Security

RSAC 2022: Cisco Calls for Integrated Security Strategies to Combat Cybercrime

Threat actors continue to hone their attacks on the digital world, which may require companies to rethink their approach to security on a foundational level.

Joe Kuehne

Joe Kuehne is an Associate Editorial Director at BizTech magazine.

IT leaders have traditionally approached cybersecurity in a siloed manner. Digital innovation has frequently been realized separately from the security considerations new advancements require. But with the increasing sophistication of cyberattacks, security shouldn’t be an afterthought.

As part of the opening keynote of this year’s RSA Conference, Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, called for cybersecurity leaders to rethink their security strategies by adding an element of interconnectedness — both internally and in their relationships with customers, vendors, partners and even competitors.

As attackers continue exploiting new vulnerabilities, Patel said, “What we need to do is make sure that we take a much more risk-based approach to vulnerability management.” He said security teams must learn to address breaches based not on when they happen but on the amount of risk they pose. That risk should be assessed from the perspective of all types of business relationships, since they’re all affected when something goes wrong.

Click the banner below to receive exclusive industry content when you register as an Insider.

Security Strategy Should Consider Your Entire Business Ecosystem

“We, as businesses, are competing as holistic ecosystems, not as individual organizations by ourselves,” Patel said. “What that means is that you, yourself, might be materially impacted in the way that your production line works, the way that your supply chain works and the way in which your demand cycle works based on what happens to the other members in the ecosystem.”

Patel said the interconnectedness of business relationships now demands closer attention to access and identity management. “You don’t just have employees anymore. You have employees and contractors, but you have suppliers, customers and partners. And the amount of people that can impact your security posture is getting larger and larger.”

Each of these business relationships involves interaction with human beings, of course, and Patel noted that humans are easy targets for cybercriminals. “Attacks are becoming much more bespoke and personalized,” he said. “So, when you start thinking about these pieces, the way that we’re actually going out and attacking these problems is through zero trust.”

Still, according to Patel, even zero-trust policies need to evolve. It’s no longer enough to verify a user’s identity and access at the time of login; user behavior must be assessed regularly to continuously determine the level of access. “And if you’re doing something that's anomalous in nature, even though you might have logged in, even though you’d have access, I'm going to make sure I can understand.”

Hybrid Work Continues to Introduce New Vulnerabilities

Business leaders acknowledge that remote and hybrid work are here to stay. Unfortunately, remote access will continue to make organizations less secure, according to Patel.

”When you actually see this mixed mode of working, what’s going to happen is you’re going to be accessing data and systems from any device, whether it be managed or unmanaged. You’re going to be accessing applications that are either sanctioned or not sanctioned, and you’re going to be accessing them from networks that are either secured or unsecured.”

This sudden increase in access necessitates a new security philosophy to minimize the risk to an organization’s intellectual property. Patel said organizations should be seeking fewer endpoint solutions and instead be looking to integrated architectures. “When I talk about integrated architectures, I'm talking about networking and security coming together, rather than being specifically separate islands by themselves. To simplify management, we need to make sure that management is simplified not just for the TechOps person but also the NetOps person, and ideally do it in a way that’s fluid.”

Most important, he said, it’s critical to minimize friction for the end user. “When the friction goes down, your efficacy automatically goes up,” Patel said.

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.

Photography by Joe Kuehne