Steve Martino, chief information security officer (CISO) at Cisco, has shared some shrewd insights about the fast-maturing cybercrime networks and how to deal with them as an entity. When asked how Cisco dealt with the worldwide WannaCry ransomware attaack, Martino said his team was well prepared and knew what to do next. Cisco had put in place processes to deal with the attack while battling potential events and active attacks.
Two Key Takeaways by Cisco from WannaCry Attack
With a further realization of events similar to WannaCry taking place, Cisco could be focusing on reducing the speed and time between an available patch and an intruder exploiting the particular vulnerability. Besides this, the WannaCry cyberattack technique is expected by Cisco to not be isolated to a single event. It could be modified and adapted to birth new threats, which has changed the way of performing cybersecurity.
Cisco’s Cybersecurity Agility in Cyberattack Detection and Prevention
Cisco believes in embedding cybersecurity in its business processes through specially-recruited security advocates or champions. Cybersecurity baked (or embedded) into the processes will lessen the need to engage a larger core information security team. Martino expects his cybersecurity team to prevent 95.0% of potential threats and deal effectively with the rest 5.0% with not 5.0% but 50.0% of security budget into active response.
While 160 days is the average industry breach before somebody realizes their environment has been compromised with active adversary, Cisco holds its cybersecurity team to two metrics, i.e. 24 hours to find the threat and 36 hours to contain it.