Cisco : Tackling the Threat Landscape with Innovative Partnerships

Cisco Blog >Security

As countries digitize to expand economic growth, promote a secure environment for investment, job creation and global competitiveness, cyber attackers are also seeing the monetary and political opportunity to exploit digital expansion and its data to their advantage. The dynamic threat landscape is not a challenge to be solved by one organization, one product, or even one solution. This is why collaboration between the public and private sector is more critical than ever in the digital era.

An effective cybersecurity partnership is one that goes beyond traditional intelligence sharing agreements and brings a deeper engagement across areas like sharing lessons learned and best practices, collaboration on architecting, building and deploying secure solutions, and bolstering education and training to help protect businesses and citizens alike. According to industry analysts there will be a global shortage of 2 million cybersecurity professionals by 2019. Private and public entities need to co-invest in research and education that will help educate, train, and build the skills needed globally to fill this vast talent shortage.

The urgency created by the disruption of digitization, is matched by that of the threat landscape, talent shortage, and the complexity that exists across public and private environments. It requires a multi-faceted approach with new ways to work together.

It takes a combination of people, process, technology, and policy in order to form an effective strategy to mitigate risk and ensure resiliency.

People

From government officials, to businesses and citizens, it is important to take a broad stroke to training programs. For example, Cisco works with organizations around the world to set up cyber ranges to support local government and public sector customers to build the skills and experience necessary for their IT staff to combat modern and evolving cyber threats. It provides a synthetic war-gaming environment that allows staff to play the role of both attacker and defender in order to learn and defend against the latest methods of exploitations. To supplement that, we're working to educate cyber professionals globally through the Cisco Network Academy program and through investments in research and education. We also participate in events and activities that reach a wide range of audiences, such as National Cyber Security Awareness Month.

Process

Cyber resilience increases our collective ability to manage risk, identify new potential risks, and our ability to react quickly to take appropriate actions. It's about more than having a plan when something goes wrong. Every organization needs that.

What we can learn collectively is how to improve our ability to make data-driven decisions quickly in times of crisis and incidents. At Cisco, we've signed multiple agreements with world governments to establish a threat intelligence sharing framework wherein personnel from both Cisco and the government will work cooperatively together to address cyber security threats and incidents. Through the process we will help identify and shape emerging security market trends, share best practices, and learn new approaches to enhance cyber security.

Technology

Building security and privacy controls into solutions is the baseline for achieving cyber resilience, aiding in the creation of secure critical infrastructure and enabling a trusted digital nation. With trends like IoT and digitization taking hold in every organization, technology must be built, bought, and operated with security, trust, privacy and data protection in mind.

Our approach at Cisco is to strive to build capabilities that:

• are built for tomorrow's threats
• can showcase evidence of trust
• and are designed with security and privacy innovations from the start

By taking this methodology, we've found that both the public and private sectors are able to adopt new technology faster, due to the high standard and transparency of the solutions. Companies and countries alike will continue to be enabled by technology, and that means we'll need to continue to embed security and privacy in everything.

Policy

Similar to building the latest innovations into solutions to keep up with threats, we need to make sure regulations keep up so we strike the right balance between security and privacy while also enabling innovative new technologies to grow. High-profile breaches at well-known and respected government institutions and companies are becoming almost commonplace.

Beyond the theft of customer information, cybercriminals are creating legal issues, inciting fraud, and making off with intellectual property. These types of attacks are highly damaging to both business and society. Hence the need to bring security, privacy, and data protection into the boardroom and government leadership as an ongoing agenda item and open dialogue to discuss industry standards and regulations that protect everyone.

How do you think the public and private sector can work better together? Join the conversation. I'll be covering this topic at the NATO NIAS conference this week.