Inside Cisco's Annual Security Report
The volume of spam messaging is down, but the bogus messages that are getting through? They're more malicious than ever, says Cisco's Jason Brvenik. He shares insights from Cisco's 2015 Security Report.
This is just one key finding from the annual report, which also touches on web exploits, security controls and what security leaders should be doing to better protect their organizations.
Bottom line, says Brvenik, principal engineer in Cisco's Security Business Group: Individuals and organizations are not taking some of the simple measures that would improve their security posture.
"There are a number of things that are intriguing in the report, and for me what is most intriguing is around browser versions," Brvenik says. "Ten percent of the Internet Explorer (versions) encountered in our observations were the latest versions, and the rest were not. Which means that 90 percent of your interactions were inherently risky. That was rather surprising to me."
And regarding the increase in malicious spam, Brvenik says that's testament to the increasing industrialization of hacking.
"The adversary is seemingly working toward managing key performance indicators for their business," Brvenik says. Through trial and error, attackers have found and refined effective means of delivering their malicious payload. "We've seen a big uptick where the adversaries recognize their ability and are leveraging it."
In an interview about the Cisco 2015 Annual Security Report, Brvenik discusses:
- Analysis of key findings;
- The disconnect between security pros' intents and actions:
- How to leverage survey findings to raise your security posture.
As a Principal Engineer in Cisco's Security Business Group, Brvenik works alongside Sourcefire founder and Cisco Chief Security Architect Martin Roesch to develop, manage and execute innovative strategies and technologies to address the security challenges of tomorrow.
Prior to the acquisition of Sourcefire by Cisco, Brvenik served as the Vice President of Security Strategy and Fellow in the Office of the CTO. He has remained a key contributor to open source security projects and has become a preeminent thought leader via his contributions to security.
He is a frequent participant in industry debates and has been a speaker at events for NASA, CISO Executive Network, RSA Conference and NetEvents, and has been interviewed by top tier IT and business press worldwide.