News Feature | December 1, 2014

Cisco Report Reveals Computer Users Are Too Trusting

By Cheryl Knight, contributing writer

Government IT News For VARs — December 10, 2014

When it comes to cyberattacks, hackers prey on the trust most users have when dealing with others on the Internet: trust in the in systems and applications they use, as well as the people who they interact with online.

Whether they use socially engineered password theft or implement programs that hide in plain sight, malicious actors are always looking for ways to take advantage of the trust that network users have in their systems.

Cisco has released a report offering insight into the most common security concerns. In addition to looking at distributed denial-of-service (DDoS) attacks, the changing face of malware, and trends in network vulnerabilities across the board, the report examines the groups that are usually targeted by hackers and the growing sophistication that attackers are developing in stealing data from companies around the globe.

Key Findings

The key findings of the report include how malicious exploits allow attackers to gain access to servers and data centers, mainly through the use of bots that seek out high-reputation and resource-rich sites. Buffer errors also rank at the top of the list when it comes to threats. Another startling fact is that malware attacks are switching toward agricultural, electronic, and mining industries at a rate of six times above the average encounter rate.

Using the trust that users have in their network, attackers continue to spam, though spam is now trending. The most Web exploits are through Java — alarmingly, 76 percent of companies that use Cisco Web Security as part of their cyber defense run Java 6, which is unsupported.

In the report, John N. Stewart, Cisco’s chief security officer, says, “We are in a market transition where trust matters, and process and technology must be integral features of product design for a vendor to meet the needs of today’s threats. A company’s promise is insufficient. Firms need verification through certified products, integrated development processes, innovative technology, and respected standing in the industry. Organizations also must make it an ongoing priority to verify the trustworthiness of the technology products they use and the vendors that supply them.”