Cisco 2010 Midyear Security Report The impact of global security threats and trends on the enterprise Web 2.0, mobility, virtualization, and other dramatic shifts in how we communicate and collaborate are carving out a new landscape for business and for enterprise security. The Cisco® Midyear Security Report examines these changes and their impact on the enterprise, and highlights other significant trends and threats creating security challenges for organizations worldwide. The report also includes recommendations from Cisco security experts designed to help enterprises strengthen their security. 2 Enterprises and the Tectonic Forces of Change Cisco Study: Collaboration Critical to Employee Success 4 The Technologic Shift: The Proliferation of Mobile and Connected Devices The Mobile Device Onslaught What’s Disrupting the Enterprise? Consumerization of IT Risk Alert: IP-Addressable Devices: Who’s Listening to Your Network? What’s Disrupting the Enterprise? Mobility 8 The Economic Shift: Virtualization of Operations What’s Disrupting the Enterprise? Virtualization 10 The Demographic Shift: The Role of Collaboration and Social Networks Social Media for Enterprises: Upside and Downside It’s 3 p.m.—What Are Your Employees Doing? Tending Their Virtual Fields What’s Disrupting the Enterprise? Social Media 13 Worldwide Government Trends: The Impact on Business Multiple Governments, Multiple Stances on Security Global Security Guidelines: Should Business Become a Player? U.S. Government Update Privacy Issues Moving to the Forefront 16 Taking Action to Reduce Innovation Gaps Criminals Now Protecting Their Intellectual Property The Spread of IPv6 and Domain Name System Security Risk Alert: A “Perfect Storm” of Technological Change Explosive Growth in Connected Devices and Applications—Along with New Threats 20 Insight from the Security Researchers: Hackers Are Choosing Their Own Adventure Risk Alert: Advanced Persistent Threats Risk Alert: The Downside of Being a VIP (or Just Working for One) Small Targets, Big Rewards What Keeps Your IT Security Team Awake at Night? 25 Five Ways Enterprises Can Strengthen Their Security by 2011 30 Security Trends: Midyear Notes 32 Cisco Security Intelligence Operations Cisco Security IntelliShield Alert Manager Service All contents are Copyright © 2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Cisco 2010 Midyear Security Report 1 Enterprises and the Tectonic Forces of Change The business world continues to evolve due to spectacular revolutionary forces that are changing the way we work, live, learn, and play, and how we communicate and share information. These changes aren’t something enterprises can choose to take part in or ignore; in fact, they’re already having a profound impact on your business and your life at this very moment, whether you are unaware of or welcome the change. These changes are part of the dramatic They likely would be most surprised about How do these changes affect an enterprise’s shifts—“tectonic forces”—that are making not having to go to a specific location, such plans to protect its data? Since workers it essential for businesses to rethink their as an office, to get their work done. People now collaborate and share vital information approach to enterprise security. Gone are are increasingly dependent on smart- outside of the workplace, security that’s the days when a network firewall would phones and other mobile devices for limited to the network edge is bound to deter teenagers looking to hack into everyday communication, collaboration, fail. The emerging “borderless network” corporate databases for the challenge, and work, and are using this technology has no defined edge or boundary; instead, notoriety, or for the fun of it. Now, serious more often beyond the traditional office it has many borders that are constantly and well-resourced criminals with and network boundaries. changing. And for the most part, enterprises business plans are intent on stealing both Users also are relying on social network- cannot effectively control the myriad personal data and business intelligence ing services such as Facebook and devices/endpoints on the network. they can sell—and perimeter-based Twitter, online collaborative work tools like This hastens the need for a new model security alone cannot stop them. Google Docs, and software-as-a-service for security that acknowledges the move- What are these forces? Primarily, the (SaaS) applications that don’t live on the ment of corporate data among offices, rise of social networking, the enthusiastic company’s servers. Even if an organization smartphones, workers’ home computers, adoption and proliferation of network- attempts to ban access to certain web laptops, Internet cafes, and any other connected devices, and the embrace services or sites, savvy users will find a place where employees choose to work. of virtualization are altering the threat way around these attempts to continue to Workers want access to customer lists landscape. Time travelers from the 1970s access the services they find useful—and and project data from their iPhones and would barely recognize today’s workplace. believe are necessary to do their jobs. BlackBerry devices, whether they are sitting in the coffee shop near their office 2 Cisco 2010 Midyear Security Report All contents are Copyright © 2010 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. or waiting at an airport gate halfway across defense against security threats, instead Businesses are a prime target for today’s the world. The enterprise is tasked with of on the offense with long-range plans for online criminals, which is why the Cisco granting them this “borderless” access, managing security. 2010 Midyear Security Report is tailored while ensuring the data stays safe. In addition, employees are too often for the business community. In particular Effective controls are needed to address categorized as “part of the security focus are the three “tectonic forces” of the potential security and productivity problem” and not willing participants change, which are dramatically altering issues that can arise from uncontrolled who can play a key role in improving an the cybersecurity landscape: access to social networking services. New organization’s security process. Fearful • The technologic shift: The proliferation data from Cisco shows that employees of data loss or theft, enterprises may of mobile and connected devices accessing interactive games via Facebook unilaterally bar employees from accessing • The economic shift: Virtualization of can spend an hour or more a day playing webmail or social networking sites, or will operations these games (see graphic on page 11 forbid any smartphone that’s not approved for details). To manage security and for use by management. This way of thinking • The demographic shift: The role of productivity, organizations should enact does little to improve security—as stated, collaboration and social networks clear policies regarding access to social workers will figure out how to circumvent This report also examines another networking sites; in addition, they can rules—and makes for a resentful workforce. significant challenge organizations must consider limiting access to social While some businesses may not see the face in the midst of all this dramatic networking to those employees whose value in making the technological and cul- change: responding to the demands of jobs require it (for example, PR and tural shifts necessary for modern security, still-evolving security regulations and marketing functions). today’s threat landscape demands expectations in the countries where they There are technical challenges—and more comprehensive security to protect conduct business. solutions—for this emerging environment. against criminals who operate online and Some enterprises may find that meeting For a security solution to be effective, a are armed with the same sophisticated today’s security challenges is a daunting change in mindset must take place. Too software tools (and talents) claimed by task, but many will find it’s worth the effort: often, enterprises view security as an the most tech-savvy businesses. Effective security practices are an asset add-on, rather than a business enabler. Criminal enterprises are entirely that can strengthen a company’s reputation IT departments tend to operate on the professional in their approach to stealing and competitive edge. The good news is sensitive information. They are driven to that viable solutions do exist. succeed and receive the payoff. They also have key advantages that most network security administrators do not: plenty of time and resources to accomplish their tasks. Cisco Study: Collaboration Critical to Employee Success Today’s employees expect to collaborate The study divided respondents into intend to champion collaborative work extensively with their colleagues—and four categories. Workers identified as processes, they must welcome the use believe it’s not just beneficial, but essential “Collaboration Enthusiasts”—those who of tools and solutions that may feel to their careers and to the business. In a believe collaboration is a key business uncomfortable, from a security standpoint. recent study, Cisco surveyed employees differentiator—use an average of 22 tools, at midmarket and enterprise businesses including social networking sites, blogs, in the United States and found that when and wikis, to connect with colleagues. workers embrace
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages36 Page
-
File Size-