Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Cisco: All Hands on Deck for Security
Cisco Talks Security: All Hands on Deck
Cisco Talks Security: All Hands on Deck
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Networking giant Cisco is sounding the alarm on security, calling for an “all-hands-on-deck” approach to defend against escalating cyberattacks. Cisco’s 2015 Annual Security Report examines both threat intelligence and cybersecurity trends and includes stark warnings for enterprises large and small.

We already know that attackers are getting better and better at tapping into security gaps without detection. Security teams, which Cisco dubs “defenders,” need to stay on par with the ever-increasing sophisticated attack methods. At the same time, geopolitical motivations are adding a layer of complexity to the threat protection equation, as are conflicting requirements that local laws impose with respect to data sovereignty, data localization and encryption.

Cybercriminals are certainly expanding their tactics and adapting their techniques to carry out cyberattack campaigns that are harder to detect and analyze. Cisco identifies the top three threat intelligence trends as: snowshoe spam, in which a spammer uses a wide array of IP addresses to spread out the spam load; Web exploits hiding in plain sight; and malicious combinations, like Flash and Java exploits.

Protecting the Full Stack

Security needs an all-hands-on-deck approach, where everybody contributes, from the boardroom to individual users, said John Stewart, senior vice president and chief security and trust officer at Cisco.

“We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight,” Stewart said.

“Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind," he added. "Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future. It requires leadership, cooperation, and accountability like never seen before in our industry."

Think Pervasive Security

The Cisco study reveals that 75 percent of CISOs (chief information security officers) see their security tools as very or extremely effective. However, less than 50 percent of respondents use standard tools such as patching and configuration to help prevent security breaches and ensure they are running the latest versions. Heartbleed was the landmark vulnerability last year, yet 56 percent of all installed OpenSSL versions are over four years old. That is a strong indicator that security teams are not patching, Cisco said.

We caught up with Zeus Kerravala, principal analyst at ZK Research, to get his thoughts on the study’s revelations. He told us companies are starting to realize many points in the infrastructure that were once thought to be secure are not -- and those points have become the points of cyberattacks. Kerravala pointed to the Target hack, which came in via a trusted third-party vendor, as an example.

“The notion that there are points in the network that need to be secured and other points that don’t need to be secured is the biggest misguided strategy in security,” Kerravala said. “You are only as good as your weakest link. Within many organizations, there are many links that aren’t protected at all. That requires a shift in security strategy. Companies need to think more of how you make security pervasive across the network.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.