Cisco 2010 Annual Security Report

The Cisco 2010 Annual Security Report examines cybercriminals’ reliance on a potent weapon at their disposal: the exploitation of trust. Criminals are now skilled at convincing users and systems that they are safe to interact with and can be trusted. And the ability to exploit trust means cybercriminals are able to do more damage with fewer intrusions.

“Miscreants are continuing to find new and creative ways to exploit network, system, and even human vulnerabilities to steal information or do damage,” said John N. Stewart, vice president and chief security officer, Cisco. “The challenge is that we need to block their exploits 100 percent of the time if we are to protect our networks and information. They can be right once; we have to be right all of the time. We need to be ever-vigilant in our efforts to protect our assets, information, and ourselves online.”

2010 saw more criminals beginning to channel their resources toward exploits that target mobile users. The worldwide adoption of mobile devices and the rapidly growing and relatively new market for mobile applications present scammers with a virtually untapped market of opportunity for intrusions and theft.

2010 Vendor Vulnerabilities According to Cisco IntelliShield, reported vulnerabilities from Apple
are on the rise.

The shift in focus toward targeting mobile users also indicates that a “tipping point” in vulnerabilities has been reached: PC vendors are building better security into their products, making the Windows PC environment less profitable for criminals. In addition, the Apple operating system, previously thought of as a less-attractive target for hackers, now shows signs it is becoming a more popular venue for cybercrime: according to data from Cisco Intellishield, while reported vulnerabilities and updates are on the rise from most major vendors, Apple is showing the greatest increase.

To accomplish carefully defined goals, such as stealing sensitive business information, many criminals are investing more in the development of exploits that target specific high-value individuals and critical business and industrial systems. The emergence of the Stuxnet network worm in 2010, which exploits zero-day vulnerabilities in Windows to tamper with very specific industrial systems, was a new twist on the trend toward “hypertargeting.”

Additional Highlights

Spam By Nation
  • The Cisco 2010 Annual Security Report includes:
  • 2010 Winners of the Cisco Cybercrime Showcase
  • An update on global spam trends since late 2010
  • The Cisco Cybercrime ROI Matrix, which identifies the most important cybercrime trends
  • Special reports on money mules, the linchpins of cybercrime networks
  • The “seven weaknesses” to watch for in order to avoid falling prey to social engineering scams
  • The Cisco Global ARMS Race Index showing a decline in the number of networks and machines under adversarial control, compared to December 2009 levels

In 2011, enterprises will continue to grapple with how best to address security issues around mobile devices, mobile working, and trends such as virtualization, and develop a cybersecurity plan that both protects and enhances the productivity of their employees.