Cisco recently released its Security Capabilities Benchmark Study as part of its 2015 Security Report. Researchers interviewed more than 1,700 CISOs and SecOps managers to identify what security measures they are using and what vulnerabilities exist. While 90 percent of respondents said they are “confident” in their security strategies and 75 percent view their security measures are “extremely effective,” their specific responses reveal vulnerabilities. Consider some of the study’s findings.
- Not updating software is a major culprit. Only 38 percent of respondents have a regular patching and software update schedule. In fact, only 10 percent of Internet Explorer (IE) Users are running the most current version. Not surprisingly, IE accounted for 31 percent of attacks. Similar vulnerabilities were seen with Adobe Flash and PDF Reader, accounting for 19 percent of cyber attacks. The bug called “heartbleed” was a huge offender in 2014. However, the survey noted that 56 percent of devices attacked with this bug were using versions of OpenSSL that were more than 50 months old. Once again, not staying up-to-date drastically increases vulnerability.
- Java is improving. Cisco’s 2014 report blamed Java for 91 percent of all attacks and tracked 54 vulnerabilities in 2013. Those vulnerabilities were down to 19 for the 2015 report and incidents of attack dropped 34 percent. The improvement is attributed to constant reminders to update the Java Virtual Machine (JVM). “JVM quality is just getting better with better security,” said Martin Roesch, chief architect of the security business group at Cisco.
- 2014 saw a huge increase in spam. Spam volume increased by 250 percent in 2014. Researchers blame the increase on a technique called “snowshoe spam,” a method that allows messages to be sent over many different IP addresses. Since the messages are sent in a low volume batch, they are often not detected by filters.
For small businesses, data security strategies must be constantly evolving. BisonTech understands you have a business to run while maintaining data security. Let us handle your technology solutions, ensuring you stay up-to-date and well-protected. Contact us to learn more.