In the digital era, every company is considered a technology company. Whether you provide electricity, banking or public transportation, you are increasingly dependent upon the internet and network connectively. If all companies are technology companies, that means all companies need to prioritize cybersecurity as a strategic imperative to ensure they are connected, digitized and successful.
Every organization should focus on two cybersecurity fundamentals: Understand what’s going on, and know the simple actions you can take to facilitate better cybersecurity in your environment. We can leverage the network to enable both of these fundamentals. To do so requires good network hygiene.
At Cisco, we’ve been working to draw attention to the hidden security risks organizations face by not properly maintaining their aging infrastructures and patching vulnerable systems. The trends lead us to believe we should expect to see more of this activity in the future – with widespread attacks that target not only traditional servers and endpoints, but also the network itself. This future activity will bring with it significant consequences affecting not just enterprises but entire industries.
An organization can no longer make the assumption that its network infrastructure is secure. Factors such as TA16-250A, WannaCry, the Presidential Executive Order, the Modernizing Government Technology Act of 2017 and the recent Equifax breach make it clear that attacks are escalating and business leaders must be proactive and demonstrate security diligence. Infrastructure of the past was not built to withstand the threats of today’s landscape. It is crucial that every organization – regardless of industry – verifies the security and cyber resilience of their network infrastructure that drives their business and, collectively, our global economy and national security.
Although it’s expensive to incorporate updates, the costs of ignoring aging infrastructure can be potentially devastating – in the form of lost data, revenue and customers, destruction of service and, ultimately, consumer trust. It is crucial to update and regularly patch all hardware and software within a network to enable proper and safe connectivity, communication, operations and overall management. Waiting to take action and hoping that you will not be breached is no longer an option in today’s world.
Systems that were designed, built and deployed in decades past didn’t anticipate the hostile security environment of today. Until now, very few have thought about securing infrastructure because they didn’t think adversaries would target these systems and devices, or they had “higher priorities” to fix. This must change.
Outdated components and software provide an opportunity for attackers to breach networks ‒ increasing risks for unpatched machines and some legacy operating systems at end of support. Be sure to choose trustworthy vendors and technologies that allow the network administrator to verify devices are genuine, unmodified and operating as intended.
Keeping your network up to date provides a place for visibility, policy and control for the things that are coming online. Visibility helps us understand day-to-day behavior. It’s crucial to leverage the network to segment assets and functions in order to reduce exposure and create observations and control points. This helps execute on the second fundamental I mentioned above – know the simple actions to take to facilitate better cybersecurity in your environment. When things are out of the ordinary, the network can enforce security policies that allow the right users and devices to get the right access and contain the impact of a potential attack.
Every organization must assess the overall strength and cyber resilience of their deployed infrastructure and systems. This process likely will be eye-opening, but it’s a necessary reality check. Organizations that proactively improve their security posture will be better positioned to meet today’s threats and prepare for tomorrow’s challenges and opportunities.
About the Author
As senior director and trust strategy officer at Cisco, Anthony Grieco leads the Trust Strategy Office and is responsible for ensuring Cisco and its customers embed security, trust, data protection and privacy in to future strategies, products and business models.
Under his leadership, Cisco’s Trust Strategy Office builds strong cyber security partnerships with customers, governments, and partners globally to enable business growth and transformation by accelerating the use of trusted technology, development and implementation of secure processes, policies and culture.
Anthony’s organization is also responsible for Cisco’s security and trust efforts related to the Internet of Things (IoT). Risk governance, next-generation architectures and working with the larger IoT ecosystem are all efforts focused on ensuring security, trust, data protection and privacy – and core to the future success of IoT.
Over his 18 years at Cisco, Anthony has held a variety of leadership roles in development engineering, product management, marketing and strategic planning. He is on the board of the National Cyber Security Alliance and a trusted security advisor to industry and Cisco customers around the globe. Anthony also advises multiple startups and serves as a member of the Wake Forest Technical Advisory Board.
Mr. Grieco holds a Master of Science in electrical engineering from North Carolina State University and a Bachelor of Science in electrical engineering from the University of Alabama, Birmingham.