Cisco Systems - The Security and Trust Organization IT Team
Company: Cisco Systems, Inc. San Jose, CA, USA
Entry Submitted By: W2 Communications
Company Description: Cisco is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. The Cisco Trust and Transparency Center is dedicated to providing customers with the information, resources and answers to their cybersecurity questions that help them manage risk.
Nomination Category: Information Technology Categories
Nomination Sub Category: IT Team of the Year
Nomination Title: The Security and Trust Organization, Cisco
Tell the story about what this nominated team has achieved since 1 January 2016 (up to 650 words). Focus on specific accomplishments, and relate these accomplishments to past performance or industry norms.
Cisco believes that security is everyone’s business. The company holds itself accountable for trustworthy product development, its value chain security, data protection, privacy and transparency to earn the verifiable trust of its customers, partners, shareholders and employees. Defending the company’s 122,000 workers in 170 countries is a significant undertaking and includes protecting its 3 million IP addresses, more than 40,000 routers, approximately 26,000 remote office connections and 75 million web transactions daily.
Throughout 2016, Cisco continued to employ a proactive approach to data privacy and protection, focused on operationalizing security and driving secure innovation.
Beyond utilizing foundational solutions to defend against incidents like DDoS, spam and malware, Cisco’s information security team reduces the company’s risk by consistently reviewing the technologies, tools and processes for capturing and containing attacks. The company also constantly looks to mature its infrastructure to account for new threats and expanded network capabilities. Additionally, Cisco’s Data Protection Program provides an enterprise-wide governance structure and identifies key roles and responsibilities to effectively protect Cisco and its customers’ data.
Employees are also a core component of Cisco’s protection efforts. The Security and Trust Organization drives company-wide security culture and encourages best practices in the day-to-day routines of its entire workforce, including training, websites, articles, digital signage, videos, all-hands meetings and blogs. It uses unique initiatives like its Phish Pond – an exercise to test and educate employees about potentially malicious emails which reduced risky clicks by 30 percent – and its Ninja Cyber Security Program – role-specific security training – to help employees understand the critical role they play in the company’s cybersecurity efforts. To date, more than 35,000 of its approximately 74,000 employees complete the first level of training in the Cyber Ninja Program and receive their “white belt.”
Additionally, the organization proactively shares lessons learned with its customers, partners and peers, with executives frequently presenting at industry conferences or offering security best practices via media discussions. Cisco also publishes its Annual Cybersecurity Report, a comprehensive analysis of evolving threats and trends, and insights from a survey of more than 2,900 security professionals worldwide.
Throughout 2016, the organization implemented new processes and policies to safeguard Cisco’s systems and those of its customers in the future. The company’s IT team now regularly reviews and evaluates new and emerging technologies, such as IoT devices, to determine their potential impact on its network. By proactively identifying the risks associated with emerging technologies, Cisco can create and implement corporate governance policies that securely embrace these solutions.
Through these efforts, Cisco has gained visibility into the threats targeting the company by incorporating incident detection and response. As a result Cisco is catching threats before they can do harm. The company is inspecting 47 terabytes of traffic every day, and is automatically blocking 75,000 potentially dangerous web transactions a day. Additionally, the company detected 86 percent more incidents than the previous year, and lowered the time it took to detect those attacks from 50 hours to about 13 hours.
Furthermore, the company is committed to reviewing and updating its policies and standards every two years. However, it is currently updating them every 12 to 15 months as the business evolves; improving the alignment of its Data Protection Program with industry certification requirements.
In bullet-list form, briefly summarize up to ten (10) accomplishments of the nominated team since the beginning of 2016 (up to 150 words).
-Proactively addresses the shortage of women professionals in cybersecurity with its successful Inclusion and Diversity Community, “Cisco Women in Cybersecurity.
-Cisco Systems won Gold for Best Overall Security Company of the Year for ensuring pervasive security across Cisco’s global enterprise in 2016
-Security and Trust Engineering was selected as the Gold winner for the Security/Information Technology Department of the Year in 2016
-Cisco’s Pervasive Data Protection and Awareness Program won Silver for the Security/Information Technology Project of the Year in 2016
-Cisco’s Security Trust and Organization secures the Cisco business by ensuring the security of the company’s digital business, operations, data and solutions worldwide
-Cisco’s management team is committed to maintaining a secure organization today and in the future, pursuing research and development that supports continued security innovation
-From an employee awareness perspective, Cisco is fostering a company-wide “security is my job” culture.