October is National Cybersecurity Awareness Month and as part of EDGE360’s commitment to bringing relevant and timely content to our readers, we reached out to several members of the TD SYNNEX Cybersecurity team to better understand the threats and cybersecurity challenges out there and what Cisco Partners and VARs can do to overcome them.
While many threats remain the same year over year; ransomware, phishing, and DDoS to name a few, this year’s NCSAM comes during a period of global upheaval following Russia’s invasion of Ukraine. Against the backdrop of these geopolitics, the threat from state actors against critical infrastructure has changed the calculus across the board.
To better understand how the threat landscape is evolving, EDGE360 Online sat down to speak with Greg Cooney, Systems Architect at Cisco Solutions.
EDGE360 Editors: To start, what is the current state of cybersecurity across the channel? Are we safer today than we were last year? Less safe?
Greg Cooney: Well, that is a bit of a tricky question to answer. While our technology and solutions have increased in efficacy, we are seeing an increasing demand for security solutions in most industries. This seems to indicate that there is a feeling of unease, despite the better solutions available. Overall, we are safer from known threats, but unknown threats pose a significant risk.
Additionally, many of those unknown risks are tied to a growing threat landscape. This is in large part tied to the post-pandemic transformation companies are undergoing as they adjust to a new style of work, specifically hybrid work. It’s been very well established that as companies expand their hybrid work options, malicious actors can utilize the expanding IoT to gain purchase into a system.
So, are we safer or less safe? Well, look I am always an optimist, and I will say that we are safer than last year. There are many things on the horizon that I think will pose unique challenges but that is what we do, we overcome them. We continue to innovate our security portfolio and develop great solutions for SASE and Zero Trust initiatives. However, we must remain vigilant, for as much as we innovate, there are threat actors out there trying to do the same thing.
EDGE 360 Editors: You mentioned Zero Trust and SASE, so let’s dive into those. What have these major initiatives from the government, or the private sector, done in the last year? Have they been gaining traction?
Cooney: Absolutely. Zero trust has been gaining attention and for good reason. As the industry has said repeatedly, zero trust is a methodology, not a solution. Its core components, when properly instilled into an agency or organization, can make a difference, and provide some excellent resistance against many modern cyber threats.
Never assume trust, always verify, and enforce the least privilege, with those three tenets organizations that have embraced zero trust are significantly more secure and the channel knows it. That’s why it’s been so successful, it works. Now the model is not a one-size-fits-all, but it can be applied to secure workforces, workloads, and workplaces, so love it or hate it, it’s here to stay.
EDGE360 Editors: What threats or cybersecurity challenges do you see on the horizon?
Cooney: I see three specific cybersecurity challenges that I think every company and organization will face.
The first one is that companies are not closed loops anymore. The old model of a “castle and moat” IT system just doesn’t cut it when hybrid work means that every employee is connecting to a system from outside the workspace. It’s better to view the modern organization as an ecosystem. What I mean by that is they have partners or customers, and they have suppliers who all need to connect to the network daily. So, the challenge is to make sure that all of those individual devices are as secure as the ones under the control of the IT department.
Second, are insiders. Nothing personal, but you; the reader, the interviewer I’m speaking to, and the people reviewing this before publication, are all the biggest threat to an organization. To be clear, it’s not your fault, it’s not malicious, but there are entire organizations of malicious threat actors out there trying to get you to drop the guard for a second. The best way to mitigate this is to educate employees about what these attempts look like so they can correctly avoid them and report them.
And finally, the third major challenge comes from the hybrid work transformation. So this is a well-documented and well-understood challenge, but it bears repeating. We are working from everywhere and as such, we need access to data and networks from anywhere. That is, in and of itself, a challenge, but on top of that, we also need to make sure it is secure. Creating networks that can provide secure access, will be something the channel will have to continue working on.
EDGE360 Editors: So looking at the state of the industry, looking at these cybersecurity challenges, what would be your top piece of advice for organizations this NSCAM?
Cooney: I would say look at Zero Trust but look at it from a multi-architecture approach, which is something that we are encouraging more organizations to investigate. Multiple areas need to be addressed going forward, those being user and device security, network/cloud security, and application and data security. All three of those can be effectively managed by utilizing a multi-domain architecture coupled with a zero trust strategy.
If an organization wants to learn more about how Cisco would implement this, or how they can leverage it to bolster their cybersecurity offerings for the channel, they should check out Cisco Talos.
Cisco Talos is Cisco’s threat intelligence organization and they can provide information about the latest threats and cybersecurity challenges and how to face them. It’s a great way to stay up to date on what is out there, and how to overcome it.