Cisco Subnet An independent Cisco community View more

Porn sites not as risky as search engines or social media: Cisco studies

Highest concentration of online threats are hiding in plain site(s)

The highest concentration of online security threats are found in major search engines, retail sites and social media outlets vs. pornography, pharmaceutical or gambling sites. That's the finding of two of Cisco's most recent security studies, which were released this week.

In its 2013 Annual Security Report, Cisco found that online shopping sites are 21 times as likely, and search engines 27 times as likely, to deliver malicious content than a counterfeit software site.  And online advertisements are 182 times as likely to deliver malicious content than pornography.

A second study, the Cisco Connected World Technology Report, found that young workers mixing personal use of their devices with business use raise security risks in businesses because they are so willing to sacrifice personal information for socialization online. More of these young workers - 30 years old or younger -- feel more comfortable sharing personal information with retail sites than with their own employers' IT departments, which are paid to protect employee identities and devices, the Cisco study found.

[HISTORICAL PERSPECTIVE: Cyberattacks growing, looking more legit]

The first part of this Cisco Connected World Technology Report, released in December, found that these "Gen Y" workers and students often bed their mobile devices in order to constantly check social media, email and text updates. As those lifestyles blend with the work environment, they're introducing security challenges that companies have not yet faced on this scale, the Cisco study found.

Seventy-five percent of Gen Yers do not trust websites to protect personal information such as credit card and personal contact details; yet it does not dissuade them from sharing it online anyway. Fifty-seven percent are comfortable with their personal information being used by retailers, social media sites, and other online properties if they will benefit from the experience, the Cisco studies found.

Mapping this behavior to the workplace, on workplace devices or personal devices used in the workplace, creates security headaches for companies. Ninety percent of IT professionals surveyed said they have a policy governing the use of certain devices at work, yet only two of five Gen Y respondents said they were aware of such a policy, and four out of five who were aware of them said they do not obey them anyway.

Talk about being out of touch... More than half of IT professionals globally believe their employees obey IT policies, but 71% of the Gen Y workforce say that they don't obey policies. And two-thirds of them said IT has no right to monitor their online behavior, even if that behavior is conducted using company-issued devices on corporate networks.

And that aversion to employer IT monitoring was greater than the aversion Gen Y respondents had to retail sites monitoring their online behavior, the Cisco study found. The comfort of strangers... As a parent, I can sympathize with IT.

The Cisco studies also produced some interesting stats on malware and spam as well. The smartphone is the preferred device of Gen Y over laptops and PCs and tablets; yet mobile malware represents only .5% of total Web malware encounters. Nonetheless, Android malware grew 2,577% over 2012.

Geographically, the U.S. retained the top spot with 33% percent of the world's Web malware encounters. China dropped from No. 2 in 2011 to sixth, replaced by the Russian Federation.  Denmark and Sweden were third and fourth.

Spam volume dropped 18% percent from 2011 to 2012 -- spammers are now working "banker's hours," the Cisco studies found.  In 2012, the majority of spam was sent during the workweek - Tuesday was the heaviest spam day of the year - while spam over the weekend dropped 25%.

Spammers also target time-sensitive branding events with specific and short-lived campaigns. In January through March, 2012, Windows software was spoofed to coincide with the release of Microsoft Windows 8. In February through April, it was tax software to coincide with the U.S. tax season. In September through November, cellular providers were targeted around the release of the Apple iPhone 5; and in the first and fourth quarters of the year, when people are most desirous of career changes, the LinkedIn professional social network was spoofed.

The most spoofed brands continued to be prescription drugs like Viagra and Cialis, and expensive watches like Rolex and Omega, the Cisco studies found.

Cisco rightly notes that security challenges will explode as more "things" - The Internet of Everything, as Cisco coins it - come online. More machine-to-machine connections are coming online daily, leading to a proliferation of endpoints that extend beyond mobile devices, laptops and desktops, Cisco notes. And by 2020, the Internet will be open to 50 billion "things" and 13 quadrillion connections moving data that needs to be protected.

More from Cisco Subnet:

Technologies to watch 2013: Cisco products, more maturity for SDNs

Cisco IP phones buggy

Cisco uses LISP to articulate programmability

Cisco makes fourth acquisition in a month

13 events that defined Cisco's 2012

Juniper buys SDN startup for $176M

Cisco, VMware and OpenFlow fragment SDNs

Country's largest 4-year university expels Cisco, saves $100 million

CSU confirms Cisco RFP

SJSU didn't bid Cisco project

Follow all Cisco Subnet bloggers on Twitter.Jim Duffy on Twitter

Follow

 
Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies