Feature Story

The first imperative: The best digital offense starts with the best security defense

by Ruba Borno


Security is the underlying foundation of any company's digitization journey.

We have been talking about digitization for a while now, and the fact that it's disrupting every industry. But, the conversation has shifted. Companies no longer debate whether or not they should digitize – they know they must in order to compete. They know that technology is core to their strategy no matter the industry. 

In my previous blog, I proposed a new Hierarchy for Digital Business based on the underlying framework of Maslow's Hierarchy. For companies evolving their digital business strategies, I believe there are six imperatives that must be addressed to keep pace with the new highly connected, massively distributed, digital business landscape.

For most companies, one of the first things standing in the way of their digitization journey is the question of security. Cisco reports:

  • 71 percent of executives have concerns over cybersecurity impeding innovation in their organizations,
  • Nearly 40 percent have halted mission-critical initiatives due to cybersecurity issues, and,
  • 69 percent are reluctant to innovate in areas such as digital products and services because of the perceived cybersecurity risks.

Companies who implement security well know that differentiating their business through secure technology becomes a business advantage and the foundation for continued innovation. That's why the first digital imperative is that the best digital offense starts with the best security defense.

Cyber threats skyrocket as more devices come online and threat actors get smarter

The internet was built on the idea of openness – getting more things on rather than keeping them off. Today, devices and people are coming online at an unprecedented scale. By 2021, more than 1M IoT devices will come online every hour of every day. As a result, points of threat entry are constantly changing and expanding every time a new "thing" comes onto the network.

As the attack surface increases and the stakes grow, the number of threat actors is increasing as well, and their level of sophistication is evolving quickly.

Late last year, Dyn, a major authoritative DNS provider, was hit with a distributed denial of service (DDOS) attack, taking down much of America's internet. More than 100,000 unsecured, connected endpoints – IoT devices like digital cameras, printers, DVRs, and even baby monitors – were maliciously recruited to be part of a Mirai botnet for a highly-distributed attack involving 10s of millions of IP addresses.

One of the most troubling things about the Dyn attack was the nature of the perpetrators. While Anonymous and New World Hackers claimed responsibility, a report was published that showed the use of a script found on hack forums. Ultimately it was determined that the attackers were likely amateurs – meaning we now live in a world where anyone can take down huge swaths of the internet by accessing unsecure IoT devices using publically available scripts.

Ransomware attacks cost millions and come from multiple entry points

Another attack also shows how connected devices offer a new threat vector for exploits. In this case, a transportation agency's ability to collect revenue was disrupted during a major holiday weekend – with one email. It was a multi-pronged ransomware attack that impacted servers, workstations and ticketing machines. All of the ticketing machines across the city were out of order, resulting in approximately $2 million in revenue lost per day.

Ransomware attacks like this one have created a billion-dollar market for attackers, growing 1000% over the past 2 years.

On May 12, 2017, a major ransomware attack affected organizations around the world, including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack was a ransomware variant known as "WannaCry." According to Cisco's Security Research arm, Talos (hackers for good), WannaCry infiltrates and spreads like a worm, compromising hosts, encrypting files and holding them for ransom. WannaCry is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet. Talos has observed WannaCry samples making use of backdoors to access and execute code on previously compromised systems. This threat is still under investigation and the full impact of the attack is not yet known.

Cyber-security attackers skillfully use targeted content

Some hackers' sole purpose is to create phishing emails with malicious content made to look valid so the recipient takes action:

These types of attacks can happen to any organization at any time. Security breaches could mean loss of money, loss of customers, and negative impact on brand – the WannaCry attack, even resulted in patients being turned away from hospitals. It's no surprise that organizations are heavily investing in security. According to the Cisco 2017 Annual Cybersecurity Report (ACR), companies have up to 50 vendors to help them feel more secure. What they are discovering, is that the adoption of a large vendor buffet of products not designed to talk to each other or work together results in a more complex security landscape.

An integrated security architecture can reduce complexity and increase security effectiveness

Companies need an architecture that is able to keep threats out, and for the most advanced threats that can sometimes evade defenses, minimize time to detection and remediation. And they need to move away from point solutions – the vendor buffet of products not designed to fit or work together – to an integrated approach that works seamlessly across their entire organization, and across their network, endpoints and cloud.

The first part of that involves the ability to recognize threats as they arise. At Cisco, we block a massive 20 billion threats a day – that's over 7 trillion per year. (For scale, Google has approximately 3.5 billion searches per day, about one-sixth the volume.) Talos hunts and monitors for threats around the clock. They collaborate with hundreds of intelligence-sharing organizations and share hundreds of zero-day vulnerability reports with other enterprise technology companies. They review, prioritize, categorize and triage intel from their massive threat intelligence resources back to our products.

The product teams take that threat intelligence and use it to fuel automation and machine learning across an integrated security architecture where all products work together to secure the environment, employees, endpoints and IP, wherever they are wherever they are – including encrypted traffic. Cisco Advanced Malware Protection (AMP) extends across the architecture to protect each layer from attack, creating interoperability that becomes a force multiplier for security.

For the 41% of attacks that use encrypted traffic, Cisco recently announced a break through innovation, Encrypted Traffic Analytics, that identifies malware in encrypted traffic while also maintaining privacy. Cisco does this without the use of decryption or deep packet inspection.

Cisco detects advanced threats (the ones that actually get in) faster than anyone else. The Cisco 2017 ACR also tracks time to detection (TDD) – the time between a compromise and when it is detected as a threat. Cisco is currently at about six hours – stunningly fast compared to the industry average of 100 days or more.  In addition, according to third-party testing, Cisco AMP for Endpoints has best in class time to detection. In less than 3 minutes, Cisco can detect more than 92% percent of breaches – and detects 100% of threats overall.

That's the strength of integrating all these layers into a single architecture – a threat is detected once and the system protects everywhere. So, instead of buying a new security point product for every new challenge, which leads to untenable security complexity, we propose an architectural approach. This gives companies security designed to work together for simpler, more automated security responses. Cisco is committed to this approach, and to building security in everything we launch, from network and data center infrastructure, to collaboration solutions, to our SaaS offers.

Security excellence can be your competitive advantage

Organizations that turn security excellence into competitive advantage can innovate faster and more fully pursue the sort of digital transformation that allows them to proactively respond to rapidly changing markets. Cisco estimates that cybersecurity has the potential to fuel an estimated $5.3 trillion in private sector value at stake over the next decade.

Stay tuned

It's not just the approach to security that has to change, the unprecedented scale and complexity of the digital landscape also requires you change the way you manage your infrastructure. Next, I dig into Imperative number two: Automation, and why it's time to let the machines run the machines."