ChannelLife New Zealand logo
Industry insider news for New Zealand's technology resellers
Story image

Cisco NZ: Security 'god-box' does not exist, but there are solutions

By Heather Wright
Wed 20 Jan 2016
FYI, this story is more than a year old

Companies of all sizes – and resellers – need to stop looking for a ‘god-box’ that will solve all their security problems and focus instead on tackling security from people, process and technology angles.

That’s the word from John-Paul Sikking, Cisco New Zealand security specialist, who says organisations need to focus on managing risk, discovering their vulnerabilities, understanding their threats and then doing something about it, calling in the experts as required.

Sikking was speaking in the wake of today’s release of Cisco’s 2016 Annual Security Report, which shows a decline in organisations’ confidence in their security postures, and an increased impact from industrialised attackers.

Sikking says the key takeouts for Kiwi businesses include an increasing security creep, with unpatched operating systems, software and hardware.

“Aging infrastructure is a serious threat,” Sikking says. “Cisco searched the internet for Cisco devices and found that 92% had known security vulnerabilities that all had available patches.

“Just like patching the operating systems and applications, hardware must be maintained.”

Other findings Sikking says will impact New Zealand business are the prevalence of malware and phishing, which are top concerns faced by organisations, and that ransomware optimises the path to monetisation – and everyone a target.

“Rasomware continues to be the get rich quick scheme, where only a 2.9% success in getting ransoms paid still earns the perpetrators $34 million a year, per campaign,” Sikking says.

Sikking says 2015 showed higher motivation to address security threats, but less confidence in current systems, including tools and processes, to handle a breach.

Only 45% of the businesses surveyed were confident in their ability to determine the scope of a network compromise and remediate damage. But, 92% of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cybersecurity risk.

“This points to security as a growing boardroom concern,” Sikking says.

He says while there hasn’t been an explosion in attacks or destruction of our online worlds, the volume of attacks, and sophistication of them, is increasing.

“Where there have been some great takedowns of the bad guys, however, like the mythical Hydra, it is only a matter of weeks or months before a new head arises to fill the gap,” he says.

Sikking says that means businesses need to stick to the basics: “Understand your business, its core assets and risks; ensure you have the right people, process and technology to help protect your business; find your vulnerabilities and understand the threats – before someone else does.

“Manage the creep – rules, policy, processes, systems, hardware, software; and reduce your risk,” he says.

Sikking also highlights ‘the DNS blind spot’, with 91.3% of ‘known bad’ malware using DNS to call home.

“This is frequently a security blind spot, as security teams and DNS experts typically work in different IT groups within a company and don’t interact frequently.”

The report also highlights shifting server activity, as cybercriminals shift to compromised servers, such as those for WordPress, to support attacks, leveraging social media platforms for nefarious purposes. The number of WordPress domains used by criminals grew 221% between February and October 2015.

“If you have a WordPress site, you might want to patch it,” Sikking says. “Attackers are using WordPress as an easy command-and-control proxy for Ransomware.”

Also highlighted is the rise of outsourcing, as businesses of all sizes realise the value of oursourcing services to balance their security portfolios in the wake of talent shortages.

“This includes consulting, security auditing and incident response,” Cisco says.

“SMBs, which often lack resources for an effective security posture, are improving their security approach in part by outsourcing.”

SMBs are not immune

The report also highlights that SMBs remain under-funded and under-secured, while remaining a target.

The report shows as more enterprises look closely at their supply chain and small business partnerships they are finding the SMBs use fewer threat defence tools and processes.

Cisco says as an example, from 2014 to 2015, the number of SMBs using web security dropped more than 10%.

“This indicates potential risk to enterprises due to structural weaknesses,” Cisco says.

Adds Sikking: “Security defences in SMB continues to weaken.

“The hed in the sand defence remains high, with SMB not perceiving themselves to be targets, however any IP address connected to the internet remains a target.”

Resellers as business advisors

Sikking says 2016 should see the continued evolution of security partners to business advisors, with channel partners increasingly getting to understand their customers’ business and advising on strategies and technologies that will help them manage their business.

“I hope to see our partners change their understanding of the threat landscape, where they can team this knowledge with the customers’ vulnerabilities and deliver a robust service to discover, block and remediate attacks.”

Related stories
Top stories
Story image
WatchGuard Technologies
Ransomware volume doubled 2021 total by end of Q1 2022
Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to a new report. 
Story image
FIDO Alliance releases guidelines for optimising UX with FIDO Security Keys
The new guidelines aim to accelerate multi-factor authentication deployment and adoption with FIDO security keys.
Story image
Great Resignation
New SAP study uncovers impact of 'the great resignation'
Coined in 2021, the phrase 'the great resignation' refers to millions of employees globally leaving their jobs. The phenomenon is real and impacting SMEs.
Story image
Secureworks reveals new information on BRONZE STARLIGHT threat group
New research from Secureworks has uncovered new information on the Chinese threat group BRONZE STARLIGHT and how they are using targeted ransomware to initiate complicated attacks.
Story image
Ingram Micro launches vendor-backed security program
Ingram Micro has unveiled a new program intended to give resellers the effective offerings their customers need to stay safe in the evolving threat landscape.
Story image
Forrester names Talend Leader in enterprise data fabric
Forrester has named Talend a leader among enterprise data fabric providers in the Forrester Wave: Enterprise Data Fabric, Q2 2022 report.
Story image
Data crucial to capture shoppers' wallets post-COVID
First-party data strategies key to driving personalisation, customer satisfaction, and long-lasting relationships according to a new report.
Story image
NOWPayments launches new service to analyse cryptocurrency fees
NOWPayments has launched a new network fee optimisation solution that analyses current network fees and picks the most profitable option out of the client's payout wallets.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Vulnerable APIs costing businesses billions every year
Large companies are particularly vulnerable to the security risks associated with exposed or unprotected APIs as they accelerate digital transformation.  
Story image
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.
Story image
Honeywell launches new carbon energy management software for buildings
The new Carbon & Energy Management service allows building owners to track and optimise energy performance against carbon reduction goals, down to a device or asset level.
Story image
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
TO THE NEW unveils A/NZ Managed Services for Microsoft Azure
TO THE NEW has released Managed Services for Microsoft Azure to meet the growing demand in the A/NZ market and globally.
Story image
Online identity theft is rising in NZ - here’s what to do about it
It may start with a few stolen details online, but it could end with thousands of dollars missing or worse, a reputation down the drain.
Story image
Oracle Cloud
Commvault, Oracle to deliver Metallic Data Management as a Service
"We are excited to partner with Commvault and enable our customers to restore and recover their most mission-critical cloud data."
Story image
Commerce Commission
ComCom puts electronics sector on notice over resale price maintenance
The Commerce Commission has concluded an investigation into allegations that television manufacturers were engaging in illegal resale price maintenance.
Story image
Datacom announces revenue of $1.45 billion, fall in profit
Growing market pressures and border closures saw Datacom place increased focus on talent development initiatives for both existing and future employees.
Story image
Tech job moves
Tech job moves - ActiveCampaign, Arcserve, LogRhythm & Qlik
We round up all job appointments from June 17-22, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Artificial Intelligence
Abnormal Security finds financial supply chain under threat
New research by Abnormal Security has found a rising trend in financial supply chain compromise as threat actors increasingly impersonate vendors.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
Blasé attitudes to cybersecurity by business a national risk
The largely unregulated state of cybersecurity in NZ, and consequential ambivalence of most businesses, risk hurting the country's trading prospects.
Story image
Hands-on review: 16GB PNY XLR8 Gaming EPIC-X 3600MHz DDR4
PNY sent over its 16GB XLR8 Gaming EPIC-X 3600MHz CL16 DDR4 module kit for testing. The kit contains two 8GB dual-channel modules with RGB lighting.
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
How to achieve your monthly recurring revenue goals
Monthly recurring revenue (MRR) is the ultimate goal, the most important issue on which anyone in the IT channel should focus.
Story image
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Consumers want personalisation, but don't trust brands with their data
Customers expect personalisation during every brand interaction but they don't trust brands to keep their personal data secure and to use it responsibly. 
Story image
Enable launches free Wi-Fi in Christchurch city centre
Fibre broadband provider, Enable, and the Christchurch City Council have launched their new Christchurch Free Wi-Fi service in the central city. 
Story image
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
Story image
Microsoft names A/NZ Partner of the Year award winners
The awards recognise partners across the globe for their innovative use of Microsoft technologies to help customers succeed.
Story image
Web Development
Whitecliffe fosters careers for the future of tech
Do you want a career in Information Technology, Networking, Web Development, Software Development, or are you looking to upskill?
Story image
Airwallex launches global payment services in New Zealand
The launch will enable businesses in New Zealand to tap into Airwallex's global payments services, offering an alternative to traditional banks.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
HP Inc
Firmware attacks significant threat in age of hybrid work
Changing workforce dynamics are creating new challenges for IT teams around firmware security, according to new research.
Story image
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
Microsoft expands APAC Enabler Mentorship Program
"Mentors are the key to success for every professional. A good mentor is a coach, a guide, as well as a vocal advocate."
Story image
SMX partnership with Microsoft leads to NTT recognition
SMX has captured the attention of NTT after receiving positive reviews from businesses across Australasia and beyond for its email security.
Story image
MYOB improves data visibility and user access with Snowflake
"Solutions such as Snowflake allow us to better understand our customers and make evidence-based decisions on what features work best for them."