In its 2014 Annual Security Report, global networking giant Cisco Systems suggested that 99 percent of mobile malware in 2013 targeted Android devices, and Java remained the most frequently exploited programming language aimed at by online criminals.
The overall theme of the report was that multiple threats designed to exploit users’ trust in systems, applications and personal networks not only exist but have escalated to startling levels.
“Organizations across Africa must realize that it is no longer if they will be targeted by cyber-attacks, but rather when. Chief Information Security Officers face growing pressure to protect terabytes of data on an increasingly porous network, manage information safely especially on the cloud, and evaluate the risks of working with third-party vendors for specialized solutions all in the wake of shrinking budgets and leaner IT teams,” said David Meads, VP, Cisco in Africa.
Cisco posits that, as of 2014, there exists a shortage of more than one million security professionals globally. This is because of the ever increasing sophistication of technology and tactics used by online criminals and the lack of suitably qualified people and/or systems that continually monitor networks for infiltration and sabotage.
Evolving methods for network and systems attack include socially engineered theft of credentials and passwords, hide-in-plain-sight infiltrations, and the exploitation of the trust required for economic transactions, government services and social interactions.
Rapid adoption of evolving technologies such as mobile and cloud computing also contributes to the heightening complexity of threats and attacks. Cybercriminals are gradually transitioning from attacking individual devices to exploiting strategic infrastructure such as web hosting servers and other data centers. This offers significant leverage because they can readily attack all the individual systems, devices and clients served or enabled by these infrastructure.
Commenting on the grim network security climate spreading across the globe, Sabrina Dar, General Manager, Cisco East Africa opined that curbing the attacks would involve a huge investment in knowledge, not just of the techniques, but also of the motivations of the attacker. In other words, such attacks should be analyzed technically and psychologically.
“Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies and that starts with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack. Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response,” she said.
By Emmanuel Iruobe