Telco security processes best of all sectors – report
According to a report by Cisco, the telecoms industry has the strongest security processes of all sectors, with globally 47% of telcos having 'highly sophisticated' systems in place.
January 20, 2015
According to a report by Cisco the telecoms industry has the strongest security processes of all sectors, with globally 47% of telcos having ‘highly sophisticated’ systems in place.
The annually published Cisco Security Capabilities Benchmark Survey report, which assesses both threat intelligence and cyber-security trends, claimed telcos are better equipped to tackle malicious attacks than government bodies (43%), financial services organisations (39%), and transport firms (35%).
In geographical terms across all sectors, the report claimed the UK at 41% is behind India (54%), the US (44%) and Germany (43%), but above countries such as China (36%) and Japan (24%).
The report said security teams must be constantly improving protection processes as attackers continue to up their game in taking advantage of any security gaps. According to Cisco, matters are made more complicated by attackers’ geopolitical motivations, as well as conflicting data laws that differ from country to country.
The report, which is based on a survey of security specialists at 1,700 companies, outlined the top three cyber-attack trends of last year. These were: ‘snowshoe spam’ where large volumes of spam mail from a high number of IP addresses to avoid detection and to take advantage of compromised accounts, ‘web exploits hiding in plain sights’ meaning the use of less known exploit kits while security experts are focusing on the more commonly used ones, and ‘malicious combinations’ where exploits are shared over two different files (such as historically vulnerable Java and Flash files) making detection more difficult.
“Security needs an all-hands-on-deck-approach, where everybody contributes, from the boardroom to individual users,” John Stewart, SVP, Chief Security and Trust Officer at Cisco said.
“We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight.
“Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind. Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future. It requires leadership, cooperation, and accountability like never seen before in our industry.”
The report also claimed there is a widening gap between security defenders’ perception of their capabilities and actual abilities combating threats, saying 75% of respondents see their tools very or extremely effective. But only 50% of those surveyed apparently use standard tools such as patching and configuration to protect against security breaches.
“Attackers have become more proficient at taking advantage of security gaps,” Jason Brvenik, Principal Engineer at Cisco’s Security Business Group said. “We observed that that 56% of all OpenSSL versions still remain vulnerable to Heartbleed and that major attacks are only levering 1% of high-urgency vulnerabilities at any given time.
“Despite this, we see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches. Even with leading security technology, excellence in process is required to protect organisations and users from increasingly sophisticated attacks and campaigns.”
About the Author
You May Also Like