Hackers winning the security battle, says Cisco

Enterprise security is still failing to outpace the hackers

Malicious hackers are winning the enterprise security fight, according to Cisco's chief security officer.

John Stewart said in the Cisco 2010 Midyear Security Report that the hacking industry is now so advanced that malware writers are copy-protecting their own wares and are better funded and more astute than the forces of IT security.

"Why do hackers succeed? They're lucky, they're patient and they're brilliant. They're also better funded than you," he said.

The report identified a continuing trend towards smaller targets, often pinpointing precise individuals who have access to key data.

Companies need a "go-to" team for cyber security, a group of specialists who know who to contact in law enforcement and how to provide evidence that can be used in criminal prosecutions. These relationships with law enforcement need to be built up and in place before an attack occurs, Stewart warned.

Cisco highlighted three major areas of concern: the proliferation of mobile and internet-enabled devices; an increasing focus on virtualisation; and the boom in social networking.

The sheer variety of mobile devices that companies have to support makes them vulnerable, the report said, and IT departments are unable to keep up. In addition, devices like Wi-Fi printers pose their own security risks.

Virtualisation may have many benefits, but Cisco urged IT administrators to keep a tight control over data access and management. Regular system health checks are vital, and Cisco recommends an annual review of data storage and location.

Social media is also a new threat vector. The report found that half of all staff ignore company policy and access social networking sites on company systems, and 27 per cent manually change their security settings to allow them to do so.

Many of these people are also playing social games. Seven per cent of Facebook users spend 68 minutes a day playing FarmVille, for example. Mafia Wars and Café World are the next most popular games.

Social networking sites are particularly vulnerable to click-through attacks using malware-laden web pages. However, the effectiveness of these attacks over the past year has risen by a negligible amount, suggesting that users are becoming more security aware.