In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: “the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers.” The 2008 edition of the report has specified the year’s top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities.

Among some of the more specific threats across the web, the study identifies spam accounting for nearly 200 billion messages each day, approximately 90% of worldwide email. The United States is the biggest source at 17.2 percent. Other countries who contribute spam include Turkey (9.2 percent), Russia (8 percent), Canada (4.7 percent), Brazil (4.1 percent), India (3.5 percent), Poland (3.4 percent), South Korea (3.3 percent), Germany and the United Kingdom (2.9 percent each).

Some of the notable trends, as identified by the study, include:

• The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007.
• Vulnerabilities in virtualization technology nearly tripled from 35 to 103 year over year.
• Attacks are becoming increasingly blended, cross-vector and targeted.
• 90 percent growth in threats originating from legitimate domains, nearly double what was seen in 2007.
• The volume of malware successfully propagated via e-mail attachments is declining. Over the past two years (2007-2008), the number of attachment-based attacks decreased by 50 percent from the previous two years (2005-2006).

The report also suggests the following as top trends to be watched in the coming year:

• Insider threats. Negligent or disgruntled employees can threaten corporate security. The global economic downturn may prompt more security incidents involving employees, making it crucial for IT, HR, and other lines of business to collaborate on mitigating threats.
• Data loss. Whether through carelessness, breaches by hackers, or from insiders, data loss is a growing problem that can lead to grave financial consequences. Technology, education and clear, well-enforced data security policies can make compliance easier and reduce incidents.
• Mobility, remote working, and new tools as risk factors. The trend toward remote working and the related use of Web-based tools, mobile devices, virtualization, “cloud computing” and similar technologies to enhance productivity will continue in 2009. It will be a challenge for security personnel. The edge of the network is expanding rapidly, and the increasing number of devices and applications in use can make the expanding network more susceptible to new threats.

The full report can be downloaded from Cisco’s website.