessary to change the security principles that are still widely used.
Cisco, in its “Security Manifesto”, lists some basic principles that must be followed in security strategy and actions, both by managers and Internet users:
- Security must support the business.
- Security must work with the existing architecture – and be usable.
- Security must be transparent and informative.
- Security must allow visibility and appropriate action.
- Security should be viewed as a “people problem.”
And in your company, what has been done to keep protection against attackers up to date and efficient? Share your experiences in the comments!