Shortages of sufficient IT and security professionals have driven overall vulnerabilities and threats to the highest level since records began.
Cisco’s Annual Security Report shows that cumulative annual alert totals in October 2013 rose 14 per cent compared to the year before and hit the highest number since it began recording them back in May 2000.
It’s a trend that is being driven by the lack of proven security professionals that Cisco predicts will reach over one million worldwide during 2014 due to the lack of training married to the fact that current IT doesn’t have the ability to counter infiltrations and monitor networks on an ongoing basis.
“Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” said John N. Stewart, senior VP and chief security officer, Threat Response Intelligence and Development, Cisco. “To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack.”
In terms of the types of attacks being seen by Cisco, it stated that distributed denial of service [DDoS] attacks have “increased in number and severity” across the year with Java the most frequently exploited programming language.
The most encountered web delivered malware was multipurpose Trojans with 27 per cent of the total number and second place went to malicious scripts with 23 per cent of encounters. Data theft Trojans, such as password stealers and backdoors, saw 22 per cent of all encounters.
When it came to mobile malware and threats, 99 per cent of all mobile malware targeted Android devices with Andr/Qdplugin-A the most frequently encountered mobile malware with 43.8 per cent of threats.
In relation to mobile threats, the report stated that new classes of devices and new Internet infrastructure offers attackers more opportunities to take advantage of unanticipated weaknesses and inadequately defended assets.