adv

How Cisco combats fast-maturing cybercrime networks

Steve Martino, Vice president and CISO at Cisco SystemsAs Steve Martino approaches his 10-year anniversary as vice president and chief information security officer (CISO) at Cisco Systems, his job has morphed from treating security as simply a must-have to it becoming a strategic imperative for the company.

His mettle has been tested in recent months – most recently when the WannaCry ransomware attack threatened organizations across the globe, including Cisco. Martino sat down with CSO Online to discuss how Cisco is preparing for the ongoing battle with fast-growing cybercrime networks.

CSO: How was Cisco affected by the WannaCry attack?

It was an event, but the teams knew what to do. We had processes to deal with it -- to escalate and communicate. In the end, it was a lot of work to double-check and make sure everything was fine. We certainly had to do some scrambling and deal with active attacks and potential events, but we were prepared.

CSO: Now that the dust has settled from the WannaCry attack, what have you learned about Cisco’s cyber defenses?

One thing that we took away from this event was the further realization that these kinds of events will happen more often with less time between a patch available and someone taking advantage of the particular vulnerability, so we’re looking at that speed and timing and saying how can we shrink it to even less [time].

The other takeaway is that this [cyberattack] technique is not going to be isolated to this one event. We will see others adapting and modifying the technique to bring new threats. That’s really part of what I think has changed in doing cybersecurity. Five to 10 years ago, we had people wanting to make a statement and disrupting services. We had hobbyist doing things to see what they could do, and we had nation state actors. Today, while they still exist, I think most organizations can defend from the hobbyist and many of the people wanting to make a statement. It’s very hard to protect yourself from a nation state as an individual company.

The cybercrime network has matured and developed very quickly. Much like normal companies that are figuring out how to deliver their services at scale using web technologies, the cybercriminals around the world are doing the same thing, and they’ve built a supply chain that’s very effective. It starts with individuals who might be in a struggling country, but they have internet connectivity.

They don’t have a way of making a living, so they can now do social engineering. They might use a simple tool to look across areas of the internet that are exposed to find unpatched hardware and or systems that are running a particular version of software, and bundle those up and sell them to somebody else. They’re trying to make $50 or $100 a day, but it gives the cybercrime networks thousands of people that are out doing activities that they can leverage in a bigger supply chain.



Comments