Cisco’s 2009 Security Threat Report: We need a patch for the common user!

In its 2009 Annual Security Report, released today, Cisco Systems did an excellent job of explaining the 2009 threat landscape and outlining its expectations for 2010.

While the 40 page report covers many, many topics, there was one overarching theme that continued to bubble to the surface for me: there are no patches for people, and people are the primary vulnerability going forward.

Like it or not, our people (employees, contractors, partners, etc.) will continue accessing social media sites, cloud computing solutions and parts of the web that we know nothing about (the “Dark Web” as Cisco calls it).

Like it or not, our people will continue clicking on links from trusted sources (especially those from “friends” in social networks like Facebook or Twitter), and be taken to sites that download malware. This is especially the case with URL shortners (e.g., bit.ly) because there is no way for the user to know what site they are about to visit. As Patrick Peterson, a Cisco researcher told Robert McMillan at PC World , “Social media and the data-theft Trojans are the things that are really in their ascent. You can see them replacing a lot of the old-school things.”

Like it or not, the deposited Trojan horses (e.g., Zeus and Clampi botnets), keyloggers and worms (e.g., the Koobface worm that has infected over 3 million computers mostly through Facebook and Twitter) will continue to morph and obfuscate themselves to avoid detection by blacklisting solutions.

Like it or not, we have to clean up after our people when the malware is deposited via their innocent actions.

I have a better idea: Why don’t we recognize that we cannot stop our people from accessing all these resources, and instead focus on stopping the real threat: the payload? The best way to do that is application whitelisting. The malware is not on the approved list of applications, so it is stopped cold.

Application whitelisting: the patch for the common user.