Cisco released its 2010 Midyear Security Report today. If you've been paying attention to the security landscape over the past six months, the results shouldn't be surprising:
Social networking, virtualization, cloud computing and a heavy reliance on mobile devices continue to have a dramatic impact on the ability of information technology departments to maintain effective network security.
One of the more disturbing trends discussed in the report is the number of employees ignoring enterprise security policy. According to the report, 50 percent of end users admitted that they ignore company policies prohibiting the use of social media tools at least once a week, and 27 percent said they change the settings on corporate devices to access prohibited applications.
One point that jumped out at me as I listened to the Cisco webinar: Security threats are spread across all industries and can affect businesses in a variety of ways. For example, spam for pharmaceutical purchases not only clogs networks but can hurt a business' reputation. Employees who spend too much work time on social media sites are not only harming the company in productivity-related costs, but also give hackers another avenue to worm their way into the corporation's network.
My takeaway from the report is the importance of enforcing security policy. As the report shows, threats are increasing and as technology grows, security risks will continue to grow. Employees need to understand the consequences of ignoring security policy.