There’s a saying among IT security professionals that goes something like this, “There are two kinds of organizations: those who have been breached and those who don’t know they’ve been breached.” Consider the following stats from breachlevelindex.com:
- More than 14.7 billion data records have been lost or stolen since 2013.
- Every day, more than 6 million records are lost or stolen.
- Among the billions of compromised records, only 4% were encrypted, which would have rendered the stolen data useless to the perpetrator.
In May 2018, the European Union (EU) General Data Protection Regulation (GDPR) went into effect, giving EU companies and non-EU companies with clients in the EU another reason to take data protection more seriously. GDPR urges businesses to implement incident response programs to detect and address theft and leakage of personal information. Organizations have 72 hours to report breaches. Given that research from Ponemon
found that the average time it takes to detect a data breach is 6 months, most companies have to make significant changes to become compliant.
5 ways Cisco can help
The first step in addressing this problem is to talk to your customers about their incident response plans. In the event of a breach who should be alerted, and how should they be notified? Also, what kind of backup and disaster recovery (BDR) solution and system are they using? When was the last time a backup was restored? For partners needing additional assistance helping customers prepare for, manage and recover from network attacks, Cisco offers incident response services
, backed by the Talos threat intelligence team. Services include assessments, threat hunting, purple teaming and tabletop exercises.
Once the incident response plan is in place, give your customers secure access to the internet wherever their users go—even off the VPN—with Cisco Umbrella
. Because of the way Umbrella works at the DNS layer and thanks to Umbrella’s selective proxy, it doesn’t break the traffic from the start, unlike many other vendors that require implementing additional mechanisms to prevent this. Plus, it’s directly peered with Microsoft Office 365 in more than 90% of the locations in Cisco’s global network, enabling better DNS resolution performance.
Many endpoint solutions claim to block 99% of threats, but what about the 1% they miss? Cisco Advanced Malware Protection (AMP) for Endpoints
prevents threats at point of entry, then continuously tracks every file it lets onto an endpoint. And AMP can uncover even the most advanced threats, such as fileless malware and ransomware, in hours, not days or months.
Security technologies aren’t the only key components in the data protection equation; users must adopt good security practices (e.g., not clicking suspicious emails, changing their passwords regularly). Ongoing testing is a must to ensure best practices are maintained. Proactive threat hunting
services from Cisco Security Advisory Services are available to Cisco partners to assist their teams in determining the nature of a threat (e.g., broad, limited or targeted) and to help partners deploy the appropriate tools and methodologies. After a testing session, partners will receive a report that includes an incident summary, recap, findings and recommendations.
As mentioned earlier, despite the best systems and intentions, a breach can still occur. If you or a partner do experience one, contact the Cisco Technical Assistance Center (TAC)
for help. Cisco responds quickly to attacks in progress and works with your staff to develop an incident response plan that minimizes the effect of current and future attacks.