For the last couple of years, Cisco Security Intelligence Operations has released a series of blog posts for National Cybersecurity Awareness Month. The theme for this month from the National Cyber Security Alliance is “Our Shared Responsibility.” The Department of Homeland Security is running a series on this theme, as are many other private organizations.
Our action and inaction have consequences for systems and services used by us, our friends, and our places of employment. Attackers use accounts compromised due to poor passwords and lack of two-factor authentication to launch other attacks on users connected to those accounts. End-user systems infected with malicious software are leveraged to conduct distributed denial of service attacks against financial and government websites. Users who fall victim to spear phishing attacks open the door for attackers to leap frog their way through sensitive networks and collect proprietary information from our places of employment.
Here we are, 31 October, and ready to bang on doors and ask for candy with the playful question of ‘Trick or Treat?’ How fitting to sum up a month of thought-provoking posts regarding National Cyber Security Awareness Month (NSCAM) whereby our ‘interconnectedness’ requires each of us to be more vigilant than ever. Every time we knock on one of the Internet’s doors, what we receive in return may not be what we’re expecting. Goblins and other nefarious creatures continue to lurk in dark spaces as well as the bright light of day.
What an incredible time to be in Information Technology! Look at what has been transforming right before our very eyes in just the past two years. Exciting? Yes! Humbling? Yes! Scary? Absolutely…
While we are engrossed in watching these new technologies slowly become part of our everyday environment, we are constantly reminded that there is a dark side to all of this that, at times, we often brush aside as we intone, “It can’t happen here, not to us!”
Over the past month, many of the Cisco Security Blog contributors have provided their view on Cybersecurity and its implications for customer network designs, architectures, protections, and services. These, in aggregate, stress what we all know: security is best achieved using a layered defense that includes securing endpoints, hosts, and network and services infrastructures. Cisco adds some unique layers to this defense, which stems from our experience developing capabilities and solutions that meet the needs of critical infrastructure and government networks. We are applying these lessons, capabilities, and our layered defensive approach to critical business infrastructures, as well.
Cisco takes a “build-in security” approach to provide device, system, infrastructure, and services security, and is the basis of the development approach that we use called the Cisco Secure Development Lifecycle (CSDL). Our development processes leverage product security baseline requirements, threat modeling in design or static analysis and fuzzing in validation, and registration of third-party software to better address vulnerabilities when they are disclosed. In the innermost layer of our products, security is built-in to devices in both silicon and software. The use of runtime assurance and protection capabilities such as Address Space Layout Randomization (ASLR), Object Size Checking, and execution space protections coupled with secure boot, image signing, and common crypto modules are leading to even more resilient products in an increasingly threatening environment.
Today, we are more interconnected than ever before. Not only do we use the Internet to stay connected, informed and engaged, but also we rely on it for all of our day-to-day needs. We rely heavily on the Internet for everything from submitting taxes, to applying for student loans, to following traffic signals, to even powering our homes.
Acknowledging the importance of cyber security, President Obama designated October as National Cyber Security Awareness Month to engage and educate public and private sector partners to raise awareness about cyber security and improve the resiliency of the nation in the event of a cyber incident.
Government and corporate leaders overwhelmingly identify cyber security and associated trust issues as one of their top IT concerns. Use of network-based technologies such as mobility, collaboration and virtualization are increasing, as are related threats. Securing business infrastructure and data relies on solutions and secure systems from “trusted” vendors, a relationship founded on the reputation of the vendor, its people, its processes and its technology.
Cisco is dedicated to protecting organizations from threats including malicious modification or substitution of technology, misuse of intellectual property, supply chain disruption and counterfeit products. As the most trustworthy vendor in the world, Cisco delivers architectures built on secure software and hardware that is backed by a highly secure supply chain. By providing trustworthy and assured network platforms, Cisco enables government organizations and enterprises to confidently secure their business infrastructure, data and information from attacks.