by Brian Donohue January 20, 2015
The Cisco 2015 Annual Security Report is out and the findings are troubling as always: for every positive finding in the report, it seems, there is a negative finding, neutralizing any gains in the network security struggle.
Chief information security officers say their security postures are strong while also admitting they do not install patches. Spam, which has been on the decline for years, increased by 250 percent from January through November. And while Java, once a favorite exploit platform, gets harder and harder to compromise, attackers have simply moved on to new targets such as Silverlight.
Full Article
Report: Companies Still Not Patching Security Vulnerabilities
+54
By Fahmida Y. Rashid on January 20, 2015
The gulf between reality and perception is widening, according to Cisco’s annual survey of CISOs and security executives.
Nearly 75 percent of CISOs in the survey said the security tools they have in place were very, or extremely, effective, according to Cisco’s 2015 Annual Security Report, released Tuesday.
There is nothing to celebrate, however, as it’s not clear the CISOs have an idea of what they should have. It turned out less than 50 percent of respondents had standard security tools such as patch and configuration management, the survey found.
An analysis of threat intelligence collected by Cisco for the Annual Security Report also showed that organizations need to included everyone—from executive level to end users—in order to defend against cyber-attacks, Jason Bryenik, a principal engineer in Cisco’s security business group, told SecurityWeek. Even if the best security technology is in place, the fact that the processes aren’t actually implemented correctly means there are gaps in the organization’s defenses, and attackers are increasingly taking advantage, he said.
full article
The gulf between reality and perception is widening, according to Cisco’s annual survey of CISOs and security executives.
Nearly 75 percent of CISOs in the survey said the security tools they have in place were very, or extremely, effective, according to Cisco’s 2015 Annual Security Report, released Tuesday.
There is nothing to celebrate, however, as it’s not clear the CISOs have an idea of what they should have. It turned out less than 50 percent of respondents had standard security tools such as patch and configuration management, the survey found.
An analysis of threat intelligence collected by Cisco for the Annual Security Report also showed that organizations need to included everyone—from executive level to end users—in order to defend against cyber-attacks, Jason Bryenik, a principal engineer in Cisco’s security business group, told SecurityWeek. Even if the best security technology is in place, the fact that the processes aren’t actually implemented correctly means there are gaps in the organization’s defenses, and attackers are increasingly taking advantage, he said.
full article
By Maria Korolov
There is a widening gap between what security executives believe to be true and the reality of cyber threats.
There is a widening gap between what security executives believe to be true and the reality of cyber threats, according to the Cisco 2015 Annual Security Report released today.
And the number of areas in which the gap is showing up is also increasing, as attackers get more and more sophisticated.
According to the study, which surveyed CISOs and security operations managers at 1,700 companies in nine countries, 90 percent of respondents said they were "confident" in their security efforts.
But 54 percent also reported that their companies have had to manage a public security breach.
Meanwhile, fewer than 50 percent of respondents said that they used the kinds of standard tools that thwart breaches, such as user provisioning, patching, penetration testing, endpoint forensics, and vulnerability scanning.
full article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.