Cisco Blogs


Cisco Blog > Security

No Such Thing as Implicit Trust

News has not been kind to US headquartered technology companies over the past year.  From an erosion of faith because of a company’s geographic location, to a series of high profile breaches that are calling into question trust in your IT systems. Technology providers and governments have a vital role to play in rebuilding trust.  And so do customers—who need to demand more from their technology providers.

In my recent trip to Europe, and speaking to some balanced, thoughtful, and concerned public officials, it got me thinking.  Why do we trust the products we use? Is it because they work as advertised? Is it because the brand name is one we implicitly believe in for any number of reasons? Is it because the product was tested and passed the tests? Is it because everyone else is using it so it must be okay? Is it because when something goes wrong, the company that produced it fixes it? Is it because we asked how it was built, where it was built, and have proof?

That last question is the largest ingredient in product and service acquisition today, and that just has to change. Our customers are counting on us to do the right thing, and now we’re counting on them. It’s time for a market transition: where customers demand secure development lifecycles, testing, proof, a published remediation process, investment in product resilience, supply chain security, transparency, and ultimately – verifiable trustworthiness.

We saw some of this coming, and these are some of the principles I hear customers mention when they talk about what makes a trustworthy company and business partner. Starting in 2007, with a surge that began in 2009, we’ve systematically built these elements into our corporate strategy, very quietly, and now we want the dialogue to start.

I’m challenging customers to take the next step and require IT vendors to practice a secure development lifecycle, have a supply chain security program, and a public, verifiable vulnerability handling process.

I recently recorded the video blog above discussing what it means to be a trustworthy company.  I hope you will share your thoughts and experiences in the comment section.

Tags: , , , ,

Intelligent Cybersecurity

I recently received notice from my bank that they were changing my bank card number — again — due to suspicious activity on my account. This is the third such notification received in the past twelve months! Although it is an annoyance and a bit inconvenient, I do appreciate the bank’s attempt to protect my financial data. Moreover, it represents a much larger problem than mine but a major concern for businesses the world over. It is just one example of the pervasive issue of data security and attests to the sad fact that we are living in a time with a very dynamic threat landscape.

It is estimated that the annual cost of cyber-crime to the global economy ranges from $375 billion to as much as $575 billion, according to a 2014 study by the Center for Strategic and International Studies. In addition, the study reports that as many as 350,000 jobs in the US and EMEAR are lost because of malicious online activity.

In PricewaterhouseCooper’s 17th Annual Global CEO Survey, half the top execs surveyed expressed concern about cyber threats to their organization. Their concern is certainly warranted, as Cisco’s 2014 Mid-Year Security Report disclosed that 100 percent of networks analyzed showed traffic going to sites hosting malware. This is a very expensive problem. According to the Ponemon Institute, the cost of an organizational data breach in the U.S. averages $5.85 million (up from $5.4 million in 2013). It not only affects a business financially but corrodes consumer confidence as well. Read More »

Tags: , , , ,

Geopolitical Trends in Cybersecurity for 2015

New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.

Read More »

Tags: , , ,

Ensuring Security and Trust Stewardship and Accountability

In our increasingly interconnected world, the Internet of Everything is making trust a critical element of how people use network-connected devices to work, play, live, and learn. The relentless rise in information security breaches underscores the deep need for enterprises and governments alike to trust that their systems, data, business partners, customers, and citizens are safe.

Consequently, I see an evolution taking place regarding accountability in cybersecurity moving up to the boardroom level, an issue I discussed earlier this year in Fortune. In a recent Information Systems Audit and Control Association (ISACA) report, 55 percent of corporate directors revealed that they have to personally understand and manage cyber as a risk area. The National Association of Corporate Directors recently published a document on corporate directors’ ownership and management of risk in cyber for public companies. In March of this year, an SEC commissioner said that the SEC plans to create a requirement for corporate directors regarding managing cybersecurity as a risk.

Read More »

Tags: , , , , ,

Three Deciding Factors To Reach A New Digital World

In a Technology Vision 2014 report, consulting firm Accenture discussed major trends that drive a dramatic transformation for every business to enter a digital world. As they described, the excitement is to change from being “digitally disrupted” today to “digital disrupters” tomorrow. The huge opportunity is for businesses position themselves as leaders in this new world.

Many forces are at work in the journey of this remarkable transition. Among them, three dominant factors will play a vital role to determine whether this digital transformation will be successful: an intelligent information edge, IT simplicity and cybersecurity.

dino pic 1 blog

At the edge of the new digital world, intelligent and real-time technologies allow people to act and react faster to achievebetter experience and outcome. While mobile device explosion serves as a clear indicator of this rapid transition, greater potential lies ahead to fully utilize the power of mobility, analytics, cloud computing and other new technologies. For a preview of what is possible, check out how Fernbank Natural History Museum integrates 3G/4G and Wi-Fi seamlessly. The outcome is an dynamic application that brings an immersive and interactive experience to the visitors, instead of forcing them to find the information.

Technical complexity arises, as more and more applications, systems and infrastructure are added together over time.  Cisco Global IT Impact Survey in 2013 found that nearly three out of four IT participants (71 percent) were deploying more applications than a year ago. Without IT simplicity, IT departments will be rapidly consumed by day-to-day fire drills. They will lose their ability to innovate and their relevance to the business.

Read More »

Tags: , , , , , , ,