Cisco’s 2015 security report: people are still the problem

“[It] is the users themselves who become the weak point in the network”

Technical support teams have long used the acronym PEBCAK when human error is actually found to be at fault for supposedly technical issues. Now it seems that we in the information security industry should refer to SPEBCAK (security problem exists between chair and keyboard). Increasing evidence shows that the biggest security threat the average organisation faces is its own employees.

A new report agrees.

Cisco’s newly released 2015 Annual Security Report emphasises the fact that “Users and IT teams have become unwitting parts of the security problem.”

Cisco found that attackers are adapting to technical security responses, and are relying more and more on the carelessness of users, especially their response to spam and phishing attacks:

  • The volume of spam increased 250% from January 2014 to November 2014.
  • Snowshoe spam – sending low volumes of spam from a large set of IP addresses to avoid detection – is an emerging threat.
  • Cyber criminals are reliant on users unwittingly installing malware.

IT Governance ISO 27001 packaged solutions – Do It Yourself

As the Cisco report notes, “it has never been more critical for organizations of all sizes to understand that security is a people problem… and that the time to take a new approach to security is now.” Organisations that are concerned about the threat of malware are advised to employ a best-practice solution to information security.

ISO 27001, the international information security standard, recognises that people are as critical to information security as technological responses, and sets out the requirements of an enterprise-wide information security management system (ISMS) that encompasses people, processes and technology.

IT Governance’s recently relaunched ISO 27001 packaged solutions provide ISMS implementation resources for all organisations concerned about information security.

The ISO 27001 Do It Yourself Package contains three international standards, two essential implementation guides, a comprehensive documentation toolkit, and the ISO 27001-compliant risk assessment software tool vsRisk. It is aimed at organisations that already have some management system expertise and an initial understanding of information security management, as well as the necessary internal resources and a corporate culture of using best-in-class tools and skills to accelerate learning and implementation while essentially following a do-it-yourself approach to project management.

January offer: order the ISO 27001 Do It Yourself Package through our website in January and receive a 10% discount.

Click for more information >>


One Response

  1. bill caelli 22nd January 2015