Cisco Security Report: Malware, Social Media are Top Risks

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Malware is increasingly sophisticated, and social media are the common new venues for attacks.

These are the headlines from the latest Cisco Annual Security Report. Patrick Peterson, Cisco senior fellow, offers highlights of the report, discussing:

Peterson, Chief Security Researcher, is also a Cisco Fellow -- a position that is reserved for individuals whose technical contribution has made a material impact not only within Cisco, but also in the industry as a whole. As a security technology evangelist, Peterson leads research projects to understand cutting-edge criminal attacks and business models and developing the technologies to combat them. Peterson chairs the technical committee for the Messaging Anti-Abuse Working Group (MAAWG) and the authentication committee for the Authentication and Online Trust Alliance. He is a frequent speaker at industry conferences, including RSA, Gartner, Networkers and AusCert.

TOM FIELD: Cisco is out with its annual security report. What are the headlines for 2010? Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about Cisco's annual security report, and we are talking with Patrick Peterson, Cisco's Senior Fellow. Patrick, thanks so much for joining me today.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

PATRICK PETERSON: It's great to be here, Tom. Thanks a lot for the opportunity.

FIELD: Patrick, just to give our audience some context, why don't you tell us a little bit about yourself and your role with Cisco, but also tell them about the security report and what you have been doing over the years and what it really has come to mean?

PETERSON: You bet. I would be happy to. I came to Cisco in 2007, when Cisco was nice enough to buy my company, Ironport Systems. I had been there since the inception seven years earlier, focused on email security/web security. But really in the last couple of years I have moved out of that realm to focus on 'What are the bad guys doing? What are they up to, how are they making money and how are they causing us pain?' These annual reports are a big part of my work.

The context of the report is we basically reach out to about 500 people here at Cisco; they are security evangelists, security researchers, people who develop our security products, people who work closely with customers. And every year, starting about six months ago, we start surveying them - 'What are you seeing, and what's going on?' We reach out to people in the labs who are doing research,, and then we really try to put together what our customers are asking for, which is 'What are the bad guys doing? What do I have to worry about? What should be at the top of my radar?' Because of course, as we know in the security profession, if you don't know what the bad guys are doing, it is pretty hard to know that you are stopping them from doing it.

FIELD: Well, given that, Patrick, what would you say are this year's top headlines? What are the bad guys doing?

PETERSON: You know, we saw two particular headlines that stood out above all others. One was the real rise of the banking trojan and Zeus as the poster child for that family of malware. And the second one is that social media is really a playground for cyber crime, and the criminals have responded and followed those 350 million people on Facebook, those 80 million people on Linked In to attack them where they are doing their social media activities.

FIELD: Patrick, I want to ask you both about the threats and the trends that you are seeing; let's break it down that way. You talked about a couple of the threats here. What would you say is sort of the common nature of the threats against organizations, agencies, consumers?

PETERSON: I think there are two that really lead the pack. One is just the increasing sophistication. So if we look at the banking trojans, they have come about in direct response to the security features that have been added by financial services and consumers in the last five years. We put in two-factor authentication; they programmed the banking trojans to work around two-factor authentication. Now that is merely one example, but in case after case we see quite sophisticated security solutions, which two or three years ago really put a stop to certain attacks. And what do you know? The criminals didn't give up; they didn't go get day jobs at McDonalds or somewhere else, making less money than they could attacking us, and they have really been innovating and getting very sophisticated.