Attackers are increasingly targeting legitimate websites and web advertisements to scam users – a threat that is only exacerbated by a younger generation of workers who routinely take part in risky online behavior, according to new research from a maker of networking hardware.
Cisco on Wednesday revealed its "2013 Annual Security Report," which highlights that legitimate online destinations, as opposed to the usual suspects, like pornography, pharmaceutical or gambling sites, were responsible for the highest concentration of threats online.
Online advertisements, for instance, were 182 times more likely to deliver malicious content to users than pornography sites, the report found.
John Stewart, senior vice president and chief security officer at Cisco, told SCMagazine.com on Tuesday that users' perceptions about online safety are often off base.
“The hacking community started realizing they could go after the low-hanging fruit through targeting normal transactions,” Stewart said. “Also, [users] are now pulling malware into other infrastructures, like their corporate network.”
As a growing user base of younger workers blur the lines of what online activities occur during personal or work time, like social networking on Twitter or LinkedIn, it becomes harder for corporate managers to defend their business from threats, Stewart added.
Findings from the "2012 Cisco Connected World Technology Report," which were incorporated in the annual security report as supporting evidence of trends, delved into online behaviors and attitudes of Generation Y employees. The World Technology Report consists of responses from college students and young workers, ages 18 to 30, and IT professionals in 18 countries, including the United States.
Seven of 10 employees admitted to knowingly breaking IT policies on a regular basis, the report found, and three out of five respondents believed they were not responsible for protecting corporate information or devices from potential threats.
Two out of five respondents even said they would accept a lower-paying job that had more flexibility concerning social media access, mobility and device choice over a higher-paying job with less flexibility.
Stewart said this has been a consistent trend over the past couple of years among younger workers.
“Generation Y has essentially said, ‘We are fully aware we aren't supposed to do these things, but we do them anyway,'” Stewart said.
Trends highlighted in both reports show that companies will need to take a broader approach when determining the central threat for endpoint users.
“It makes the corporation not only have to look for bad things happening, but for legitimate [online activity] happening that leads to bad things being delivered,” Stewart said.