Cisco Blogs


Cisco Blog > Security

The Rise in Healthcare Cybercrime

Cybercrime1January this year witnessed the largest healthcare breach to date in which the personal records of 80 million individuals were compromised. It also marked an apparent change in focus from attacks on delivery organizations to healthcare payers. Last week two additional health insurers reported that they too had been hacked, resulting in the possible compromise of a further 11.25 million personal records. In a period of less than 3 months, the US has seen over 91 million records and personal identities stolen from healthcare insurers alone.

The health insurers appear to have been the target of highly sophisticated cyber attacks perpetrated from China, which involved the use of advanced persistent threats (APTs) and spear phishing. This allowed them to gain administrative credentials that were used to exfiltrate stolen data via the use of common cloud data services.

Read More »

Tags: , ,

Oil and the Smart Pipe – Article on The Network, Cisco, by Scott Gurvey

Scott Gurvey (the famous New York bureau chief and senior correspondent of the PBS broadcast Nightly Business Report for more than 20 years) has written a thought-provoking piece on “The Network” (Cisco’s Technology News Site).

Safety is the key in the Oil and Gas industry. Whether it’s people, infrastructure, or the environment, the industry is grappling with sometimes controversial issues.

Scott talks about the Keystone XL Oil Pipeline, new technology and the relative safety of different oil transport methods. He quotes James Stafford, the editor of Oilprice.com, as saying that even though moving oil through pipelines is generally considered safer than the alternatives of rail or truck transport, the number of pipeline accidents reported each year remains “unacceptable”

That’s where the new technologies of the Internet of Things comes in. The Operational Technologies (OT) requirements have been different to the IT needs in the past. In my view that’s because of several reasons. The different technologies used for each area gave rise to concern that folks have had about security between networks is one.

Read the latest Thought Leadership for Oil and Gas

Read the latest Thought Leadership for Oil and Gas

Another is that there was also a lack of visibility, and it was difficult for parts of an organization to collaborate with another to sense problems in real time and deliver the right resources to solve them. That’s changing as IT and OT converge. Probably not fast enough for most people’s liking, but that’s owing to the cultural changes needed.

Back to Scott’s article. I’m not going to steal his thunder on ‘Pigs’ (well, Smart Pigs, but still not the kind in your hot dog!), drones (the peaceful kind), or the Analytics challenge the industry faces today. You’ll have to read his article for that.

But I do want to give a plug for the recent thought leadership in the oil industry that Cisco recently conducted (A New Reality for Oil & Gas: Complex Market Dynamics Create Urgent Need for Digital Transformation), which I was proud to contribute to. In it the analytics issue comes to the forefront and IT/OT convergence and Collaboration are seen as essential catalysts for change, with an overarching emphasis on ensuring end-to-end cybersecurity. Read it to see the details. Some might surprise you.

As always, you can learn more about Cisco in Oil and gas here: www.cisco.com/go/oilandgas, and read the latest Secure Industrial Networks with Cisco White Paper (don’t worry, it’s only 3 pages!), by clicking on this link: Secure Industrial Networks with Cisco.

And I almost forgot – if you’re interested in Cisco’s relevance to oil pipelines and that part of the industry, here’s something to whet your appetite: Cisco Connected Pipelines At-a-Glance.

Happy reading! And remember, stay safe out there!

Tags: , , , , , , , , , , , , ,

Best Practices: Device Hardening and Recommendations

On April 13th, 2015, Cisco PSIRT was made aware of multiple instances of customer disruption in a specific region caused by a denial of service attack against Cisco devices. We responded quickly to support speedy restoration for our customers.

Our ongoing investigation has shown that the storage of some Cisco devices was erased, removing both the Cisco IOS and device configuration from the non-volatile RAM. Once rebooted, these devices became non-operational, affecting connectivity to the global Internet.

Cisco PSIRT, together with other internal Cisco teams, responded to support affected customers, review configuration backups of affected devices, and to analyze all available log files and Netflow information.

At this time, we have seen a common element across all inspected devices: a combination of weak credentials and a lack of device hardening. There has been no evidence of a Cisco bug or vulnerability being exploited. Should this situation change and we discover the use of a vulnerability, Cisco will disclose in accordance with our Security Vulnerability Policy.

Read More »

Tags: , , ,

Industry Recognition for Security Excellence

Cybersecurity is a company-wide initiative. It touches every line of business, the technology, the fabric of the organization, its culture, brand and reputation. Customers are telling us that their most important issues are security and assuring the integrity of the products and data in their networks. In light of the heightened potential for cyber threats, trust is more important than ever throughout the entire IT industry. A trustworthy product requires that security be integrated throughout the product lifecycle based on a transparent and open culture of the company, its policies, its processes, its supply chain, and its partners.

John Stewart, Senior Vice President and Chief Security and Trust Officer here at Cisco, drives trustworthy systems development, supply chain security, cloud security and customer data protection, as well as validation of Cisco’s cyber security practices. This week, John was presented with the RSA Conference Award for Excellence in Information Security during the conference keynote. We are excited for John and see the award as recognition of the work Cisco is doing around the world to raise security awareness and the importance of trust, accountability and transparency from IT vendors.

I was chatting with John after the award presentation and he told me what an honor it was to receive this level of recognition, because it affirms we’re on the right path. We recognize the enormity of the security task before us and it makes us all proud to work for a company that is totally committed to the security of our solutions and of our company.

You can read more about the award here.

Tags: ,

Hardening the Cisco TelePresence DX Systems

The Cisco TelePresence Hardening Guide has been updated, adding the DX70, DX80, and DX650 models. The Cisco DX Series run the Google Android operating system, which has special considerations for security.

The updates cover security areas related to:

  • Access to the Google Play store and 3rd party apps
  • Remote access to the device
  • Simple versus Enhanced mode
  • Syncing the system to external accounts
  • Serial and console access
  • Bluetooth considerations

The hardening guide can be found at the following URL:
http://www.cisco.com/web/about/security/intelligence/TP_Harden_Guide_wp.html

Give it a read and learn how to harden your TelePresence DX system.

Tags: , ,