Cisco Blogs

Understanding Today’s Security Landscape

May 12, 2017 - 4 Comments

In the digital age, the security landscape only continues to become more complex, and well into 2017, we continue to witness the escalation of security threats across almost every industry. Especially, we are seeing a marked increase in the sophistication of security threats as they hit the front page news.

Why do hackers want your information?

Why are hackers working so diligently to obtain your customer information? The answer is simply “MONEY”. Hacking is a $450 billion to $1 trillion industry. [1] Just some examples of the market values of compromised data include:

  • Social Security Numbers ~ $1 each
  • Credit Card Data $0.25 – $60 per card
  • Exploits $1000-300K per incident
  • DDoS as a Service $7 per hour
  • Malware Development $2500 per app
  • Mobile Malware $150 per instance
  • Bank Information $1000 or more
  • Facebook Accounts $1 for account with 15 friends
  • Spam $50 / 500K emails

What does losing data do to your company?

Right now, it is estimated that nearly 50 percent of organizations are under public scrutiny due to security breaches. [1] These incidents lead to huge losses for businesses and consumers, and can profoundly damage brand loyalty and customers’ trust. According to Cisco’s 2017 Cybersecurity Report, 23 percent of surveyed security professionals experienced a loss in business opportunity, 29 percent saw a decrease in overall revenue, and 22 percent said they lost customers after experiencing a breach in their companies.

What can you do?

Many security events are detected months after the event or sometimes not at all. Detection times may be over 200 days! This is mainly due to a lack of monitoring, analytics, and processes. Sometimes, this problem may occur due to the overall security architecture. Today 55 percent of organizations use anywhere from 6 to greater than 50 security vendors and 65 percent of organizations used anywhere from 6 to greater than 50 security products. [1] Some of this stems from the belief of safety due to stacking security products to close holes in a single vendor product. This creates a false sense of security. With this many companies and products in an organization, detection and reporting becomes nearly impossible.

So, how do you detect and mitigate these threats? This is a tough question in today’s increasingly digital age. Areas that are growing rapidly in mobile, cloud infrastructure, and user behavior apps create increased vulnerabilities to your brand. One of the challenges is that more than 50 percent or security professionals view their security as adequate and their achievement of compliance standards as adequate. [1] This gives many people a false sense of comfort.

Due to the advanced weaponization of attacks, security will and should be a constant focus and investment. As far as compliance goes, it should be the minimum entry fee or the price to play.  By no means is it a security strategy. Traditionally, retail security teams have responded to security threats by building the firewall higher and stronger. And yet, in every store there will be a breach and it is only a matter of time. CISOs should therefore expand their attention to early detection, defense, and containment. This is in line with Cisco’s before-during-after strategy.

At Cisco, we believe that a unified security architecture that protects the entire retail organization – from the store to the cloud to the data center – is the most comprehensive and best security strategy.  In fact, our testing has shown that our average time to detection at 6 hours as of October 2016.  With today’s attacks usually doing recon work early, timing of detection and mitigation is everything.

Cisco further describes today’s threats in the annual 2017 Cybersecurity Annual Report.

Click here to learn more about Cisco Security solutions for retail.

[1] Source: Cisco 2017 Security Capabilities Benchmark Study

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Agree, Security is a big concern for all to see, from the minimalist perspective of individuals to big enterprises as well. There is no doubt how fast the threats evolve. And I also agree with the last insight:..”At Cisco, we believe that a unified security architecture that protects the entire retail organization – from the store to the cloud to the data center – is the most comprehensive and best security strategy.”

  2. great commentary on security threats Kevin! The brand erosion from a security attack is a huge part of the damage to a company, especially if there have been any other issues with the brand such as food safety, product recalls, poor customer experience publicity – when a security attack is added to the mix it further erodes customer trust in the brand. Better to get ahead of the security threats than deal with living through them.

  3. Nothing is simply “MONEY”. And if you say so i will disagree . Because when push comes to shove . Thinking from a hackers perspective its more about pride and latter comes the money !
    Because not all of them get paid , not all deal goes well , not all Ransomeware lives upto its expectation .Not all hackers escape(s) so i rephrase it was never about the money !
    ” If hack goes good , there is always money , no hacker ever needed to worry about that ”
    Its more of a big FU ! In the face .

  4. Why do hackers want your information?

    They just don’t want your information there is a bigger play to understand but i do think you missed some reason though :
    a.Because its too damn easy ! to obtain your info. than that other guy .
    b.Because not many people ! think they can be hacked . Being pompous comes first .
    c.Because too many thinks they are immune ! , like nobody will dare !
    d.Because they are after “if ” not the ” when ” .
    e.Hackers thinks people are born to be toad and people/companies acts accordingly. Like if they are literally begging to be hacked .

    And if people keep on thinking the same ,
    $450 billion to $1 trillion is nothing . It will rise up .
    Anyway anyhow ….
    Cisco unified security architecture is the ans but sadly not many are looking at the right direction .