Cisco Blogs


Cisco Blog > Security

Cybersecurity: Where are the Biggest Threats?

November 13, 2013 at 8:00 am PST

Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.

The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.

“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”

For more on this topic please visit Patrick Finn’s entire post over on the Cisco Government Blog.

Tags: , , , , ,

Register to Learn About Cisco’s Policy Enforcement Solution

In his blog last week, Daryl Coon announced how there’s going to be a webinar this Thursday talking about Cisco’s leading One Policy solution driver, the Identity Services Engine (ISE) and its newest enhancements—now available with its 1.2 release.

During this free event, you will learn about the new features that provide increased scalability, reliability, and ease-of-use for guest access and BYOD on-boarding. You will hear from customers who have already deployed the 1.2 release. And we will discuss how the enhancements provide significantly greater capabilities than solutions available from competing vendors.Whether you need to support BYOD work practices, or provide more secure access to your data center resources, the Cisco Identity Services Engine (ISE) can help. With this all-in-one enterprise policy control platform, you can reliably enforce compliance, enhance infrastructure security, and simplify service operations.

Read more at http://blogs.cisco.com/borderless/ciscos-policy-enforcement-solution-delivers/

Already sold? Join us for the free webinar, Thursday Sept 5 at 10am PST to learn more.

Tags: , , , , , , , ,

Cisco’s Policy Enforcement Solution Delivers

Whether you need to support BYOD work practices, or provide more secure access to your data center resources, the Cisco Identity Services Engine (ISE) can help. With this all-in-one enterprise policy control platform, you can reliably enforce compliance, enhance infrastructure security, and simplify service operations.

Cisco’s leading One Policy Solution—the Identity Services Engine (ISE)—now delivers even greater capabilities.

Join us next Thursday September 5 to learn about the solution’s newest enhancements—now available with its 1.2 release. The Identity Services Engine provides a comprehensive solution to manage and maintain network access and policies—ensuring consistent enforcement across wired, wireless, and VPN networks. Register today! Read More »

Tags: , , , , , , , ,

[Summary] How Secure Is Your Mobile Worker?

August 27, 2013 at 12:07 pm PST

Let’s start with how well do you know your mobile worker?  Understanding the mobile worker’s perceptions and behaviors will offer a better view on the potential security implications your organization must manage.  Cisco just released new global research (white paper) , Cisco Connected  World International Mobile Security study, that explores the mobile worker’s view points on working remotely, connecting to corporate and their sense of security.  Some of the findings are worth reflecting on to help you set the course for your mobile security efforts.

There is no question; the movement for mobile personal devices in the workforce has been well recognized.  A recent response to this trend includes employers (almost half) offering to fund workers buying their own devices.  Allowing “chose your own” device will attract and retain talent and reduce costs (see recent IBSG BYOD research)—but what are the security implications?

There were a couple striking data points to call out:

  • 63% download sensitive data on their device …and the frequency significantly increases in some countries—
  • Most believe remote access is a privilege—yet in some countries they believe it’s a right as a worker—
  • Most are diligent when a pop up appears and read through the details on what it really means. Yet, some workers from select countries tend to be generally less careful.
  • 60% admit to engaging in risky behavior on a device  (personal or company-owned), connected to corporate resources,

So, who really owns the mobile security issue—mobile workers do not take full responsibility for a safe device--as expressed in their high confidence in their IT with over 84% believing that IT will protect them from threats no matter what device.  Read more on http://blogs.cisco.com/security/how-secure-is-your-mobile-worker-2/

Tags: , , , , , , ,

How Secure is Your Mobile Worker?

August 22, 2013 at 6:00 am PST

How well do you know your mobile worker? Understanding the mobile worker’s perceptions and behaviors will offer a better view on the potential security implications your organization must manage. Cisco recently released a new global infographic and white paper, the Cisco Connected World International Mobile Security study. They explore the mobile worker’s view points concerning working remotely, connecting to corporate, and their sense of security. Some of the findings are worth reflecting on to help you set the course for your mobile security efforts.

There is no question that the movement to mobile personal devices in the workforce has been well recognized. A recent response to this trend includes almost half of employers offering to fund workers to buy their own devices. Allowing the “chose your own” device alternative will attract and retain talent and reduce costs (see recent IBSG BYOD research), but what are the security implications?

There are a few striking data points to call out:

  • 63% of users download sensitive data on their devices. The frequency significantly increases in some countries which should alarm people doing business internationally if there are no precautions taken to secure the downloaded data. Imagine your financial data or product road maps being downloaded on an unprotected personal device.
  • Most believe remote access is a privilege. Yet in some countries they believe it’s a right as a worker. This establishes high expectations for IT to support and secure the devices including, but not limited to, extensive help desk calls.
  • Most users are diligent when a pop-up appears and will read through the details and determine what it really means. Yet, many workers from select countries generally tend to be less careful and accept warning pop-ups without reading the details which increases the risk that hidden malware will be downloaded. Hackers depend on this social mining effort.
  • 60% of users admit to engaging in risky behavior on a device (for example, personal or company-owned) while connected to corporate resources. This suggests that more security enforcement technology would benefit the prevention of data breaches and/or loss.

Data_Protection_Chart_1-300x115So, who really owns the mobile security issue? Mobile workers do not take full responsibility for a safe device with 84% believing that their IT will protect them from threats no matter what device is used. Sometimes IT’s perspective on this dependency is expressed with disbelief. An example of this issue was observed at BlackHat from a security professional during a demonstration we presented a couple weeks ago.

During the demonstration, we were showing how a user who inadvertently clicked on a phony URL sent in an email. That click triggered to phone an alert to a hacker that an “innocent” user is accessing the phony Internet site. The user unknowingly offered login credentials to their bank account. The hacker begins to record the users’ keystrokes to use later for malicious purposes. A security professional from BlackHat chimes in during the demonstration with the comment, “Dumb User.” The demonstration later showed how the combined effort of Cisco ISE and SIEM (Lancope) with unique TrustSec enforcement can identify and control the malicious activity with a single policy (for example, by segmenting and restricting users traffic close to the edge—on a network switch). The surprise to the security experts watching the demonstration was the concept that the network switch provided this enforcement.

Bottom Line: Most mobile workers have good intentions but do rely on IT to step in.

It would be great hear from you on your impressions of these recent findings and whether you are a mobile worker or an IT professional.

Please refer to Cisco’s security response for the mobile workforce: Secure Access

Tags: , , , , , , ,