October is National Cybersecurity Awareness Month (NCSAM), an annual event promoted by the Cybersecurity and Infrastructure Security Agency (CISA). The goal is to increase understanding of cyber and physical risks to critical infrastructures and encourage security and resiliency. Cisco fully supports NCSAM and we do our part to emphasize the importance of cybersecurity.
For any size organization, complacency is a dangerous mindset. The pool of bad actors and methods to breach networks is constantly evolving and growing and it can be challenging to stay one step ahead. Comprehensive approaches to protection are critical, but make sure you also have the basics covered to reduce your company’s risk landscape. In the spirit of NCSAM’s 2020 theme, “Do Your Part and #BeCyberSmart,” here are three that I strongly recommend:
- Choose great security partners
- Manage your software risk
- Drive a culture of security and compliance
1. Choose Great Security Partners
Most networks contain security devices and software from multiple security partners. Whether you work with one provider or several, do your homework and make sure they view security end to end, which is the best way to reduce exploits and vulnerabilities. Cisco sets the standard with a holistic approach to keeping our customers safe, including:
- A deep portfolio of security services, products and experience to meet any customer needs.
- Designing with security in mind through our Cisco Secure Development Lifecycle (CSDL), a repeatable, measurable process to increase Cisco product security, resiliency, and trustworthiness.
- Proactive threat modeling through our Product Security Incident Response Team (PSIRT) to ward off future vulnerabilities and share published information about existing ones in our products, plus software updates required to enhance product security.
- Security assurance materials available via Cisco’s Trust Center like data maps and privacy sheets detailing how Cisco drives data protection and privacy, embeds security across processes and technology, and builds in trust throughout the product lifecycle.
- Maintaining key certifications – ISO 27001 to ensure a risk-based process to preserve confidentiality, integrity, and availability of information and TL 9000 to demonstrate our commitment to quality and integrity.
Security is complex so choose partners wisely. Use Cisco’s approach as your baseline.
2. Manage Your Software Risk
In a previous blog, I discussed reasons why companies are hesitant to perform network software upgrades including limited maintenance windows, network downtime, and potential for performance or other issues. These concerns are valid but must be weighed against the risks, such as security. Upgrading introduces remediations for bugs and vulnerabilities. Delaying could leave your network unprotected and vulnerable to the latest threats.
At Cisco, we pay close attention to our customer’s comments, behaviors, and trends related to software. In a recent study, security was noted as the number 2 reason our customers choose to upgrade, with improving reliability as number 1. That’s a good sign that security is becoming even more of a priority, especially if upgrading proactively is the goal.
Cisco recommends maintaining a continuous process to assess and understand software risk. Then to mitigate that risk, deploy the software version most appropriate for your organization – code that is fully supported and up to date with the latest features and fixes.
3. Drive a Culture of Security and Compliance
The weakest links in the security chain are most often people, who can unintentionally add significant risk to your security equation through unsafe practices. Things like clicking a phishing link that enables malware and ransomware, using a simplistic password, or leaving a computer screen open, logged in, and unattended.
Employees play a critical role in protecting a company and need to understand their part. Security awareness is a priority at Cisco and we have a comprehensive education program and mandatory training with ongoing refreshers. We regularly communicate the value and importance of staying aware, alert, and secure, and recognize people who exemplify security-related behaviors.
As an example, Cisco recently implemented a comprehensive risk mitigation program to further emphasize and drive a culture of pervasive security. Check out Keep Cisco Safe and consider if something similar would benefit your organization.
Whether you’re strengthening your network security, looking to partner with an experienced provider to run security for you as-a-service, or trying to get your entire workforce motivated to practice strong security behaviors, Cisco can help. For more information, here are links to additional security-related services and offerings or you can reach out directly via firstname.lastname@example.org. Do Your Part and #BeCyberSmart!