Cisco Blogs


Cisco Blog > Security

Protect Your Entire Digital Self

How much time do you spend at work?

For some the answer is too much! No matter how much time you spend, I’m willing to guess that it’s an important part of your week. Your work is part of who you are, where you go, and what you do.

That is why Cisco is proud to join the National Cybersecurity Alliance in its support of White House efforts to improve online security. Today’s announcement will educate and raise awareness about the importance of cybersecurity topics at home, and at work.

Our businesses help create the jobs, innovation, and economy that will underpin our future. Our homes help us foster the relationships that are the foundation of our society. As technology pushes both forward, it is clear that cybersecurity in one, without the other, is impossible.

Every day, our home and work lives get closer together. Smartphones and online collaboration services, like Cisco WebEx and Spark, increasingly allow us to work and play from anywhere. And with this added flexibility comes a shared responsibility to protect yourself and your colleagues.

Cybersecurity techniques, like Two Factor Authentication, may look a little different in the business world. At home you will receive a code in an email or SMS to access an online service or social media account. These same techniques are used by our OpenDNS and Meraki services. But at work you might supplement your network password with a security token or a smartcard.

Multifactor authentication can also be directly integrated into work tools. Cisco’s collaboration products are a great example, as they support standards-based identity authentication and authorization exchange techniques. These allow our customers to quickly and securely integrate these services into their existing identity-proofing methods.

Because our home and work lives get closer every day, we support the President’s focus on increasing general cybersecurity awareness. Stop. Think. Connect. is the common thread, and describes the basic steps needed to ensure our entire digital selves can remain safe and secure.

Tags: , , , , , , , ,

Security Steps to Take in the Holiday Season – and Beyond

Retail companies face a landscape filled with growing and increasingly complex threats. And the financial impact of these breaches is soaring.

There are obvious financial incentives for attacking retailers because they typically don’t spend as much on security as financial institutions or government organizations, so they’ve become easy targets in recent years. According to Gartner, retailers spend about four percent of their IT budgets on cybersecurity, while financial services and health organizations spend 5.5% and 5.6% respectively. This is critical as the number of shoppers on Black Friday and throughout the holiday season continues to grow through different omnichannel opportunities. We have to be concerned and diligent because:

  • Financial organizations spent as much as $2,500 per employee on cybersecurity in 2014, while retailers only spent about $400 per employee.
  • AppRiver Global Security Report shows that 10 of the top 20 data breaches in 2015 were retailers.
  • According to research conducted by the Ponemon Institute in partnership with IBM, the average cost for each lost or stolen record has also increased. According to the study, the cost per record increased by more than 9%, from $136 per record in 2013, to $145 per record in 2014; and those numbers are still higher in the U.S., where the average cost for each lost or stolen record is $201.

Read More »

Tags: , , , , , , , ,

Cyber Threat Management from the Boardroom Risk: Lost in Translation

I was at the Gartner Security and Risk Management Summit at the Gaylord National Harbor and had the opportunity to attend the session, “Finding the Sweet Spot to Balance Cyber Risk,which Tammie Leith was facilitating.

Tammie Gartner Session

During the session, the panel had been discussing how the senior leadership teams address the problem of putting their signatures against the risk that cyber threats pose to their organizations. Tammie Leith made a point to the effect that it is just as important for our teams to tell us why we should not accept or acknowledge those risks so that we can increase investments to mitigate those risks.

What caught my attention was that the senior management teams are beginning to question the technical teams on whether or not appropriate steps have been taken to minimize the risks to the corporation. The CxO (senior leadership team that has to put their signature on the risk disclosure documents) teams are no longer comfortable with blindly assuming the increasing risks to the business from cyber threats.

To make matters worse, the CxO teams and the IT security teams generally speak different languages in that they are both using terms with meanings relevant to their specific roles in the company. In the past, this has not been a problem because both teams were performing very critical and very different functions for the business. The CxO team is focused on revenue, expenses, margins, profits, shareholder value, and other critical business metrics to drive for success. The IT security teams, on the other hand, are worried about breaches, data loss prevention, indications of compromise, denial of services attacks and more in order to keep the cyber attackers out of the corporate network. The challenge is that both teams use the common term of risk, but in different ways. Today’s threat environment has forced the risk environment to blend. Sophisticated targeted attacks and advanced polymorphic malware affect a business’s bottom line. Theft of critical information, such as credit card numbers, health insurance records, and social security numbers, result in revenue losses, bad reputation, regulatory fines, and lawsuits. Because these teams have not typically communicated very well in the past, how can we ensure that they have a converged meaning for risk when they are speaking different “languages”?

Read More »

Tags: , , ,

Cupcakes and Cyber Espionage

Espionage2This blog will suggest a change of strategy in how we address the threat of cyber espionage. One which leverages traditional tactics of counter-intelligence and uses a new approach different than the Lockheed Martin Cyber Kill Chain approach to security, which seeks to disrupt the chain of attack as quickly as possible. Rather than simply cut off an attack, a method of intelligence gathering before stopping the event is proposed, without leaking sensitive information. Often these same approaches can discover yet unknown activities.

Read More »

Tags: , , , , , ,

Cybersecurity: Where are the Biggest Threats?

Cyber Crime: Identifying the Sources of an Everyday Threat

Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can. Read More »

Tags: , , , , , , , ,