For enterprise IT managers, key pain points are insider threats, Web 2.0, compliance,
and application security. Cisco’s bi-annual threat report, released today, delivers
common sense recommendations to solve these problems, which are intimately related to one
The most difficult to defend against might seem to be insider threats. The issue has
certainly been in the news, with an
energy company and the U.S. State Department being recent high profile victims.
“There are three reasons why this problem is getting worse,” Patrick Peterson, Cisco
fellow and chief security officer, told InternetNews.com. “The first is the
economy. Many employees are acting out of desperation. The second is that the
employer-employee relationship has changed, and people are now more willing to screw
their employer and not think twice. The third is globalization and outsourcing.”
In response to this threat, Peterson said that enterprises have robust identification
and auditing. But it’s possible to get it wrong. Peterson noted that the city of Bozeman,
Montana recently asked
job applicants for all of their passwords. “They were concerned with a real threat but
the policy they implemented was probably illegal and certainly unnecessary,” he said.
Peterson said that businesses have to identify risks and apply policies to specific
job functions and lines of business. “The business cannot have a one-size-fits-all
policy,” he said. “We have previously emphasized the need to know your risk (less so in
“It’s surprising how many businesses don’t focus on knowing their risk, and don’t have
a strategy to minimize it,” he said, and admitted that the fact that security policies
are often driven by compliance rather than by risk management is a huge factor.
Peterson explained that means that they have to solve issues as they crop up. Nobody
should be working now on an issue that was identified two years ago, but in the real
world, many are.
“CSOs need to show leadership and take a look at real world risk issues,” he said. He
noted that often in a specific vertical, such as financial services, companies will fix a
problem when one of their competitors makes headlines because of it. Peterson said that
when that happens, they should also try to figure out why they had not identified the
problem before they read about it in the news.
Read the rest at InternetNews.com.