Published: January 17th, 2014

Networking vendor Cisco Systems is warning in its Cisco 2014 Annual Security Report that a worldwide shortage of nearly a million skilled security professionals is hampering the security efforts of organizations at a time when vulnerabilities and threats are reaching new highs.

The report found that threats are becoming more sophisticated, with simple attacks causing containable damage giving way to well-funded and organized cybercrime operations that can deal significant economic and reputational damage. Rapid mobile device adoption and cloud computing are yielding new threat vectors, and Internet infrastructure is being harnessed for more powerful attacks than can be made from individual computers or devices.

According to Cisco, overall vulnerabilities and threats have hit their highest levels since they started tracking in May of 2000. The increasing threat level comes at a time when the worldwide shortage of security professionals is expected to hit nearly one million. The vendor warns most lack the resources to continuously monitor networks, detect infiltrations and apply protections, in a timely and effective manner.

Among specific threats, distributed denial of service (DDoS) attacks have increased in both volume and severity, multipurpose trojans were the most frequently encountered web-delivered malware at 27 per cent of total encounters in 2013, and Java continues to be the most frequently exploited programming language. Some 99 per cent of all mobile malware targeted Android devices.

“Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies — and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” said John N. Stewart, senior vice-president and chief security officer for threat response intelligence and development at Cisco, in a statement. “To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods — before, during and after an attack.”