Cisco Annual Security Report 2015

Bem interessante, como se vê nas "key discoveries":

Attackers have become more proficient at taking advantage of gaps in security to hide and conceal malicious activity.
► In 2014, 1 percent of high-urgency common vulnerabilities and exposure (CVE) alerts were actively exploited.
This means organizations must prioritize and patch that
1 percent of all vulnerabilities quickly. But even with leading security technology, excellence in process is required to address vulnerabilities.
► Since the Blackhole exploit kit was sidelined in 2013, no other exploit kit has been able to achieve similar heights of success. However, the top spot may not be as coveted by exploit kit authors as it once was.
► Java exploits have decreased by 34 percent, as Java security improves and adversaries move to embrace new attack vectors.
► Flash malware can now interact with JavaScript to help conceal malicious activity, making it much harder to detect and analyze.
► Spam volume increased 250 percent from January 2014 to November 2014.
► Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses to avoid detection, is an emerging threat.

Users and IT teams have become unwitting parts of the security problem.
► Online criminals rely on users to install malware or help exploit security gaps.
► Heartbleed, the dangerous security flaw, critically exposes OpenSSL. Yet 56 percent of all OpenSSL versions are older than 50 months and are therefore still vulnerable.
► Users’ careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure. In 2014, the pharmaceutical and chemical industry emerged as the number-one highest-risk vertical for web malware exposure, according to Cisco Security Research.
► Malware creators are using web browser add-ons as a medium for distributing malware and unwanted applications. This approach to malware distribution is proving successful for malicious actors because many users inherently trust add-ons or simply view them as benign.

The Cisco Security Capabilities Benchmark Study reveals disconnects in perceptions of security readiness.
► Fifty-nine percent of chief information security officers (CISOs) view their security processes as optimized, compared to 46 percent of security operations (SecOps) managers.
► About 75 percent of CISOs see their security tools as very or extremely effective, with about one-quarter perceiving security tools as only somewhat effective.
► Ninety-one percent of respondents from companies with sophisticated security strongly agree that company executives consider security a high priority.
► Less than 50 percent of respondents use standard tools such as patching and configuration to help prevent security breaches.
► Larger, midsize organizations are more likely to have highly sophisticated security postures, compared to organizations of other sizes included in the study.

Download the report
2015 Cisco ASRCisco 2015 Annual Security Report
Download Now