Most users believe that adult, gambling and shady pharmaceutical sites are mostly responsible for delivering malicious content. However, according to Cisco’s 2013 Annual Security Report, these assumptions are incorrect.
In reality, search engines, social media websites, online shops and other sites that cater to mass audiences are more likely to serve malware.
Statistically speaking, it’s 27 times more likely to be served malicious content on a search engine than it is on a counterfeit software website. Online shopping sites are 21 times as likely to deliver cyber threats, compared to the same types of counterfeit software websites.
If we compare advertisements with adult sites, it’s 182 more likely for the former to serve malware than the latter.
The main issue, at least from an enterprise security perspective, is that most employees don’t keep their personal activities clearly separated from work-related tasks. With the increasing popularity of the Bring Your Own Device (BYOD) trend, the risks for an organization to fall victim to cybercriminals are even higher.
When asked about IT policies that govern the use of certain devices at work, only 40% of employees were aware of them, despite the fact that 90% of IT professionals said they had such regulations in place.
80% of the employees who were aware of the policies admitted they didn’t obey them.
“Today, we live a blended work-personal life,” said John Stewart, senior vice president and chief security officer of Global Government and Corporate Security at Cisco.
“The hackers know this, and the security threats that we encounter online such as embedded Web malware while visiting popular destinations like search engines, retailers, social media sites and smartphone/tablet apps no longer threaten only the individual; they threaten our organizations by default.”
The complete Cisco 2013 Annual Security Report is available for download here