I was at the Gartner Security and Risk Management Summit at the Gaylord National Harbor and had the opportunity to attend the session, “Finding the Sweet Spot to Balance Cyber Risk,” which Tammie Leith was facilitating.
During the session, the panel had been discussing how the senior leadership teams address the problem of putting their signatures against the risk that cyber threats pose to their organizations. Tammie Leith made a point to the effect that it is just as important for our teams to tell us why we should not accept or acknowledge those risks so that we can increase investments to mitigate those risks.
What caught my attention was that the senior management teams are beginning to question the technical teams on whether or not appropriate steps have been taken to minimize the risks to the corporation. The CxO (senior leadership team that has to put their signature on the risk disclosure documents) teams are no longer comfortable with blindly assuming the increasing risks to the business from cyber threats.
To make matters worse, the CxO teams and the IT security teams generally speak different languages in that they are both using terms with meanings relevant to their specific roles in the company. In the past, this has not been a problem because both teams were performing very critical and very different functions for the business. The CxO team is focused on revenue, expenses, margins, profits, shareholder value, and other critical business metrics to drive for success. The IT security teams, on the other hand, are worried about breaches, data loss prevention, indications of compromise, denial of services attacks and more in order to keep the cyber attackers out of the corporate network. The challenge is that both teams use the common term of risk, but in different ways. Today’s threat environment has forced the risk environment to blend. Sophisticated targeted attacks and advanced polymorphic malware affect a business’s bottom line. Theft of critical information, such as credit card numbers, health insurance records, and social security numbers, result in revenue losses, bad reputation, regulatory fines, and lawsuits. Because these teams have not typically communicated very well in the past, how can we ensure that they have a converged meaning for risk when they are speaking different “languages”?
Read More »
Tags: cyber, NIST, risk, security
As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
The Cisco Visual Networking Index revealed an obvious truth that none of us can deny—mobile data traffic is on the rise and shows no signs of stopping:
- By 2018, over half of all devices connected to the mobile network will be “smart” devices
- Tablets will exceed 15 percent of global mobile data traffic by 2016
- By the end of this year, the number of mobile-connected devices will exceed the number of people on earth, and by 2018, there will be nearly 1.4 mobile devices per capita
With the explosion in the number of smart mobile devices and employees increasingly taking advantage of BYOD, securing company and personal data in a world where the mobile endpoint is a new perimeter presents technical and legal challenges for organizational leaders.
What are some of the most prevailing challenges? The personal use of company-owned devices happens more frequently than IT may realize and a complex legal environment can leave both employees and IT confused on how personal privacy is being protected. It is important for human resources to weigh in here as well.
Read More »
Tags: byod, Cisco, data security, future of mobility, malware, mobility, security, vni
The Internet of Things (IoT) has made a profound impact on our lives. However, it also means that more personal information and business data will be passed back and forth in the cloud, and with that comes new security risks, new attack surfaces, and new kinds of attacks. And with an unprecedented number of companies staking the future of their businesses on the pervasive connectedness that the IoT world promises, business leaders need to empower their technical teams to create secure IoT networks.
Most organizations deploy disparate technologies and processes to protect key elements of their businesses, including the information technology (IT) that is typically focused on information protection and operational technology (OT) charged with managing control networks that support critical infrastructure, as well as physical spaces. I recently encountered a company that implements more than 80 security products for different tasks. Many of these systems don’t work together, which in turn limits the level of security this company can achieve.
In an IoT environment, we need to accommodate the priorities of both IT and OT networks, balance physical safety and security requirements, and also begin to implement cybersecurity solutions to equally protect all networks from attack. Solutions must be put into place to protect the device, control levels of the network, and the data contained and shared. We need to shift our mindset from considering each object in isolation, to looking at the whole. Attackers are taking a holistic view of the IoT and defenders must do the same.
Read More »
Tags: Chris Young, internet of things, IoT, security
In my discussions with security executives who gathered at the recent Gartner Security Summit they recognized that unsecured access to the network is a critical threat vector. However, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. What does this mean?
Read More »
Tags: Enterprise, IT, network, security
I recently wrote about how we are extending Cisco Entrepreneurs in Residence (EIR) and our open innovation strategy beyond Silicon Valley through local incubation partners in Chicago, San Diego and Berkeley. Our presence in these innovation hubs will enable us to discover, influence and learn from new ideas and talent at early-stage startups with potential to disrupt our industry.
Today, I am pleased to announce the launch of Cisco EIR Europe, extending our program to a non-U.S. innovation hub for the first time. Cisco EIR will be located initially in Vienna, where we plan to launch a small cohort of early-stage European startups by January 2015 – to be supported & incubated by Cisco – drawn from across EMEAR. As with Cisco EIR in Silicon Valley, we will look for game-changing entrepreneurs in IoE, security, Big Data/analytics, Smart Cities & other transformational opportunities that are in Cisco’s strategic line of sight. Also as in our Silicon Valley program, the startups will be supported by Cisco engineering & product teams as well as our EMEAR partner ecosystem. The Vienna-based program is intended to serve as the beachhead – our “Phase 1” – for a broader EU-wide footprint for Cisco EIR.
Key to our success is how we leverage the startup ecosystem that already exists in Europe. To this end, starting in Vienna, we have partnered with Pioneers, a leading startup community organization in Europe. More partnerships are in the works.
I know all of you will agree innovation knows no national boundaries. Europe, with its deep entrepreneurial talent, large market and history of innovation, presents a unique opportunity for us. Europe is also one of the key regions for our Smart Cities – as you saw from our recent announcement of a new Smart Cities initiative in Copenhagen, following similar projects in Barcelona, Amsterdam Chicago and Hamburg.
We are thrilled to forge relationships in the European startup community – and support entrepreneurs as partners in open innovation.
Tags: analytics, Big Data, Cisco, ciscoeir, cloud, entrepreneurship, EU, Europe, innovation, Internet of Everything, internet of things, IoE, IoT, Mala Anand, security, Smart Cities, Smart City, startups