Cisco Blogs
Share

The 3 Ps of Comprehensive Cybersecurity

- May 1, 2018 - 4 Comments

There is no question that the threat of cybersecurity breaches is business impacting in our ever-increasing connected world. There are two data points that I like to use on this matter to illustrate the impact:

  • According to a CIO Insight survey, 71% of executives surveyed said that concerns over cybersecurity are impeding innovation. 
  • A Cisco survey of IT leaders, effective security across the enterprise said the service innovation was what they wanted most.

In other words, most businesses and their technology leaders feel security is the difference between them being innovative or not.

The logical question then might be, how businesses can best achieve effective security within their enterprise? The annual Cisco Cybersecurity Report addresses this question directly. The right answer, as you might have already guessed, is that technology alone is no panacea to the increasingly scale and complexity of cybersecurity threats.

In fact, according to Red Teaming attack simulations conducted by the Cisco Security Services Advisory Team security technology products alone could thwart only 26 percent of the known issues. Using security policies alone, this number dips to 10 percent. And even with the most highly trained people on-hand, only 4 percent of the issues would have been remediated.

The conclusion reached in the report is that based on these numbers, businesses have to incorporate all three “Ps” into their comprehensive cybersecurity strategy. Further, they can dramatically increase their odds of successfully managing all three factors if they help ensure that security is embedded into every layer of the organization instead of being bolted on ad hoc on an as-needed basis.

There’s Never Been a Better Time for Better Cybersecurity

Timing is of the essence for businesses to incorporate the Three Ps of cybersecurity as 2018 looks to be the worst on record in terms of threats and attacks. There are huge cost implications at stake, of course. Half of the respondents to the Cisco Cybersecurity Report said that they were victimized by successful security breaches that resulted in financial damages of more than $500,000 due to lost revenue, customers, opportunities, and out-of-pocket costs. Given the fact that it can take the average enterprise up to six months just to identify data breaches, these numbers should trigger alarm bells within boardrooms everywhere.

The good news is that companies are continuing to invest heavily into security products and shoring up their policies. It is also encouraging that these companies are acknowledging that they also need to buttress the people part of their cybersecurity strategy. Evidence for this comes from the healthy growth in the managed security services market, almost 15 percent a year according to one research firm.

Cisco Can Help with the People Part

The fact that Cisco can help with people aspect might come as a bit of a surprise to businesses and technologists who know Cisco as the provider of a world-class security product portfolio. We are more than an established thought-leader when it comes to implementing best practices in security policies.

The investment Cisco has made in people in the form of security researchers, data scientists, and engineers is a point of pride for us. The shining example of this is our Talos Threat Intelligence Arm, a dedicated global team who uses the Three Ps on a daily basis to actively scan 600 billion emails, 16 billion web requests, and combat 1.5 million malware instances. Talos is also illustrative of how strategic the Cisco Services offerings are in general by leveraging people, processes, and products to support today’s digital, dynamic, and uber-connected businesses.

Till Next Time

Check out the Security Services Assessment Tool to see the different ways Cisco Security Services can help you stay secure.

This focus on security is the first part of two blogs on how Cisco Services is supporting the top technology priorities for enterprises. In the next edition, I’ll take a look at the critical role Services is playing in helping companies take full advantage of Intent-Based Networking, which is already showing itself to be the next “big thing” in networking.

 

Tags:
Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed and HTML formatting will not appear.

4 Comments

  1. Great article, I always deal with People, Process and tools for my Operational ennoblement services @ Cisco

  2. What are the 3Ps?

    • Hi @CyberCurious. Thanks for your comment! The 3 Ps of comprehensive cybersecurity are: Products, Policies and People.

      People, policies and product IIRC (or words to the same effect). This was research that came out of Security Advisory EMEAR from our red team where we took the issues we were finding and mapped the effective control points.