Cisco says that although many end-of-year industry reports focus on content security threats such as viruses, worms, Trojans, spam and phishing, its 2007 Annual Security Report broadens the areas covered with a set of seven risk-management categories.
These include vulnerability, physical, legal, trust, identity, human and geopolitical factors. Together, they encompass security requirements that involve anti-malware protection, data-leakage protection, enterprise risk management, disaster planning and other requirements.
The report makes several recommendations to organisations to enable them to protect their systems:
Conduct regular audits within organisations of attractive targets and evaluate the avenues that can be used to attack them
Understand the notion that threats follow app usage patterns
Change the mindset of employees, consumers and citizens who consider themselves innocent bystanders, and empower them to become active against security threats
Make security education a priority
Institutionalise IT security education by incorporating it into school curricula
Consider more than just performance when building a secure network
Security suppliers need to provide comprehensive security systems that extend throughout the network infrastructure