Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt

Cisco: Companies More Proactive About Cybersecurity

The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.

The high-profile hacks of credit card systems over the past few years and the scourge of ransomware attacks that reached lofty levels in 2017 appears to have convinced businesses to become more proactive about cybersecurity, according to an expert in Cisco Systems' security services group.

In an interview with Security Now at this week's Cisco Live 2018 conference in Orlando, Fla., Sean Mason, director of threat management and incident response for Cisco's Security Advisory Services, said he has seen a shift over the past couple of years in customers becoming increasingly interested in learning how to protect themselves against hacks and other cybercrimes rather than simply reacting when an attack occurs.

"For years there was a lot of news and a lot of press around nation-state attacks, and to be fair, a lot more organizations were impacted than truly thought they were," Mason said, adding that their thinking was, "'I'm not doing X, Y, Z, so I don't have to worry about that problem.' That wasn't necessarily true, but that was the mentality. Then we started seeing a lot of credit card hacks."

(Source: iStock)\r\n\r\n
(Source: iStock)\r\n\r\n

Many well-known companies were victims of attacks in which cybercriminals stole personal data from millions of customers -- think Equifax, Target, Home Depot, Chipotle and, most recently, MyHeritage. Still, there were businesses that still rationalized their situation by thinking that since they don't process credit card data, they didn't need to worry. (See MyHeritage Data Breach of 92M Accounts Raises Many Questions.)

"Then what really went mainstream a couple of years ago was ransomware," he said. "I hate saying that, because it's a lot less sophisticated in some cases than dealing with a nation-state or even cybercriminals going after credit card data. It's a different way of doing things. It's extremely noisy … and the types of organizations that were hit, all of a sudden it was, 'Oh my gosh, that could be us,' and it really hit home that it no longer just somebody else's problem. It was, 'This could be us tomorrow.' That might have really been the trigger."

Ransomware wasn't new; stealing corporate or personal data and holding onto it until a ransom is paid, usually in cryptocurrency like Bitcoin. However, the malware has become increasingly sophisticated, and broke into the headlines last year with WannaCry, which infected hundreds of thousands of vulnerable Windows PCs and attacked such major companies as Nissan Renault, FedEx and Telefonica until a kill switch was found for it. WannaCry also spawned an array of new ransomware that built off its success. (See WannaCry: How the Notorious Worm Changed Ransomware.)

Security firms such as Check Point have noted that incidences of ransomware have waned a bit from 2017 as threat actors are focusing more on stealing PC CPU cycles to mine cryptocurrencies, but warned that doesn’t mean ransomware is no longer a threat, as the cities of Atlanta and Baltimore learned earlier this year.

WannaCry and other ransomware attacks caught the attention of many customers, Mason said. Cisco's Security Advisory Services group is seeing an increase in requests from companies for help in learning how to protect their corporate networks and data and how to respond when an attack occurs.

The top requests are for tabletop exercises, where participants are put into a low-stress environment and walk through scenarios of potential emergencies to learn and discuss such aspects as operational plans, responses, dealing with stakeholders and communications.

And what most customers want to run tabletop exercises in is ransomware, he said. They're less interested in situations like someone stealing their IP. They want to know what to do if someone takes over their systems and takes control of their data. Many companies can use the training, Mason said. Not many have deep expertise in Bitcoin and some haven't backed up their data, but they understand that if ransomware hits, it's not just about having to pay to regain control of the data, but also the lost productivity. (See Bitcoin & Other Cryptocurrency Prices in Flux Following Hack.)

"Literally, customers with tens of thousands of machines down," he said. "You cannot do work, you cannot run your business, you cannot operate."

The shift toward customers becoming more proactive about security has become pronounced over the past couple of years, with Mason estimating that the split in the security services team's work hitting 70% proactive and 30% reactive.

"It used to be more reactive," he said. "You look at a couple of years ago, it used to be fire, fire, fire, fire, but now it's really starting to shift the other way. That's a good thing. The reactive work is not going away, but we're having more and more asks and requests [for proactive help]. It's actually kind of nice to see that over the last couple of years it's been ticking up more. [Being proactive is] planning ahead for your worst day. That day will come eventually. It's going to happen."

Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

Cisco's security services group also has the ability to leverage the work of the Cisco Talos threat team, which looks at issues around the globe.

"While we're focused on maybe one customer or two customers or whatever number it might be, they're off looking at thousands upon thousands of customers and pulling down data and trying to figure out, 'OK, how can we get ahead of this?'" Mason said. "We may be with a client and may see one thing going on, and we take what little information we may have and say, 'Hey, Talos, what are you seeing?' They see a lot more than we would just see. They might say, 'Guys, this is XYZ,' or, 'This is new' or 'This is old stuff,' or, 'Whoa, we need to get ahead of this.' My team tends to see things nobody else sees quite yet."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Sure you have fire, but he has an i7!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-05
SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to insert malicious SQL queries via username parameter at login page.
PUBLISHED: 2021-03-04
On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure.
PUBLISHED: 2021-03-04
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
PUBLISHED: 2021-03-04
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
PUBLISHED: 2021-03-04
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.