Cisco Blogs

Cisco Blog > Security

Forewarned Is Forearmed: Announcing the 2016 Cisco Annual Security Report

Our just-released 2016 Cisco Annual Security Report (ASR) presents a challenging cybersecurity landscape: cyber defense teams are fighting to keep up with rapid global digitization while trying to integrate dozens of vendor solutions, speed up detection, and educate their organizations from top to bottom. Meanwhile attackers grow more bold, flexible, and resilient by the day, setting up professional infrastructures that look a lot like what we’d find in legitimate businesses. On the global front, we see fluctuations in cyber Internet governance across regions, which inhibits collaboration and the ability to respond to attacks.

Security threats, attacks, and challenges are not new—Cisco released our first ASR in 2007. While the major trends remain essentially constant, the cumulative intelligence in the reports demonstrates how quickly attackers—with the luxury of working outside the law—innovate to exploit new security gaps.

This years’ ASR reveals that attackers increasingly use legitimate online resources to launch their malicious campaigns. Though the news might speak to zero-day attacks, hackers also continue to deploy age-old malware to take advantage of weak spots such as unpatched servers. Aging infrastructure opens up green-field attack surfaces while uneven or inconsistent security practices remain a challenge.

Other key insights from the 2016 ASR include a growing encryption trend (particularly HTTPS) for web traffic, which often provides a false sense of security to users—and for companies, potentially cloaks suspicious activity. We are also seeing more use of compromised WordPress servers to support ransomware, bank fraud, and phishing attacks. Alarmingly, between February and October 2015, the number of compromised WordPress installations used by cybercriminals grew by more than 221%.

The picture we see is disturbing:

Given this backdrop, the ability to recognize and respond to security threats in near real time is no less than a business imperative. We simply cannot continue to create technical debt, leaving systems unpatched, critical services exposed, and application services open to attack. These are what we can control, and yet the data shows we aren’t succeeding. This means fortifying the weakest links, such as older networking software, taking a proactive approach to patches and upgrades, and taking control of critical infrastructure. It also means working toward a cohesive security landscape, where companies, industries, and governments communicate and collaborate to thwart cyber criminals, taking an integrated approached to threat defense that operates in near real time on our behalf. What are we waiting for?

Here’s my take on what we can all do now:

  • Senior leaders across organizations of all types must acknowledge, embrace, and own security as their strategy, not a CISO’s, and not just in IT.
  • Vendors that embed IT in their offerings must produce solutions that customers can trust and are designed with security in mind. We have to slow the vulnerability being introduced.
  • Adding “yet another vendor” cannot continue to be our answer. This just adds to the complexity of the security challenge and leaves companies more vulnerable to attacks.  For cost, return on investment, efficacy, and to remain nimble, security efforts must be business led, architecturally delivered, and provably integrated and effective.

Increased attention, measurable results, added resilience, and focusing on what we can control are all possible now – so let’s capitalize on the moment before it’s too late.

The 2016 Cisco Annual Security Report analyzes the most compelling trends and issues in cybersecurity from Cisco security experts, providing insight on advancements made by both the security industry and the criminals hoping to breach defenses. Geopolitical trends, perceptions of cybersecurity risk and trustworthiness, and the tenets of an integrated threat defense are also discussed.


Additional Links

Cisco Annual Security Report 2016

ASR Conversation with Cisco CEO Chuck Robbins and Chief Security & Trust Officer John N. Stewart

Cisco Trust and Transparency Center

Tags: , , , ,

General Motors: GM’s IT Network Drives Business Success with Cisco. Executive Perspectives Part 3

Check out this part 3 of our Executive Perspectives series. Here we follow on from Part 1: Executive Perspectives and AkzoNobel – Manufacturing Industry CIO/CXO Special – Part 1, and  Part 2: Executive Perspectives Part 2 – Toyota Streamlines Business with Cisco, and look at how another of Cisco’s customers in the automotive industry has partnered to gain real business benefits. The video about GM”s  IT Network Drives Business Success is on the Cisco News Site (click link here). The YouTube Video below is the fun Superbowl ad!

Here I talk about a case study prepared by Mainstay Partners LLC, an independent consulting firm, who interviewed with the manufacturer’s executives, IT executives and IT planning personnel. The case study looks at GM’s Cisco-based Plant Floor Controls Network (PFCN), and found out the following about what it is, what it does, how it help’s with General Motor’s Business challenges, and where GM goes from here. Read More »

Tags: , , , , , , , , , , , ,

Executive Perspectives Part 2 – Toyota Streamlines Business with Cisco

Check out this part 2 of our Executive Perspectives series. Here we follow on from Part One: Executive Perspectives and AkzoNobel – Manufacturing Industry CIO/CXO Special – Part 1, and look at how one of Cisco’s customers in the automotive industry has partnered to gain real business benefits.

A well-known brand and Cisco customer

Following the economic turbulence of the “Great Recession,” Toyota felt the need to improve its revenue structures. These earnings are directly linked to advanced work performed by knowledge workers in areas such as research and development on new cars, production, and sales. Toyota also wanted to shorten its product time-to-market to maintain its competitive market lead. The firm turned to the Cisco Internet Business Solutions Group (IBSG) to help Toyota determine where improvements could be made and how to implement them.

Read More »

Tags: , , , , , , , , , , , , ,

Executive Perspectives and AkzoNobel – Manufacturing Industry CIO/CXO Special – Part 1

I feel I should tell you first of all that I wrote this blog on an Airplane. I also connected into a WebEx meeting and met up with my fellow Cisco employees to talk about Industries and find out what was going on in San Jose whilst I was in the air somewhere between San Jose and Dallas. I surprised my wife by calling her via my laptop and saying ‘Hi’!

This is therefore our first Cisco Manufacturing Industry blog written and published whilst flying. Wow, we’ve come a long way since I was a trainee!

Anyway, I’m actually more excited that I don’t have to stop blogging and can bring you the news of a great video reference that Cisco collaborated with AzoNobel on:

In the video AkzoNobel’s CIO, Pieter Schoehuijs describes how converging technologies empower an integrated supply chain. As a 14bn Euro concern operating in over 80 countries worldwide, they are the largest paint and coatings company in the world, and a leading producer of specialty chemicals.

Read More »

Tags: , , , , , , , , , , ,