As cyber attacks explode, Cisco claims shortage of 1m IT security professionals

20 Jan 2014

Trust in anything connected to the internet risks being eroded as overall IT security vulnerabilities reached their highest level in 14 years, Cisco warned today, pointing to a global shortage of more than 1m security professionals.

Overall total security threat alerts increased 14pc in 2013, the highest level since Cisco began recording its data in 2000 for its Annual Security Report.

The report also indicated a shortage of more than 1m security professionals worldwide, with Cisco warning that the sophistication of the attackers and the amount of attacks has outpaced the ability of IT and security to address the threats.

The 2014 report shows that the landscape has changed dramatically from single attacks that cause containable damage to organised cyber-crime operations that are sophisticated, well-funded and capable of causing significant damage to large businesses and governments.

The report also revealed that new classes of devices and new infrastructure architecture offers attackers new opportunities to exploit poorly defended assets.

Cyber-criminals have learned how to conduct infrastructure-scale attacks to gain access to strategically positioned web-hosting servers, name servers and data centres, with the core aim of proliferating their attack across legions of individual devices.

Grim picture of cybersecurity in 2014

“By targeting internet infrastructure, attackers undermine trust in everything connected to or enabling it,” Cisco said.

It cited 100pc of a sample of 30 of the world’s largest multinational networks that generated traffic to websites that host malware.

Some 96pc of the networks communicated traffic to hijacked servers and 92pc to websites hosting malicious activity.

Multipurpose Trojans accounted for 27pc of total attacks in 2013, with malicious scripts, such as exploits and iframes, forming the second most frequently encountered category at 23pc.

Data-theft Trojans, such as password stealers and backdoors, made up 22pc of total malware encounters.

Java continues to be the most frequently exploited programming language exploited by online criminals, making up 91pc of compromises.

The study revealed that 99pc of all mobile malware targeted Android devices. At 43.8pc, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official app stores.

Specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry, formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.

“Although the Cisco Annual Security Report paints a grim picture of the current state of cybersecurity, there is hope for restoring trust in people, institutions and technologies,” said Cisco’s chief security officer John Stewart.

“That starts with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack.”

Cyber attack image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com