Cisco just released its Annual Security Report for 2015. You can download this report for free HERE. The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever weaker links in the security chain.
The report is broken down into four sections. The first section covers “Threat Intelligence” meaning threat research from Cisco. Topics range from exploit kits, threats, vulnerability, spam and so on. The second section “Security Capabilities Benchmark Study” talks about research from interviewing C level security managers in nine countries at organizations of different sizes about their security resources and procedures. Section three “Geopolitical and Industry Trends” identifies current and emerging geopolitical trends that organizations should monitor. Section four “Changing the View Toward Cybersecurity” talks about looking at cybersecurity differently meaning going beyond point based detection products to stop sophisticated threats found on today’s networks.
Like the Verizon Security Report, Cisco’s ASR showcases current trends in attack behavior based on research and customer feedback. Some examples are
- Spam volume increased 250 percent from January 2014 to November 2014
- No other exploit kit has been able to achieve the same level of success as the Blackhole exploit kit
- 56 percent of all OpenSSL versions are older than 50 months and still vulnerable.
- Less than 50 percent of respondents use standard tools such as patching and conguration to help prevent security breaches.
Here are some other interesting points taken from the report.