Cisco 2010 Midyear Security Report

The Cisco 2010 Midyear Security Report examines the "tectonic forces of change" reshaping the security landscape. The proliferation of mobile and connected devices, virtualization of operations, collaboration and social networks—and increasingly sophisticated cyber threats—demand that businesses take swift action to strengthen, and rethink their approach, to enterprise security. The report suggests organizations take action to address known risks and implement a layered defense to protect the business and users, and includes recommendations from Cisco security experts designed to help enterprises strengthen their security.

These tectonic forces of change are driving the need for a new model for security that acknowledges the movement of corporate data among more places and devices than ever before—from offices to smartphones to workers' home computers to laptops. Employees demand access to critical business information on their mobile devices, whether they are sitting in a coffee shop near their office or waiting at an airport gate halfway across the world. As detailed in the Cisco 2010 Midyear Security Report, the enterprise is tasked with granting employees this "borderless" access, while ensuring data stays safe.

Advanced Persistent Threats (APTs) remain under the security-detection radar, and thus are difficult to detect and eliminate.

As explained in both the Cisco 2009 Annual Security Report and this latest report, online criminals continue to match every innovation in borderless access with their own new tactics for breaching network safeguards. This threat is compounded by the so-called "innovation gap": Even as the private sector innovates in adopting technology, criminals often move even faster. For instance, as businesses weigh the benefits of embracing social networking and peer-to-peer technologies, criminals are already using these innovations not only to commit crime, but to enhance their communication, and refine and promote their areas of expertise.

Enterprises need to bridge the innovation gap by focusing on security basics. "One reason why many hacking scenarios succeed is because a critical element of a network or an individual within a network is trivially compromised," said John Stewart, vice president and chief security officer of Cisco. "Part of the innovation gap is that organizations are just fighting the latest threats—focusing on whatever is the shiniest object in the security threat landscape—instead of staying on top of old and current problems that remain popular paths of attack for criminals."

Additional Highlights

The Cisco 2010 Midyear Security Report includes:

  • Results and analysis from two new Cisco studies—one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
  • International trends in cyber security and their potential impact on business
  • Insight into how hackers penetrate "soft spots" in enterprise security to steal sensitive data and sell it to the highest bidder
  • An update on global spam trends since late 2009 and spam volume predictions for 2010

Key Recommendations

The Cisco 2010 Midyear Security Report provides guidance, based on advice from Cisco security experts, to help businesses improve their enterprise security by 2011. Recommendations include:

Closing gaps in situational awareness—IT teams need to gain better visibility into the overall network security posture to attain "moment by moment" awareness of the state of their network.

Focusing first on solving "old" issues—and doing it well—Narrow the focus on security solutions to avoid mediocre results or unfinished projects. For instance, software updating and patching is a good place for many organizations to begin making improvements.

Educating your workforce on security—and including them in the process—Allow users to be part of the security solution by educating them, explaining the security issues the enterprise needs to address, and asking them how they can help the organization solve these problems.

Understanding that one security border is no longer enough—There are now multiple borders to protect instead of just one, and they are constantly changing.

Viewing security as a differentiator for your business—Security is an asset, and in many ways, it can be a competitive tool. Organizations should align their security investments with their business objectives.

An organization's network infrastructure, and the security that supports it, is a complex ecosystem that is always changing. Each new event—whether a merger or acquisition, hiring or downsizing, or a new product launch—has an impact on what the enterprise needs to protect. In the Cisco 2010 Midyear Security Report, enterprises will find new ideas and strategies for meeting these complex security challenges.