Build a Secure Cyber Foundation
October is Cybersecurity Awareness Month in the United States, European Union, and many countries around the world. Cybersecurity Awareness Month brings to light the many successes we’ve realized and the struggles we continue to face – a sobering reminder that our work is far from finished.
This year, let’s skip ‘sounding the alarm’ or ‘talking about hackers.’ Let us instead talk about ourselves. To my eye, we need to evolve our industry aggressively; and by our industry, I mean cyber and digital – in whatever industry you find yourself. Simply put, digital adoption has overcome our common cybersecurity practice, so that practice must evolve. Now!
Let’s start with dual premises: that cyberthreats will always exist and that digital is a cornerstone to future success. If you agree, then the sobering reality is that cybersecurity can’t be viewed as a separate ‘thing’ from businesses operations or the running of a nation-state or city, that you must see something to protect it or prevent it, and – yes – we need to measure results. As a longtime mentor of mine once said: “Don’t confuse hard work with results.”
Three Strategic Steps to Success
So, with that in mind, here are three steps you can take to build a secure cyber foundation:
1. Integration – We need to weave cybersecurity into the very fabric of our organizational strategy on a national, local and business level. Tie national economic policy to cybersecurity and both will benefit. Tie corporate financial goals to cybersecurity and both will benefit. Companies and governments working towards common goals are vital for both to be successful. If we fail to do this, in each case, both suffer.
2.Visibility – To stop a threat, we must see a threat – or get lucky, and it’s always better to be good than lucky. Since this is a connected medium, seeing only your own threats isn’t enough for us all to be safe. ‘Safer Together’ is a mantra that we all can share. So take risk consciously and don’t have it unknowingly lurking. What you don’t see will hurt you and what you can see will only make you stronger.
3. Execution – The most important indicators of how you’re executing are by measuring progress, efficacy and outcomes. Validate your security effectiveness by applying appropriate controls and measures like Total Visibility, Time to Detect, Time to Mitigate, Vulnerability Dwell Time, and Annual Losses to name but a few. Monitor and measure your progress to drive efficiency and efficacy to get to your desired outcomes.
I duly recognize that none of these are as easy as this blog is to write… but then, cyber isn’t for the faint of heart.
Also foundational for us here at Cisco is our commitment to our customer, partners, stakeholders and employees that cybersecurity is our priority, always top of mind and firmly embedded in everything we do. Not only in October, throughout the year and ongoing.
We’re committed to providing the most secure products, solutions and services we can offer, confirmed through a secure development lifecycle approach with embedded security controls for verification that engender trust.
We’re committed to driving secure processes and policies throughout our organization, from the top down, across our operations and through programs that prioritize cybersecurity governance, compliance, awareness and education for our leadership, management and employees.
Resources to be More Secure
And we know we can’t secure our online world without providing the resources to get it done. For Small-to-Midmarket Businesses (SMBs) – companies with a handful to as many as 500 employees that make up more than 90 percent of the global business market – we’re launching a new Cybersecurity Special Report that provides deeper insights into the cyber-risks SMBs face and share guidance to consider for the near-term and beyond.
For enterprises and public-sector organizations alike, our Cybersecurity Awareness Month and the European Cyber Security Month sites offer a month-long roster of events, activities and educational content. Links to security reports, blogs, videos, white papers and more will keep you informed. And all year long, the Cisco Trust Center offers new resources to help you with security, data protection and privacy.
Be safe out there! 😉