The report highlight the fact that now "[...] the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cybersecurity world can—or should—be trusted without verification."[1]

I don't think this is really a huge surprise. However, the report identifies three attack methods that are of concerns: 99% of all mobile malware in 2013 targeted Android devices, 91% of web exploit targeted Java and last is 64% of malware are Trojans.[2] Taking this into account, if you own an Android device, you need to be vigilant about the content you view or access. That doesn't exclude other mobile devices from being a target.

The attack surface is no longer limited to just PCs and servers but to any mobile devices. They have been growing in numbers at a rapid pace and need to be part of all enterprise security models. This change in the security landscape means securing a network is even more difficult now because the front door isn't just the Internet gateway your network is connected too. It now includes all the mobile devices accessing your network either via a wireless AP or directly attached via a USB cable or Bluetooth to a PC or laptop. If you want to take a look at the survey, it can be downloaded here (need to register). Now I encourage you to take part in our survey about What is going to trouble you the most in 2014?

[1] http://blogs.cisco.com/security/cisco-2014-annual-security-report-trust-still-has-a-fighting-chance
[2] http://www.cisco.com/web/offers/lp/2014-annual-security-report/preview.html
[3] http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html
-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu