Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

6/14/2018
09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Cisco: Companies More Proactive About Cybersecurity

The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.

The high-profile hacks of credit card systems over the past few years and the scourge of ransomware attacks that reached lofty levels in 2017 appears to have convinced businesses to become more proactive about cybersecurity, according to an expert in Cisco Systems' security services group.

In an interview with Security Now at this week's Cisco Live 2018 conference in Orlando, Fla., Sean Mason, director of threat management and incident response for Cisco's Security Advisory Services, said he has seen a shift over the past couple of years in customers becoming increasingly interested in learning how to protect themselves against hacks and other cybercrimes rather than simply reacting when an attack occurs.

"For years there was a lot of news and a lot of press around nation-state attacks, and to be fair, a lot more organizations were impacted than truly thought they were," Mason said, adding that their thinking was, "'I'm not doing X, Y, Z, so I don't have to worry about that problem.' That wasn't necessarily true, but that was the mentality. Then we started seeing a lot of credit card hacks."

Many well-known companies were victims of attacks in which cybercriminals stole personal data from millions of customers -- think Equifax, Target, Home Depot, Chipotle and, most recently, MyHeritage. Still, there were businesses that still rationalized their situation by thinking that since they don't process credit card data, they didn't need to worry. (See MyHeritage Data Breach of 92M Accounts Raises Many Questions.)

"Then what really went mainstream a couple of years ago was ransomware," he said. "I hate saying that, because it's a lot less sophisticated in some cases than dealing with a nation-state or even cybercriminals going after credit card data. It's a different way of doing things. It's extremely noisy … and the types of organizations that were hit, all of a sudden it was, 'Oh my gosh, that could be us,' and it really hit home that it no longer just somebody else's problem. It was, 'This could be us tomorrow.' That might have really been the trigger."

Ransomware wasn't new; stealing corporate or personal data and holding onto it until a ransom is paid, usually in cryptocurrency like Bitcoin. However, the malware has become increasingly sophisticated, and broke into the headlines last year with WannaCry, which infected hundreds of thousands of vulnerable Windows PCs and attacked such major companies as Nissan Renault, FedEx and Telefonica until a kill switch was found for it. WannaCry also spawned an array of new ransomware that built off its success. (See WannaCry: How the Notorious Worm Changed Ransomware.)

Security firms such as Check Point have noted that incidences of ransomware have waned a bit from 2017 as threat actors are focusing more on stealing PC CPU cycles to mine cryptocurrencies, but warned that doesn’t mean ransomware is no longer a threat, as the cities of Atlanta and Baltimore learned earlier this year.

WannaCry and other ransomware attacks caught the attention of many customers, Mason said. Cisco's Security Advisory Services group is seeing an increase in requests from companies for help in learning how to protect their corporate networks and data and how to respond when an attack occurs.

The top requests are for tabletop exercises, where participants are put into a low-stress environment and walk through scenarios of potential emergencies to learn and discuss such aspects as operational plans, responses, dealing with stakeholders and communications.

And what most customers want to run tabletop exercises in is ransomware, he said. They're less interested in situations like someone stealing their IP. They want to know what to do if someone takes over their systems and takes control of their data. Many companies can use the training, Mason said. Not many have deep expertise in Bitcoin and some haven't backed up their data, but they understand that if ransomware hits, it's not just about having to pay to regain control of the data, but also the lost productivity. (See Bitcoin & Other Cryptocurrency Prices in Flux Following Hack.)

"Literally, customers with tens of thousands of machines down," he said. "You cannot do work, you cannot run your business, you cannot operate."

The shift toward customers becoming more proactive about security has become pronounced over the past couple of years, with Mason estimating that the split in the security services team's work hitting 70% proactive and 30% reactive.

"It used to be more reactive," he said. "You look at a couple of years ago, it used to be fire, fire, fire, fire, but now it's really starting to shift the other way. That's a good thing. The reactive work is not going away, but we're having more and more asks and requests [for proactive help]. It's actually kind of nice to see that over the last couple of years it's been ticking up more. [Being proactive is] planning ahead for your worst day. That day will come eventually. It's going to happen."


Now entering its fifth year, the 2020 Vision Executive Summit is an exclusive meeting of global CSP executives focused on navigating the disruptive forces at work in telecom today. Join us in Lisbon on December 4-6 to meet with fellow experts as we define the future of next-gen communications and how to make it profitable.

Cisco's security services group also has the ability to leverage the work of the Cisco Talos threat team, which looks at issues around the globe.

"While we're focused on maybe one customer or two customers or whatever number it might be, they're off looking at thousands upon thousands of customers and pulling down data and trying to figure out, 'OK, how can we get ahead of this?'" Mason said. "We may be with a client and may see one thing going on, and we take what little information we may have and say, 'Hey, Talos, what are you seeing?' They see a lot more than we would just see. They might say, 'Guys, this is XYZ,' or, 'This is new' or 'This is old stuff,' or, 'Whoa, we need to get ahead of this.' My team tends to see things nobody else sees quite yet."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6017
PUBLISHED: 2020-12-03
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code ...
CVE-2020-6021
PUBLISHED: 2020-12-03
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DL...
CVE-2020-6111
PUBLISHED: 2020-12-03
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and...
CVE-2020-5680
PUBLISHED: 2020-12-03
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.
CVE-2020-5638
PUBLISHED: 2020-12-03
Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Small License V5.5 R1.5 and earlier, and desknet's NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors.