According to the latest findings in Cisco’s 2013 Annual Security Report (ASR), the highest concentration of online security threats are legitimate destinations visited by mass audiences, including major search engines, retail sites, and social media outlets. Online shopping sites are 21 times more likely, and search engines are 27 times more likely, to deliver malicious content than visiting a counterfeit software site, and advertisements are 182 more times likely to deliver malicious content than viewing pornography.
This is not a surprising development because the Internet is the most efficient content delivery method available, said Cisco’s Sccott Simkin, security research product lead. “This is where people are going… (and) everyone is at potential risk.”
It’s not about luxury watches and pharmaceuticals, said Simkin, but topical events like tragedies such as hurricane Sandy, elections or announcement about new smartphone. “Its all about attackers being smarter, more targeted and trying to maximize their return on investment.”
Key findings include a massive explosion in Android malware, which was up 2,577% over 2012. However, even with this surge, mobile malware represents only 0.5% of total Web malware encounters.
Spam volumes dropped 18% , with spammers maximizing the ROI of their efforts, targeting real-world events with specific and short-lived campaigns.
In addition to the ASR survey, the company also released the Cisco Connected World Technology Report, which focused on college students and young workers 18 to 30 years old, and IT professionals, including their impact on security. Generation Y, and even older generations, are changing the notions of security, said Simkin. Many of the respondents believe the age of privacy is waning, with 60% believing the age of privacy is dead.
While the majority of the younger workforce (75%) don’t trust Web sites to protect personal information such as credit card and contact details, that doesn’t seem to deter their online behavior, he said. Over half (57%) of Gen Y is comfortable with their personal information being used by retailers, social media sites, and other online properties if they will benefit from the experience.
As for IT policy compliance, 90% of professionals said they have a policy governing the use of certain devices at work, yet only two of five Gen Y respondents said they were aware of such a policy, and 80% of the ones who were aware said they don’t obey those policies. IT monitoring was another issue: 66% Gen Y respondents said IT has no right to monitor their online behavior, even if that behavior is conducted using company-issued devices on corporate networks.
Combine this mindset with the emergence of “my way” work lifestyles in which their devices, work, and online behavior mix with their personal lives virtually anywhere – in the office, at home, and everywhere in between, and the business security implications of this “consumerization” trend are magnified, said Cisco. As Generation Y enters the workforce in greater numbers, they test corporate cultures and policies with expectations of social media freedom, device choice, and mobile lifestyles that generations before them never demanded.
Dealing with this doesn’t mean creating more complex arcitecture, it’s about making pieces of complex infrastructure work together more intelligently, said Simkin. “We’re going to make a pact with you: if you want to bring this on, you will have to follow our security guidelines.”