Cisco has highlighted hacking and identity theft attempts by insiders as very real enterprise security threats which can be expected to increase in the months ahead.
In its latest assessment of global security threats and trends, the company said that given the current economic downturn in which many individuals have lost their jobs or become disgruntled, the rise of insider threats looks increasingly likely.
Maurizio Taffone, European Security Lead at Cisco said that enterprises need to reappraise their security procedures and exposure to potential insider threats.
“Data leakage protection technology has a part to play, as do systems that help identify unauthorised access to enterprise resources” he explained.
Insiders that can be especially damaging for an organisation, because they know where the security weaknesses are and how best to exploit them, and can set traps in advance to retaliate against an employer.
“It is important that the security processes follow the full lifecycle of hire to retire, and with some special accounts being made of consultants and other part-time personnel,” he said.
As companies continue to look for ways to cut costs, they may increase their dependence on short-term staff, teleworkers, consultants, and third-party resources. Cisco warns that organisations would be wise to implement additional security policies regarding these resources and be particularly vigilant about the level and term of their access to sensitive data.
Taffone noted that data collated in Cisco’s latest midyear report from the Identity Theft Resource Center suggested insiders had been responsible for nearly a quarter of all known incidents involving financial institutions in 2008.
The report also confirmed that spam has returned to record high levels, social networking attacks are set to continue, and that the number of attacks on legitimate websites is on the rise.
Cisco also said that cybercriminals are increasingly exploiting current events, for example blanket spread of spam advertising preventive drugs following the swine flu outbreak in April and so-called spamdexing is on the rise, where cybercriminals pack websites with relevant keyworks to exploit people’s trust of search engine rankings.
Text message scams have also becoming popular since the start of 2009, with at least two to three new campaigns having surfaced every week targeting handheld mobile devices, the company has found.