Cybersecurity isn't easy, and hacks can cost companies millions. Though cyberattacks can appear limited to the web, digital threats have real-world consequences, particularly for public enterprise companies, said Cisco's Anthony Grieco, Senior Director of Security and Trust. "Threats have become increasingly complex and often are related, so it's important to look at the bigger picture, particularly when so much can be at stake."
SEE: The Internet of Things threatens to unleash security, privacy, and legal nightmares (Tech Pro Research report)
Public companies in particular have a responsibility to take cybersecurity seriously and to raise cyber-risk awareness internally. Protecting business assets is a complex and nuanced process, Grieco said. His job is to increase risk awareness issues at Cisco and its partners. "We recommend that businesses take a holistic view in a security strategy that includes people, process, policy, and technology versus solutions for one type of attack."
Grieco spoke with TechRepublic about the importance of raising internal awareness of cyber-risk issues.
What types of cyber-threats are common in all enterprise sectors?
Threats like ransomware, malware, DDoS, and theft of data are all common regardless of sector. Many of these threats attack two major elements of the enterprise, either the resilience of the enterprise or the confidentiality of the data the enterprise holds.
One of the most under-appreciated threats is a result of unpatched or aging infrastructure. [The] lack of basic [digital] hygiene and [not] staying up to date creates significant threats to all major enterprises today.
What enterprise sectors are most vulnerable?
All sectors are vulnerable but in the last couple of years we have seen healthcare, finance, education, government, and retail hit the hardest.
How should enterprise organizations respond to ransomware hacks?
Enterprise needs to look at the entire lifecycle of ransomware:
- Prevent ransomware from getting into the network where possible.
- Stop it at the systems before it gains command and control.
- Detect when it is present in the network.
- Work to contain it from expanding to additional systems and network areas.
- Perform incident response to fix the vulnerabilities and areas that were attacked.
What are the best practices for raising risk awareness internally?
Awareness starts at the top. Cybersecurity must be part of an organization's culture. Continuous education and awareness are foundational to building a cybersecurity culture.
Being prepared is critical in responding to security incidents. Creating a formal organization role and function dedicated to security that is easy to get in contact with is critical in dealing with both data leaks and security vulnerabilities.
SEE: Threat intelligence: Forewarned is forearmed (Tech Pro Research report)
Second, have a well understood and practiced procedure for receiving information about the security event and interacting with internal stakeholders to assess the event. Finally, implement accountability to ensure that the incident response plan that focuses on detection, containment response, and remediation are executed in a timely manner.
What are the essential tasks enterprise organizations can do to prevent a cyberattack?
- Know what is on your networking infrastructure and know where your data is.
- Identify the connected devices and their owners.
- Know what the device should be doing and have visibility into its activities.
- Enforce policies around segmentation and behavior to identify and address attacks targeting these devices.
- Be able to take action if an incident occurs.
- Train employees to be aware of their role in preventing cyberattacks.
It is additionally important to realize that cybersecurity isn't just an IT security problem anymore. Every business function is adopting technology and in many cases integrating the technology into the products or services they offer to their customers. Ensuring that everyone understands that importance of cyberattack prevention, identification, and remediation must be woven throughout the fabric of the enterprise.
What trends can we expect to emerge over the next 18 months?
We'll continue to see security vulnerabilities exploited for monetary gains through activities like ransomware and DDoS. With the rapid expansion of IOT, we'll also see new types of devices becoming the targets of adversaries' activities.
How does Cisco apply security best practices internally?
Cisco takes a holistic approach to security. People, processes, technology are all looked at across all of our businesses. As a leader in the technology space, we spend a lot of time ensuring the products and services we sell have security baked in from the beginning. This is critical to ensure our customers themselves have an opportunity to secure their businesses when using Cisco products.
We emphasize the importance of resilience [and] the ability to prepare for and adapt to changing threat conditions while withstanding and rapidly recovering from attacks. This process includes identifying events that may happen, assessing how likely they are to happen and what impact they may have, and deciding what actions to take. Cyber-resilient systems are able to continue to conduct mission-critical processing in a manner that preserves the confidentiality, integrity, and availability of data, which in turn establishes stakeholder trust.
We also use Unified Security Metrics specifically designed to promote the continuous improvement of an IT service, to measure its security posture over time, and to provide a two-way feedback mechanism to IT service owners and leaders.
- Five essential cybersecurity podcasts for IT professionals (TechRepublic)
- 2017 cybercrime trends: Expect a fresh wave of ransomware and IoT hacks (TechRepublic)
- Cyberwar: The smart person's guide (TechRepublic)
- How to safely access and navigate the Dark Web (TechRepublic)
- IT Security in the Snowden Era (ZDNet)
- Cybersecurity sleuths learn to think like hackers (CNET)
- Inside look at the race to outsmart hackers (CBS News)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.