Recently, during my session at Vancouver International Security and Privacy Summit, I focused on building a resilient defensible architecture while elevating our defensive capabilities. One question that came up was, “What is the difference between Penetration Testing and Breach Attack Simulation?”

Well, both have a ton of value although and during the session I focused on Breach Attack Simulation (BAS) as a continuous proactive approach when evaluating your overall security capabilities. That said, lets break this down to highlight the differences between the two and of note one does not replace the other.

Methodology

Penetration Testing: Usually, a manual process where the penetration tester will simulate cyberattacks to identify weaknesses in your overall security posture. This will includes identifying vulnerabilities (weaknesses) in systems, networks, applications, and even people. Skilled professionals will test a variety of opportunities that the adversary will take advantage of such as social engineering, physical security breaches, and application-level attacks. This tends to be done once or twice a year and is typically point in time. Penetration testing provides a ton of value but becomes stale the moment it is complete.

Breach Attack Simulation: BAS tends to be an automated process that leverages software (agents) to simulate a wide range of attacks to identify potential weaknesses in your security posture. These tests help to identify potential vulnerabilities and gaps in overall coverage both prevention and detection. Tests tend to run continuously or at scheduled intervals and helps the organization stay ahead of the adversary.

Scope and Focus

Penetration Testing: Penetration testing tends to be more targeted and focuses on specific systems or applications and can be performed with or without the defender’s knowledge. Penetration testers might be looking for vulnerabilities in new software / service ideally before the service goes to live and is accessible. These tests tend to be very point and time.

Breach Attack Simulation: BAS tends to be broader in scope and aims to simulate real-world attack vectors on a continuous basis across a larger portion of the organization’s environment. This helps in identifying systemic weaknesses including items such as changes that introduce deficiencies in one’s controls over time.

Objective and Results

Penetration Testing: Pen Testers mission is to discover high risk gaps such as vulnerabilities that can be exploited. The goal is to demonstrate how they might be leveraged by an attacker. The exercise provides a detailed report describing the findings and provides remediation advice such as patching or virtual patching a system to remove the risk.

Breach Attack Simulation: BAS goal is to scrutinize one’s security controls on a constant basis. This provides deep insight into the organization’s defensive posture on an ongoing basis which allows for a more of an immediate adjustment to one’s defensive capabilities reducing risk continuously and consistently.

Frequency

Penetration Testing: As mentioned, this is typically performed annually and even biannually. Organizations tend to contract a third party which are highly specialized teams providing external perspective of the current posture in place.

Breach Attack Simulation: BAS runs on a constant basis with higher frequency, such as daily or weekly. BAS being automated doesn’t require the same level of human effort that is required with pen testing. Teams become more agile when testing and can test against the latest threats or tactics driving a prescriptive based outcome to improve defenses.

Complexity and Detail

Penetration Testing: Higher in complexity but may be more comprehensive exercise that can be tailored to the organization’s specific needs. This requires highly skilled professionals that can mimic the adversary in both sophistication and ability.

Breach Attack Simulation: BAS may not cover the same level of complexity and creativity augmented by human intelligence found in pen testing but does provide an effective way to reduce risk on a continuous basis.

Cost

Penetration Testing: Pen Testers do come with a cost due to the specific nuance they address and the skills they provide during the exercise. This is why pen testing is performed once or twice a year.

Breach Attack Simulation: BAS does come with a cost but once installed they tend to lower overall operational costs due to automation. BAS also provides continuous improvement in your overall security posture.

Customization

Penetration Testing: Extremely customizable to meet he needs of the organization. Pen testers can be very sophisticated, agile, and creative providing highly valuable results that may get missed with BAS testing alone.

Breach Attack Simulation: BAS does provide a level of customization but tend to be less customizable in comparison as our human-led pen testers.

Pen Testing and Breach Attack Simulation help improve one’s overall security posture and overall cyber resilience while helping reduce the blast radius. Its not one or the other but a combination of both strategies that can provide a more comprehensive view of your ability to defend (prevent or detect)

Remember, although we want to prevent 100% of bad 100% of the time it’s a loosing battle. Assume breach and build a defensive architecture that allows the business to maintain operations regardless of whether a breach occurs. Detection is key and a minimum in everything defenders do.

The post Canadian Bacon Series: Penetration Testing vs. Breach Attack Simulation appeared first on Cisco Canada Blog.

My recent survey on LinkedIn reaffirmed the importance of frameworks like MITRE ATT&CK and D3FEND in strengthening cybersecurity defenses. Companies are at different stages of adoption and interest, with some focusing on next-generation capabilities, while others concentrate on automation, orchestration, and artificial intelligence (AI). AI brings substantial value both defensively and offensively, despite the hype. We’ll delve more into that later.

LinkedIn survey results.

Buying Next-Generation Tools:

Some of the feedback here was around improving secops with orchestration and automation. This is not surprising, as teams are lean and everyone is looking to streamline one’s operation to scale and level the playing field. Now, anyone who knows me understands that I am not a big fan of the “Next Generation” label being used in a product name, regardless of the vendor. The reason I am not interested in the title is that the label “Next Generation” never expires. In essence, a technology that entered the market 10 years ago as next generation may in fact not be as future-facing as we think. Unfortunately, everyone must use it or face the question of whether the product is, in fact, the next generation; ok, I digress. A couple of other items were brought to the surface in this category.

Extended Detection Response to expand upon existing Endpoint Detection and Response capabilities with both Network Detection and Response as well as Identity Threat Detection and Response.

Secure Services Edge to support hybrid workforces and move security to the cloud, allowing for consistent security control no matter where one is connecting from. Simplified access to services, removing the burden on the user regarding how they connect.

Simplifying cloud-based controls with cloud-native capabilities that are cloud-agnostic, especially with hybrid cloud models.

Shifting left, building security into the pipeline to reduce the risk once services are productionized, and maintaining security with every revision.

MITRE ATT&CK:

There is no surprise that this topped the list; however, I was a bit surprised that MITRE D3FEND was a close second. I do believe that an understanding of the adversary and their tactics and techniques elevates one’s defensive capabilities. Once you understand the details, you can determine how you match up with both prevention and detection-based capabilities, with detection being the absolute requirement. Assess the gaps and build out a strategy to address each item, improving your overall security posture. MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a knowledge base that provides a comprehensive framework for understanding the behavior of cyber adversaries. It categorizes and describes various tactics, techniques, and procedures (TTPs) used by attackers across different stages of the cyber kill chain. ATT&CK is widely used in cybersecurity to enhance threat intelligence, detection, and defense strategies. The below image is from MITRE ATT&CK Navigator and highlights capabilities from adversaries targeting finance.

MITRE D3FEND:

This one caught me off guard just a bit. I am fully aware of the framework and its value, but in my discussions with customers all over the world, it is not a topic of discussion that comes up in tandem with ATT&CK. There may be lots of reasons for that, but I am interested in learning more about real practical use cases where this has been applied. Ping me if you are willing to share your thoughts. So, what is MITRE D3FEND? D3FEND complements MITRE ATT&CK by focusing on providing a framework for defensive techniques. The D3FEND knowledge base aims to help organizations understand and implement strategies to defend against the tactics and techniques outlined in MITRE ATT&CK. It provides guidance on how to counteract and mitigate specific adversary actions, offering a more comprehensive approach to cybersecurity defense.

OTHER:

This is the catch-all bucket. The only comment I got here was a focus on AI from a couple of lenses. Good AI to combat evil AI—it’s a battle!

Adding AI to the defensive arsenal will both combat AI-based threats from tools like FraudGPT that create very sophisticated emails to entice interaction and AI-infused malware to defeat our defensive capabilities. These AI tools have the guard rails removed, which prevents one from creating nefarious outcomes.

Adding AI to the operational stack, which would make recommendations on policy and where best to apply such a control, finding the needle in a stack of needles with analyzing threats, to automating the change required to drive an outcome. All using natural language when interacting with the tool.

Data is being shared using public-based AI tools. Having the ability to restrict access to these platforms to reduce company exposure, such as the data leak. We have seen this at large organizations, and many of them are building out controls to minimize the exposure. Just google it.

In the end, we are all at certain stages of the journey, and there is no perfect approach. Unfortunately, it falls in line with the famous IT phrase “it depends.”. If you have not considered a framework such as MITRE ATT&CK, then I would certainly put that on the list to help push your defensive capabilities towards the tactics the adversary will leverage against you.

The post Unveiling Cyber Strategies: Navigating the Realm of Cybersecurity appeared first on Cisco Canada Blog.

Three networking megatrends have upended how businesses approach networking to support the distributed workforce.

First, cloud has become the new data center, with workloads moving from on-premises to hybrid cloud and multicloud architectures. Secondly, the internet is now the new network, with reliance on business connectivity traversing diverse networking domains. And lastly, with so many remote and hybrid workers, the office is now essentially anywhere.

This evolution has made delivering a high-quality, reliable experience—connecting everyone to everything everywhere—significantly more complex. After the need to provide secure access to applications across multiple clouds, the second biggest challenge cited by 37% of respondents in our 2023 Global Networking Trends Report was gaining end-to-end visibility into network performance and security as more traffic originates or terminates beyond the boundaries of the corporate network.

Which begs the question: How do you identify, diagnose, and remediate problems that occur throughout the digital supply chain—the domains within and outside your infrastructure and all hops between a user’s device and an application or service in the cloud? Read on to find out how.

Tackling assurance complexity across multiple network domains

Great connected experiences are table stakes for businesses today. The digital economy relies on always-on applications and services to support employees and consumers. Failure is not an option.

Prior to the hyperconnectivity of today’s digital economy, business applications and services within corporate domains were well served by network monitoring solutions and processes that were localized and handled specific domains, like wireless. But to remediate issues in enterprise WANs, admins had to contact their counterparts within cloud and internet provider organizations to jointly diagnose and remediate service and security problems. Often, this resulted in a lot of finger pointing. Businesses acted reactively instead of proactively. Issues could take a long time to get resolved.

Figure 1. Complex digital supply chain with interdependencies, increased failure surface, and unpredictability.

Providing network assurance for a high-quality connected experience today requires end-to-end visibility and insights across diverse clouds, network providers, the internet, devices, and geographies—each with their own operational domains (see Figure 1). Without end-to-end visibility into network performance, application responsiveness, and security, it is extremely challenging for IT teams to deliver consistent digital experiences to end users.

A person working from home, for example, might run into a problem with Slack. The wireless network in their home office would be connected to an access network that would be connected to an edge router traversing a cloud network to the Slack application. Domain-specific tools can only see a small segment of this traffic. Admins without end-to-end visibility can’t see the big picture.

End-to-end visibility is foundational for SASE

A majority (51%) of organizations in our 2023 Global Networking Trends Report said that with their adoption of more software-as-a-service (SaaS) and multicloud solutions, they see investment in a solution that provides end-to-end visibility as a top priority. This may be in response to recent research by the Uptime Institute that found third-party operators—including cloud, hosting, colocation, and telecom providers—accounted for 70% of all publicly reported outages.

End-to-end visibility, analytics, and operational workflows allow admins to take decisive action to proactively remediate connectivity issues. In a secure access service edge (SASE) architecture, for example, end-to-end visibility feeds the actionable intelligence used to optimize path selection to provide the best digital experience anywhere at any time. Reliable connectivity is foundational to securely connecting people and things in a SASE architecture. If connectivity is poor, the secure access experience will be degraded.

Even before an SD-WAN or a converged SASE architecture with security service edge (SSE) is rolled out, organizations can use end-to-end visibility to evaluate, compare, and optimize the network experience before and after adoption of these architectures. The performance of individual providers in different locations that each form part of a digital supply chain can be proactively tested and benchmarked, with the results used to make more informed vendor selections to ensure the delivery of always-on digital experiences.

Gaining visibility into every connection

A European airline transitioned its network infrastructure from MPLS to SD-WAN, moving many applications and services to the cloud. The company needed to make sure that services met agreed-upon service level agreements (SLAs). To do so, the IT department deployed end-to-end visibility, specifically to monitor and enhance the digital experiences of customers and employees. With this solution in place, the airline can now measure connection latency and other factors—with a specific focus on connections between its data center and the cloud provider, Amazon Web Services. They can continually monitor and prioritize network experiences by accelerating incident response times, introduce more proactive maintenance, and enjoy greater cost efficiency through streamlined troubleshooting.

RichRelevance, a customer experience personalization provider for 250 global retailers, reduced its outages by 88% and shrunk outage windows from an average of four hours to 30 minutes, all thanks to end-to-end visibility. IT service management software company ServiceNow identified network issues 95% faster for their customers with visibility across all network layers that focused on the application experience.

Enabling quality digital experiences through a networking platform approach

Cisco is pioneering end-to-end network visibility and driving exceptional experiences through operational simplicity. It’s a cornerstone of our Cisco Networking Cloud long-term vision, a unified management experience platform for on-premises and cloud operating models to reduce IT complexity.

End-to-end visibility relies on compute power to capture and analyze billions of daily measurements in the digital supply chains that comprise today’s enterprise networks (see Figure 2). It is a powerful and indispensable feature that helps organizations maintain top-quality digital experiences and move from reactive to preventative and automated operations.

Figure 2. Organizations need to leverage a platform-driven approach that drives end-to-end visibility throughout the digital supply chain (click to enlarge)

Watch the Global Networking Trends on-demand webinar:

“Securely connect people, places, and things in an ever-changing world”

Download the 2023 Global Networking Trends Report

The post End-to-End Visibility and Actionable Insights Underpin Great Connected Experiences appeared first on Cisco Canada Blog.

A major transition in IT philosophy is underway.

It’s a shift away from separate networking and security operational silos, tools, and management dashboards, and movement toward the convergence of policies, technologies, tools, and operational workflows based on a cloud-centric operating model.

As part of this transition, secure access service edge (SASE) is becoming a leading convergence architecture of choice for secure multicloud access. Our 2023 Global Networking Trends Report found that 47% of 2,577 respondents globally plan to connect their branches and remote clients using a SASE model by 2025.

However, not all SASEs are created equal. Primarily delivered as a service, SASE can be deployed as a collection of modular or disaggregated components, with separate software-defined WAN (SD-WAN), next-generation firewall (NGFW), and other security solutions that comprise a cloud-based secure service edge (SSE). Or SASE can be delivered as a unified, pre-integrated software-as-a-service (SaaS) that gives admins a highly simplified and unified way to achieve a SASE environment and manage secure, multicloud access to applications by employees end to end, wherever they choose to work.

Here’s why networking and security convergence is such a winning strategy and how to choose among disaggregated, modular, and unified SASE solutions.

How we got here

Over time, organizations have added many point security products to handle diverse cyber threats. With the increased adoption of cloud technologies, which bring the promise of agility and resiliency, organizations started migrating more applications out of the traditional data center to private and public clouds and SaaS, leading to a highly distributed environment. Coupled with today’s hybrid distributed workforce, the traditional perimeter no longer exists, and the attack surface increases substantially in this hyper-distributed IT environment. The traditional perimeter-based solutions fall short.

Additionally, 51% of respondents in the 2023 Global Networking Trends Report cited skills gaps as a main challenge to their organization’s use of cloud-native technologies. This lack of talent, along with human error, could be responsible for over half of significant cyber incidents by 2025, according to Gartner.

Networking and security convergence and a unified SASE

Converging networking and security domains brings end-to-end visibility into every connection so admins from both disciplines can work together to optimize the application experience. Integrated tools and a centralized dashboard increase efficiency and collaboration. With access to traffic data on every user experience, visibility gaps can be eliminated and mean time to repair (MTTR) times reduced.

Offering such a converged environment and centralized and unified management, SASE is a way to radically simplify security and networking (Figure 1). Gartner defines it as a multifaceted solution that delivers converged network and security as a service. Features include SD-WAN, secure web gateway (SWG), cloud access security broker (CASB), NGFW, and zero trust network access (ZTNA). SASE supports branch office, remote worker, and on-premises secure access use cases.

Figure 1. SASE enables networking and security operational convergence.

SASE provides a much-needed framework for securely and seamlessly connecting users to applications in complex and highly distributed environments. First described by Gartner in 2019, it has evolved rapidly from a disaggregated set of point solutions with many vendor solutions available in the market, to more comprehensive solutions from one or more vendors available as modular components (Figure 2).

With single-vendor solutions, a unified SASE approach emerges in which all components are fully designed, integrated, and supported as a single platform that can be optimized for SASE, merging network and security constructs to a cloud-delivered model. At Cisco, our SASE motto is “Interconnect everything and provide security everywhere,” end to end.

Figure 2. The various technology and vendor approaches for a SASE architecture.

A unified SASE makes life much simpler for IT personnel. It’s a platform approach that focuses on outcomes instead of architecture and may be especially attractive to smaller organizations with fewer IT personnel.

Each of these approaches to SASE will appeal to different organizations, and Cisco meets our customers where they are in the technology journey—supporting all models.

SASE in the real world

With 38 attorneys serving thousands of clients in South Carolina and Georgia in personal injury cases, George Sink, P.A. Injury Lawyers wanted to utilize the efficiency of the cloud to connect employees and support staff anywhere more easily and securely. They migrated their on-premises VPN to a virtual endpoint in the cloud and a unified SASE. Regardless of location, employees seamlessly and securely connect to the applications they need without physical, on-premises equipment. IT complexity was reduced by moving to the cloud with a unified, turnkey solution that deployed in hours instead of days. Great experiences for users and IT alike are the result.

Milwaukee Electronics, an electronics manufacturing services (EMS) provider based in the United States and with facilities in Mexico, India, and Singapore, was experiencing supply chain issues that made it difficult for them to obtain new technology infrastructure to support a distributed workforce. The company is a one-stop shop for custom electronics design, printed circuit board (PCB) prototyping, assembly, and project management. Their customers have stringent cybersecurity regulatory requirements, and a unified SASE improved the company’s security posture, providing visibility into every connection to their network. As a service, the single-vendor unified SASE provides the company with a highly comprehensive and automated networking and security solution, maximizing their limited IT resources.

Simplifying and improving the experiences of both user and IT teams, SASE is an architecture whose time has come. When all functions are provided in a unified SASE from one vendor, the benefits and time to ROI are accelerated thanks to the ease of deployment and simplification of use.

Register for the Insider Series Global Networking Trends Webinar

“Securely connect people, places, and things in an ever-changing world”

Download the 2023 Global Networking Trends Report

The post Converge Networking and Security with the Right SASE appeared first on Cisco Canada Blog.

In this blog, I am going to discuss a couple of items to consider that improves our overall security posture and helps elevate everyone’s defensive armour! Some of these you have heard many times before, but I am going to add a little dusting of defensive love to each one.  Also, use the tooling you have at your disposal and take advantage of it. That said, I will give few examples of some of the things Cisco has available to simplify your security ambitions.

Strong Passwords: How many times has this one come up! We as users must ensure we are not using the same password across personal platforms such as email, banking, and social media. Further to that we need to ensure we do not cross contaminate the use of passwords between our personal and professional needs. Layers really do matter when it comes to security, and this is a simple one. Finally, consider passwords of strength and leverage a secure password manager. Check out the following article.

Note: there is a shift towards passwordless based access which improves your overall security posture. Although there is a shift this will take time to implement, and strong passwords will be required for some time for certain applications. If interested check out the following article.

Two-Factor Authentication (2FA): Although strong passwords are critical where passwords are still in use everyone should be enabling two-factor authentication whenever possible. This includes both personal accounts such as email, banking, and social media but also your professional accounts as well. If you have access to your employers VPN or SaaS based applications and two-factor authentication is not enabled, I encourage the community to push employers to advance their level of security – it protects both you and them. Ideally, the MFA platform would offer risk-based authentication methods that determines the level of risk based on multiple factors such as device health, location, and so on. This should help remove user friction and either step up or step down authentication requirements based on the risk determined. Check out the following article around 2FA.

Although strong passwords are critical where passwords are still in use everyone should be enabling two-factor authentication whenever possible.

Phishing Awareness: Turn those Spidey senses on to help identify phishing emails, these are the threat actors attempts to fool you into giving up sensitive information. Scrutinize each email and when in doubt do not click about. This includes suspicious links, attachments, or personal data. The bad thing is that artificial intelligence is helping the threat actor and their ability to create emails that look legitimate. Employers should be deploying advanced email threat protection capabilities powered with artificial intelligence to minimize employee and organizational risk. Check out the following demo for email threat defense.

Email and Web Safety: This one is broader than phishing alone as email is still the number one attack vector and treat actors leverage web links and attachments. Scrutinize all emails with links, attachments, be aware of pop ups, and if it looks odd it most likely is. If in doubt kick it out by deleting it or moving into junk or quarantine folders. Home users can leverage OpenDNS  to protect against basic threats found here. Organizations should look into advanced email security and advanced web protection capabilities such as Email Threat Defense and Secure Access

Advanced Endpoint Protection: One of the last resorts protecting against compromise. If all other protection methods fail the endpoint provides an additional layer and is a must have. Personal assets should have endpoint protection enabled and ensure it is updated regularly. Cisco provides open-source endpoint protection capabilies with clamav. When it comes the enterprise we need endpoint protection with multiple engines, endpoint detection and response with forensic capabilities that supports multiple operating systems and aligns to the MITRE ATT&CK Framework. The endpoint becomes messy with all these controls needed to secure it so there is an opportunity to simplify. Imagine having a endpoint security client that provides EPP, EDR, Forensics, Sandboxing, DNS, WEB, DLP, CASB, Network Visibility, Device Health, VPN, ZTNA, and more – well its now a reality with Cisco Secure Client.

Software Updates: Vulnerabilities expose our systems and regularly updating your personal operating system, applications, and security software is critical. Simply schedule and keep things updated across the board. When it comes to corporate assets and patching there is increased risk involved so a risk-based vulnerability management program is key. We see roughly 2-5% of all vulnerabilities require patching. This builds confidence in the patch management program for all stakeholders involved while reducing the services risk associated with blindly patching systems. Applications teams will love you once you deploy a risk-based vulnerability management platform – we all need a little more love as defenders. Check it out here.

Scrutinize each email and when in doubt do not click about. This includes suspicious links, attachments, or personal data.

Data Backup: When bad happens backups may be the only way back. Regularly back up critical files and personal data to an external source such as cloud storage and or external drive. Most operating systems provide users with built in options, but you need to move the backups off the local device as the threat actor will try and erase them or make them impossible to recover. Enterprises should have strong disaster recovery processes that include data backups but point of time recovery may not be in place. Organizations should consider snapshot technology based on risk seen elsewhere in the environment as a real time precautionary measure in case of compromise. An example of this is with Cisco XDR and Cohesity – the ability to snapshot the assets prior to compromise based on upstream indicators. This provides a current point in time recovery option in case controls fails. I know superhero stuff available for the superheroes defending.

Social media privacy: review your privacy settings as we have seen the threat actor take advantage of this information and use it to it to impose as you to get more information for nefarious reasons. Everyone should consider what is being shared publicly. When it comes to the enterprise ensure you build in processes to ensure rigor when someone calls in asking for information or resetting access. We have seen this with some larger breaches of late where the threat actor just called the help desk portraying as someone with elevated privileges. Access granted and the threat actor hits the jackpot!

Cybersecurity Training: Everyone should take cybersecurity awareness training whether through online free training offerings if you have never taken it with an employer. Organizations should have a program in place that encourages not disciplines employees advancing their knowledge on a regular basis when it comes to potential risks and best practices for keeping company data and systems secure.

We as users must ensure we are not using the same password across personal platforms such as email, banking, and social media.

This is just an example of some of the items to consider not just during Cybersecurity month but everyday moving forward. The above are absolute basics and are non-negotiable in today’s digital world. In my next blog we will talk about commodity-based controls and how defenders need to elevate their capabilities to even the playing field.

The post Canadian Bacon: Cybersecurity Month and Community Superhero’s appeared first on Cisco Canada Blog.

The Canadian Center for Cyber Security has observed increasing malicious activity targeting provincial governments. They’re aware of more than 100 cases of cyberthreats targeting Canadian municipalities since early 2020.

Targeting residents’ personal data, service continuity, and trust in local institutions, criminals use tactics such as social engineering, unauthorized network access, or the deployment of malicious code (e.g., ransomware) to achieve their illicit goals.

The main threats to local municipalities

Attacks on provincial governments are primarily via email, a business tool that can be turned into a trojan horse that fools employees into helping criminals gain access to an organization’s IT network.

They often deliver malware through links or downloads that people innocently click on and unwittingly open the door, so to speak.

A particularly insidious tactic is the use of spoofed emails, a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust such as an internal colleague or a government official — even the mayor. The intent is to get people to click a link or download an attachment that delivers malware.

Some of the main threats to watch for include:

• Ransomware attacks, which almost always come via email, but sometimes SMS text.
• USB malware, which is introduced to a computer network via a USB key.
• Denial-of-Service attacks, which inundate a municipality’s services portal by leveraging hacked computers around the globe, resulting in residents not being able to gain legitimate access to services they require.
• Social engineering, which is a method of tricking someone into helping the hacker through a phone call or other method where someone gets an employee to share a password by pretending to be someone they are not.
• Spoofed email, which is a form of social engineering (explained above).

A final, and particularly concerning contender to be on the lookout for is insider threats, which are highly unpredictable. There are unlimited reasons why a person might become hostile toward your organization, and from the inside, someone with malicious intent can cause all sorts of problems.

Common gaps municipalities must mitigate

Municipalities share many common cybersecurity gaps. Here are the 10 most prevalent problems that I’ve seen in my 35 years in cybersecurity:

1. Lack of information security policies. Security policies don’t have to be elaborate. However, it is important that they address at least the following topics:Acceptable use of IT resources;

• Information security classification (i.e., what constitutes a confidential document?)
• Access to information (i.e., who can access which information?);
• Security for teleworkers and travelers;
• Physical protection of sensitive documents; and
• Security background checks for employees and contractors.

The government of Ontario has a website (Cyber Security Centre of Excellence) that lists policies and standards that can be used as a guide you can adapt to the needs of your municipality.

2. Lack of security awareness. Most municipalities have an inadequate information security awareness program. Programs should include mandatory regular online training. You also need phishing simulations and keep metrics on the “click rate” of your employees. Among others, employees need to understand the different types of threats to watch for — everyone, from the mayor down, needs to go through training. Larger municipalities can outsource the training to third-party companies that specialize in security awareness. You can also hire companies that will conduct simulation testing to understand your vulnerabilities.
3. Lack of data encryption. All data on laptops should be encrypted. No one should be able to take home unencrypted sensitive data. Ever. And no one should be using USB keys — they are a main source of data leakage and malware infiltration, and so should be banned. There are more efficient and secure ways to exchange information such as your cloud service.
4. Outdated endpoint protection. Old-fashioned antivirus detection software has a significant problem: These tools can only detect known viruses, and thousands of new viruses are created every day. It can take weeks, or even months, for security agencies to discover them and create protections.

So we now have an Extended Detection and Response (XDR) solution. It detects abnormal behavior — including insider abuse — and alerts the appropriate system administrators. The solution will even detect brand new malware unknown to the cybersecurity community (often referred to as “zero-day” malware).

5. Lack of IT asset management. You need an asset management solution to maintain an inventory of your IT hardware and software. All assets should be tracked in real-time — what equipment/software, the model/version, who has it, and location. These systems can detect the use of unauthorized software installed by the user. Note that decent asset tracking software doesn’t need to be expensive.
6. Lack of access control. Privileged accounts, like systems admins, need to be limited. You also need to ensure accesses are granted and revoked. When an employee leaves, the application owners need to inform the system administrators as soon as possible to ensure that the corresponding accesses are deactivated. I recommend performing quarterly reviews to ensure access is based on business need-to-know. All systems should also require two-factor authentication for remote access and for privileged access.
7. Poor control of third-party contractor access. All companies considered for the provision of critical online services (ex., pay system) should be compliant with the SOC 2 Type 2 standards, which is a new standard now used by most serious cloud services providers. Any IT security consultant you consider hiring should have a CISSP certification. Finally, you should conduct a security background check on every contractor needing access to your IT systems.
8. Lack of security patches and updates. Hygiene is a requirement in any IT environment. Computers should be set to automatically patch and update systems, and any obsolete operating systems and software should be removed. Annual vulnerability scans should be conducted to identify unpatched systems, weak passwords, unsafe configurations, etc.
9. Skipping penetration tests. Having a qualified contractor who can conduct penetration tests on your IT infrastructure on a yearly basis is a must. Take corrective action to remediate any identified vulnerabilities immediately.
10. Not preparing for incident response. Improvised responses to IT incidents can be a catastrophe. Create a crisis management team. Include representatives from legal, PR (an organization on retainer that regularly manages crisis is best), and your insurer if you have cyber insurance. Write crisis management response procedures, starting with the most critical and most probable scenarios. For coordinating in the event of a crisis, you should use a crisis management mobile application. Remember that in a crisis, your computer network could be down — and paper versions of your plan are likely out of date.

Some final recommendations

Something I always tell clients is to keep in mind that backups are also vulnerable to ransomware attacks. You need to maintain at least three copies of your data in at least two different media. You should store at least one copy offsite (consider if your building burns down), store at least one copy offline, and make sure you have verified backups without errors.

Next, nominate one senior person in the organization to be accountable for IT security. Conduct an IT security assessment, and then present a three-year roadmap to your City Council, because you’ll need a reasonable budget to do what is needed. If possible, outsource 24/7 IT security monitoring and response to the pros, and always leverage cloud services where possible — get away from data storage on-premises.

Finally, use the Association of Municipalities Ontario’s A Municipal Cyber Security Toolkit to guide your cybersecurity governance and ensure that your municipality is prepared for the inevitable event of a cybersecurity incident. Eventually, everyone is a victim of hackers. Preparedness determines who walks away unscathed.

Municipalities worldwide work with Cisco to secure their valuable IT networks. Check out Cisco Umbrella, a key component of Cisco Secure’s portfolio of products that provide security and peace of mind for local government leaders in Canada and around the globe.

The post Cybersecurity Governance for Municipalities appeared first on Cisco Canada Blog.

Behavioural economics provides insights to understand, predict and change human behaviour through nudges in systems or processes specifically designed to promote actions that align with desired outcomes. This art of carefully crafting an approach that encourages users to make the certain decision is known as Choice Architecture.

From diverse thinking to new principles to challenging bias, there was so much to learn and take away from these sessions. However, when it comes to rethinking how we encourage action and change, three things stood out for me, and I’d like to share them with you.

Leaders can use choice architecture strategies to influence decision-making. 

Over time, our brains are trained to make quick decisions based on how familiar we are with the situation. As decision-making increasingly relies on rules of thumb that worked well in the past, it opens room for predictable mistakes. To increase the speed of decision making and minimize errors, leaders can create processes that increase the frequency of decisions aligned to the organization’s desired outcomes. If human judgement is not needed, then automate the process. If human judgement is required, simplify the process by asking individuals to make an active choice between two options (“yes” or “no”).

Consider the power of framing when communicating change

Framing is one of the most helpful tools to use when communicating change. It’s how you think about something and the words you use to express an idea. It’s the story you tell and the inspiration you can give. When trying to influence a change, educating or telling people about a solution does not always produce the desired outcome. It is important to frame the change around motivational factors that moves people to act. Such as Social Context (everyone is doing it), Personal Benefit (here’s what’s in it for you) and Structural Hoops (its process and tools to be used).

Give people an active choice.

As we think about influencing behaviour it’s important to note we can’t take away individual’s ability to make a choice. We must ethically design systems that do not manipulate but aims to serve the greater good of all. Ethical issues become even more important as you consider decisions around individual’s health or privacy. Give people an active choice by creating a nudge in the process that forces them to stop, think and consider the choice to make. You can set the default to the preferred option (i.e., opt in vs opt out), however the final decision should be in the hands of the individual. This also often helps overcome the inertia we sometimes face when making decisions.

As I reflect on time spent with this cohort, I realize that this concept has been around us for a while now, and you can see these design principles applied everywhere you look. Think about the plug for your coffee maker. It will never fit into your phone. It’s not designed to. That’s the same principle. As leaders, we create processes and systems for our teams to act and execute work with the desired outcome in mind. For instance, if you want your team to use data while planning, create a planning template that requires them to enter data as part of the process.

We all have a unique opportunity to shape our organization and the interactions with customers through the decisions we make, let’s use this superpower to engineer choices that serves the greater good of all.

The post Influencing Choices Designed for Positive Outcomes appeared first on Cisco Canada Blog.

A Gartner study details how digital transformation in the retail industry is moving forward at previously unknown speeds and leading to broader potential for serving customers and employees.

Customers mastered digital shopping long ago, and they expect retailers to keep improving the digital experience. It only makes sense that retail’s other main stakeholder, employees, should be expecting greater digitalization of how they work.

The retail buying process has changed — and it’s changing how retailers manage their businesses.

FlexJobs reports that a sampling of recently listed remote job titles on their site includes brand ambassador, client services professional, customer service representative, ecommerce professional, project manager, recruiting manager, retail account executive, and retail trainer.

The list of retail jobs that could qualify for hybrid work models is only likely to grow as the digitalization of the retail industry progresses.

The key to success with hybrid work for retailers is ensuring customers continue to get the well-rounded experience they expect.

The Future of Customer Experience

Customers today expect an omnichannel experience from retailers. Even smaller purchases may involve a search online or reading of customer reviews. Some people will look to social media sites, and others will read blog posts or watch online videos to help them make purchasing decisions.

Retailers need to be intentional and realistic about the future their customers expect. Customers today want deep product information, and they want to see a product in use — not just static photos.

If retailers want to be involved in the digital omnichannel journey their customers take, which could result with an in-store purchase just as likely as an online purchase, they need to address customers’ digital needs.

The Future for Retail Employees

The employees involved in serving the growing digital retail experience mostly don’t need to be on-site daily — and that’s good news for retailers. According to Global Workplace Analytics, businesses can save more than $11,000 per employee per year by letting them work remotely half-time. This number is based on savings in real estate, electricity, absenteeism, turnover, and productivity.

To hire and retain valuable talent, retailers need to be competitive in the ways they serve their employees. Workers today don’t just want flexibility — our complicated lives require it. Hybrid work technologies can provide for virtual employee training and collaboration that doesn’t require a flight or commute to headquarters.

Recommendations for Retail CIOs

Security: While planning for digitalization to serve customers and employee collaboration from anywhere, focus on security. Security must be the top priority in any IT decision. Secure collaboration tools and networks will ensure customer privacy and business continuity. Look for solutions that integrate meetings, calling, and security, and make sure they’re simple to manage.

Data sources: Plan for leveraging wireless, video, and other data sources to deliver personalized and contextual product and service information to customers. Customers expect to see the same information in-store and online, so ensure that experience is seamless.

Cloud-based: Tools and networks that can be managed in the cloud allow for better control and security — and they allow for access from anywhere. Look for solutions that are easy for employees to deploy without on-site IT, and meet the high demand for retail agility and scalability.

Are you ready to start exploring the top solutions for hybrid work and collaboration? Visit our Must haves for Hybrid Work in retail page, explore Cisco’s portfolio of solutions, and watch our on-demand webinar. When you’re ready with some questions and want to explore solutions, our hybrid work experts are ready to help. Cisco can empower your associates working at home, in the store, or anywhere.

The post Retail Customers Have Embraced Hybrid Work and Retailers Should Too appeared first on Cisco Canada Blog.

Hybrid work tools have done more than facilitated telemedicine — their success has instilled confidence in patients to receive medical attention without always being in the same room as their physician.

The digital front door is impacting patient lives by facilitating digital interaction pathways, notifications, digital document processing, video consultations, and other processes.

According a McKinsey study, “Virtual healthcare models and business models are evolving and proliferating…[creating] a range of services enabling longitudinal virtual care, integration of telehealth with other virtual health solutions, and hybrid virtual/in-person care models, with the potential to improve consumer experience/convenience, access, outcomes, and affordability.”

In Ontario, The Autonomous Living Project (ALP), a partnership between Cisco Canada and York Support Services Network, Reena, META, CLASS, and Creating Alternatives is enabling people with developmental disabilities to live independently. Some of the same technologies that facilitate hybrid work are now fully integrated into users’ daily routines, promoting self-reliance and allowing them to lead more independent lives.

Benefits to Healthcare Workers

Telemedicine benefits go far beyond the convenience and safety it provides to patients. For healthcare workers, hybrid work technologies allow them to reduce time spent on tasks related to registration, like transcribing notes, scanning, and filing documents, and allows them to spend that time on patient care instead.

With the increasing shortage of healthcare workers in Canada and around the world, the ability to reduce tasks and facilitate focus on patient care greatly helps health professionals manage their workload.

Benefits to the Healthcare System

Telemedicine reduces transmission of infectious illnesses like COVID-19, the flu, common cold viruses, and more by providing medical care and guidance virtually so the patient can isolate in the comfort of their own home.

Doctors can even consult with contagious in-hospital patients using collaboration tools in a patient’s room. With the assistance of a nurse or other caregiver in the room, a patient can be examined and treated by a physician thousands of miles away — or in another part of the same building.

In remote areas of Canada, a doctor or nurse can use hybrid work tools to consult with specialists at major hospitals across the country or internationally.

The Secret to Continued Success with Telemedicine

Done well, hybrid work tools for healthcare like Cisco’s Webex can provide unlimited benefits to patients and health professionals, but the right tools and approach are needed for continued success.

• Keep data secure: The security of patient and health information must be a top priority when making telemedicine investments. A single breach can be catastrophically detrimental to a healthcare organization.
• Make adoption easy: Tools that are not intuitive or that require too much support from a help desk will, in the end, fail. In particular, when selecting the right tools for your organization, think of your patients. Some patients and health professionals can find it frustrating to learn new technologies. Select tools that are easy to adopt — by anyone.
• Don’t delay the future of healthcare: If your healthcare organization has not already put in place hybrid work and collaboration tools that allow for telemedicine services, don’t delay making decisions about this investment to improve staff and patient engagement.

Hybrid work in healthcare is here to stay. Both patients and healthcare workers have benefited from telemedicine, and they want to continue to make use of innovative technologies to improve health services. Watch our webinar, Hybrid Work Supporting Healthcare Heroes and learn how telemedicine is changing lives.

The post The Digital Front Door Is Impacting Patient Care and Improving Healthcare appeared first on Cisco Canada Blog.

At universities across Canada, foreign students discovered the benefits of hybrid work and hybrid learning during the pandemic, making their transition to another country easier.

Virtual learning became a top priority in 2020 when it was absolutely crucial for continuity in education, and it continues to be a necessity for students all over the world. Cloud-based technologies that enable hybrid work also enable students and educators to learn and teach regardless of where they are physically.

According to a Research and Markets report, the global online education market is poised to grow by $121.85 billion USD during 2021-2025.

In Canada, a country with perhaps more remote villages than most, hybrid work tools can be a bridge to educational opportunities some students would otherwise miss.

Looking to the future, school districts and higher education institutions all over Canada are planning to continue using hybrid work tools that allow for virtual learning. And the CIOs and technology decision-makers for these organizations are working hard to plan for the technology requirements that need to be met to allow students and educators to innovate what the future of learning can be.

To succeed, there are three features of hybrid learning that need to be well thought out by educators and IT professionals planning for the requirements that need to be met:

Time: There needs to be a clear understanding of when teachers will be teaching and students will be learning. Will these efforts be carried out in real-time or provided as an on-demand option that students can access without consideration for time zones? Self-paced learning can be ideal for some students.

Space: Where will the teaching and the learning happen? Will instructors be in a school setting? Or perhaps teaching from their living rooms? And where will the students be? Will they be physically present some of the time? Will some students need to be virtual while others are in class? Or will classes be remote with instructors teaching across Canada with students in major cities or remote villages?

Interactions: The third feature of hybrid learning to understand is how students and teachers will interact. What types of engagements need to be considered when planning for optimal technology solutions? Will there be in-person participation? How much of the educational process will be in a more controlled virtual environment? Face-to-face and virtual interactions add different dimensions and dynamics to how students learn — and how teachers teach.

With these considerations in mind, education decision-makers need to also plan for improving student hybrid learning skills and making sure students are equipped with appropriate computers and reliable internet. If some students are joining virtual classes from remote areas where internet speed is very slow, how will that be managed?

The same issues need to be considered for instructors. At the beginning of the pandemic, most teachers were not prepared or trained for hybrid learning. Now that we’ve all had time to learn from those first two years, teachers need to be prepared for the technologies they need to use to make sure all their students have the opportunity to succeed.

Finally, when planning for current and future technology needs, decision-makers need to assure:

• The technology is easy to adopt
• Tools are intended for hybrid learning
• Students and teachers have equal access to the technologies they need
• Internet access is secure and reliable for all
• Technology adoption is prioritized

To learn more about hybrid work solutions and how educators are using these technologies to deliver education without boundaries, visit Cisco’s Hybrid Learning and Teaching page. Take a look at our solutions and reach out to get guidance from one of our experts in hybrid technologies. At Cisco, we are guided by the vision that all students can have equal access to education, no matter where they are.

The post How to Assure Your Hybrid Education Strategy Is Sound appeared first on Cisco Canada Blog.

Today, many financial services companies are allowing some employees to choose whether to be based at home and go into the office only for specific events, or primarily in the office and working from home only when it’s necessary. Some employers allow staff whose jobs can be conducted remotely to work from home a couple of days each week.

Here are three ideas financial services companies need to keep top of mind if they want to succeed in the new world of hybrid work: delighting customers, empowering their workforce, and operational transformation.

Delighting Customers

Financial services companies must take a holistic look at the customer experience. The service customers receive at a brick-and-mortar facility is only part of what customers expect. Today, the customer experience starts online and there is a journey, an amalgamation of all the interactions throughout their relationship with an institution.

Marketing research has repeatedly shown that it takes around 12 positive experiences to make up for one bad experience or unresolved customer issue.

Hybrid work solutions improve the customer experience with banks and other financial services businesses. Today’s banking customer has some expectations that cannot be met inside a building. Customers want to be able to deposit checks, view their statements, and move money while they’re on the go. And when they need to talk to someone, they usually don’t want to have to drive somewhere.

The expectation is to have a digital solution — and those solutions often use the same tools that allow hybrid work. Even better, they allow associates to help customers from anywhere.

Empowering the Workforce

According to a PwC study in mid-2020, only 20% of financial services employees wanted to be in the office three or more days a week after the pandemic. At the same time, 70% of financial services employers said those employees should be at their desks in the office at least three days per week to maintain a distinctive culture.

There was, apparently, a discrepancy in the early days of the pandemic regarding what people thought the future of work should look like.

More recently, a 2022 PwC study highlighted that 55% of financial services executives cited talent acquisition and retention as the biggest risk impacting their company’s ability to meet growth objectives. And 78% said that hiring and retaining talent would be very important to growth in the coming year.

Clearly, financial services leaders recognize that for their businesses to thrive, they have to enable workers to manage their lives in a more flexible way. Hybrid work offers a more human approach to work than the traditional, rigid clocking in at the office at 8 AM, having 60 minutes for lunch, and clocking out at 5 PM.

We all lead complicated lives. And while life has always been complex, that fact hasn’t traditionally been recognized by employers. The pandemic changed all that.

To be competitive as employers, businesses need to be able to provide hybrid work solutions. The good news is that, according to a PwC survey conducted at the end of 2020, average employee productivity improved with remote work.

Operational Transformation

Empowering the modern workforce and delighting customers is a must for financial services businesses, and it’s only possible with robust collaboration environments. Employees need to be able to balance their work and personal lives, and customers must be empowered to manage their financial accounts and get the help they need when and wherever they need it.

Flexibility and agility are crucial to digitalizing workflow, automating processes, and modernizing application and performance management. But security and compliance must be top of mind for financial services leaders planning for current and future technology needs. Can the tools being evaluated provide the threat awareness and security controls needed to run a trusted and compliant financial services business?

The answer must be a resounding yes.

Hybrid work tools not only need to provide for easy collaboration, but also be solutions that offer secure business processes that can grow and evolve with the organization.

Hybrid work is here to stay. Providing customers and employees with the digital tools they need and trust can be the key differentiator. To learn more about hybrid work solutions for financial services businesses, visit our guide. View the webinar, and when you’re ready to talk it through with an expert, please reach out. We love to help businesses succeed in preparing for the future of hybrid work.

The post Hybrid Work Solutions for Financial Services Deliver Delight for Customers and Employees appeared first on Cisco Canada Blog.

According to guidance from the Government of Canada, “The future of work will be enabled by technology and shaped by Canadians and their shifting expectations.” It’s important to remember that one size does not fit all, and the approach each government organization takes should be guided by its workforce.

The greatest challenge to success for almost any organization today is the competition for talent. The problem is rampant across the country, with places like British Columbia reporting that even if every unemployed person filled a vacant position, there would still be a 10% worker shortage. However, the shortage of workers varies in different areas across the country.

Allowing employees to work remotely most or all of the time can allow for a more even distribution of skills across Canada. However, to see broad success in hybrid work models, there are a few factors to consider.

Planning for Flexibility

Hybrid work is the convergence of people, places, and technology — which makes planning for the future a challenge. We can’t predict exactly how people will want or need to work in the future or where they will need to do it from, and we can’t foresee the innovative technologies that will be available 10 years from now.

Some level of informed guesswork is always required when designing a strategy that plans far into the future, and building in adaptability will set you up for success.

To build a tech stack that holds up to change, you must plan for uncertainty. Fortunately, cloud-based collaboration tools have the flexibility needed to enable employees to succeed whether they work from the office or a remote location. And cloud technologies allow for easy updates and upgrades.

The Human Element

I’ve had the opportunity to hire talent in this hybrid world, and I had to think about how to attract and retain top candidates, as well as onboard them in a way that makes them feel welcome. I want new team members to understand and be part of our culture , and often I do that virtually.

In years gone by, I would have sat down right next to a new employee and showed them what we were working on and the areas where I felt they could make the most significant contributions. I would introduce them around the office and take them out to lunch so they could meet colleagues.

It was a process that helped people feel a sense of belonging and loyalty to the organization.

Today, I schedule virtual calls, check in regularly, and ensure a new employee has video meetings with colleagues as soon as possible. For hybrid work to work, you still have to consider the humans using the technology.

Key Considerations for Success

• Versatility: Public sector workers need adaptability and flexibility in the technologies they require to do their jobs. It’s not one-size-fits-all. Emergency workers function very differently from employees at a courthouse.
• Inclusivity: Accessibility and language requirements must be at the top of the consideration list for serving public sector workers. We have a very diverse population in Canada, and our government workers need to be able to communicate with anyone seamlessly. Everyone deserves the same experience.
• Security: Without a doubt, the most important consideration for technology today is security — especially when dealing with Canadian citizens’ personal information. No matter what other considerations or requirements a hybrid work strategy must meet, identifying and dealing with threats is paramount to any organization’s success.

Hybrid work technologies are about connecting people and then fading into the background — never hindering their ability to collaborate. We need to support our workers in their complicated lives and support their well-being. Hybrid work allows us the flexibility to put people first.

I invite you to explore our Hybrid Work for Government website and, when you’re ready to explore your options, let us know. Our hybrid work experts are always prepared to answer questions and help you plan for the future of work.

The post How Hybrid Work Technologies Are Defining the Future of Government Work appeared first on Cisco Canada Blog.

Retail has dramatically evolved from the days when the shopping experience started on the sidewalk and concluded at the cash register. Today’s customers are all about convenience – convenience is king – and retailers must be willing to meet their expectations and be available wherever and whenever their audience wants to reach them.

More often than not, shoppers are using multiple channels to research and make decisions about their purchases — and these omnichannel customers are particularly valuable. On average, they spend more on every transaction. And customers who use more than four channels spend 9% more in-store than those who use a single channel.

How Hybrid Work Plays a Part in Retail Success

Retail has been one of the industries hardest hit by the Great Resignation, and retailers have had to be creative in finding solutions. Making hybrid work available to workers who don’t have to be in a specific location to do their jobs has alleviated some of that struggle.

A successful hybrid approach focuses on designing a work experience around workers’ needs, wherever they are. It allows people to seamlessly and securely work onsite or offsite and addresses the unique needs and expectations of today’s workers.

Employees who manage virtual retail channels easily fit into the category of employees who don’t need to be at a particular location to do their work and could benefit from hybrid work opportunities.

How Hybrid Work Benefits Retailers

The typical employer can save almost $11,000 per employee annually by allowing them to work remotely half-time. The savings come as a result of increased productivity and reduced turnover rates, absenteeism, and costs for real estate.

Hybrid work can also alleviate the strain of hiring and retaining talent in an industry that has been hit particularly hard by the wave of resignations since the beginning of the pandemic. Studies have repeatedly shown that workers today require options that hybrid work can offer.

Keys to Successful Hybrid Work in Retail

To reap optimal benefits from a hybrid work culture, retailers need to prioritize five items:

• Customer perspective and experience: Retailers must clearly understand their customers, including how and where they want to interact with the business and how they want to experience the company’s products. Focus on personalization and multichannel experiences.
• Security: It is essential to ensure customer privacy and the security of their information, as well as provide reliable and secure connectivity for workers. Secure networks allow organizations to consistently apply security policies across all workspaces, no matter where an employee works.
• Internal stakeholders: Do you have the right technology for your users? Consider how your internal stakeholders work and the technologies required to facilitate efficiency and security. Some will be onsite and others will be offsite, and both need to be able to help customers without delays or having to restart a sale already in progress through a different channel.
• Flexibility for financing business expenses: Consider whether flexible financing and payment options might fit your budget better than a lump sum payment. Can you manage your business in the cloud? Cloud solutions can allow you to quickly make changes as your business needs and technology evolve. Your financing choices should make your business agile and enable you to grow.
• Scaling for the future: Never make technology decisions or purchases that only address current needs. Technology investments should always consider how your business is growing and the future needs of your workforce and customers. The right investment choices will allow your business to grow and your technology to evolve seamlessly.

Making significant technology investments requires research and talking to experts who can guide you through the process and help you focus on the most critical decisions.

If you’d like to learn more about the technologies that can help you successfully leverage hybrid work for your business, explore Cisco’s portfolio of hybrid work solutions for retail and let us know how we can help. We’ve worked with some of the biggest retailers in the world, and our experts are ready to help you make the right decisions for your business.

The post Hybrid Work Technologies Are Helping the Retail Industry Evolve appeared first on Cisco Canada Blog.

Assembly, fabrication, and material handling are not likely to be performed from alternate locations anytime soon. But manufacturing workers who do a lot of their work on a computer — like engineers, designers, office workers, sales staff, and some management functions — can benefit from a hybrid work model.

Looking to the future, a Manufacturing Leadership Council study found that over one-third of manufacturers expect technologies that enable work to be done remotely will amount to a game-changer in production over the next five years.

The Benefits of a Hybrid Work Model

A hybrid work models that is well designed and supported can provide better work-life balance for employees, who can skip the commute and costs associated with being on-site five days a week. It also allows employers to reconsider the purpose of offices and turn them into collaboration hubs where people come together with a clear purpose.

Offices that don’t require as much space, power, insurance, office supplies, and snacks can reduce the cost of doing business.

And then there’s the topic of talent recruitment. Secure, cloud-based networks allow businesses the flexibility needed to hire and retain the best talent possible. If you can hire employees without regard to where they live, you expand your candidate pool and potential for making successful hires. Businesses have the opportunity to grow in ways that are not possible when restricted to local talent — especially as we consider the trend of people moving away from major cities.

The Must-Haves to Succeed with a Hybrid Work Model

• Security: The security of information and networks must be a top priority when serving dispersed teams — and it needs to be provided across all the communication devices and platforms employees use. Hybrid and remote teams often use personal equipment (computers, routers, and mobile devices), which can be challenging to manage and secure. A well-managed hybrid work model effectively addresses flexible cloud-delivered security, email security, and user, app, and device verification.
• Network: The infrastructure for hybrid work requires having processes, applications, security, and other functions in the cloud — where workers can access the information and tools they need no matter where they’re working. And the network needs to be easy for employees to deploy without the help of on-site IT.
• Collaboration: The need for collaboration between employees doesn’t go away in a hybrid work model. The ability to work together on projects and solutions is still critical for business success, and the right collaboration tools can have an extraordinary impact. According to a McKinsey & Company study, digital collaboration has the potential to unlock more than $100 billion in value. The study cites productivity boosts of 20%-30% in collaboration-intensive work processes such as root cause investigations, supplier management, and maintenance.

Cisco solutions empower manufacturing workers at home, in the factory, or anywhere else they need to be. If you want to explore using hybrid work technologies to support your manufacturing business’s digital transformation, let our experts guide you. Start by reading our simple guide for getting started, Must haves for Hybrid Work in manufacturing, and then talk to one of our experts who are always ready to help.

The post 3 Must-Haves for Success in Implementing Hybrid Work Models in Manufacturing appeared first on Cisco Canada Blog.

In March of 2022, the Canadian Medical Association (CMA) warned that Canada’s health system was on life support and that “health workers across the country were sounding the alarm that Canada’s health care system is collapsing.” Along with exhaustion and burnout inflicted by the pandemic, “health care workers now face both massive system backlogs and a shortage of colleagues to cope with demands.”

The CMA also recommended that “the health system must be re-imagined to respond to the needs of patients in an aging society, and that health care environments must be transformed to be responsive to workers within it.”

Since the pandemic began, 18% of healthcare workers have left their jobs, citing burnout as one of the top reasons. And four out of five say a shortage of medical professionals has impacted them. The CMA reports that nearly 46% of physicians in Canada are considering reducing their clinical work in the next two years.

The reasons for this burnout and attrition are complex, yet we can all play a role in helping to improve the situation.

Patients can show more kindness and tolerance, and both technology companies and healthcare organizations must – as the CMA recommends – “re-imagine” how healthcare can function.

A solution to burnout

Hybrid work technologies that enable services like telehealth and virtual meetings came to the rescue during the pandemic when patients and healthcare workers alike had significant reasons for not meeting in person. Technology adoption that might otherwise have taken years saw mass adoption in months.

Virtual technologies do more than address patients’ need for medical assistance without going to a medical facility. These technologies also allow healthcare workers to easily communicate with each other and tap medical experts in other locations. Team meetings, which can be critical for morale and quality of care, are now more accessible thanks to virtual technologies that allow workers to be where they need to be.

Healthcare workers can securely access patient information as needed, reach out to colleagues for input, and access mental health assistance from anywhere, anytime.

Providing flexibility

Hybrid work in healthcare reduces frustration and burnout among healthcare workers by allowing flexibility in how they work. Healthcare workers face the same problems as everyone else — and then some. They have families to protect, they have children who were out of school for months during the height of the pandemic, and they still have to quarantine at home now and then based on potential exposure.

With telehealth and virtual meetings, healthcare workers (like the rest of us) can continue doing their jobs and ensure their coworkers are not overwhelmed by understaffing. The right technology can provide secure, compliant, and data-driven patient care no matter where the healthcare worker or patient is located.

Mobile healthcare

Hybrid work allows healthcare organizations to take advantage of opportunities to empower their teams to do their job anytime and anywhere — solving problems on the fly.

A nurse visiting a patient in their home can access physicians virtually for critical input, and a hospital no longer needs to be a physical place. A bus or van set up as a clinic can travel to where help is required, reducing strain on the medical system. Physicians are empowered to attend to patients in multiple locations from wherever they most need to be.

What’s required to deliver optimal solutions

The key to creating an optimal hybrid work environment is having the right technology in place. There’s no room for unreliable WiFi or complicated apps that hinder simple and secure communications. Decision-makers must keep three things in mind:

• Budget: Investment in hybrid technologies should be a priority in planning for the future of any business, and the right technologies will support the growth and evolution of a healthcare organization. Decision-makers must follow a financial route that’s flexible and meets budget requirements.
• Security: The healthcare industry deals with a tremendous amount of sensitive personal information, and assuring the security of that data is paramount to the success of every healthcare organization. The technology selected must meet the highest standards for data security.
• People: First, the needs of the people who will be using the technologies that are put in place must be considered carefully. Second, to make optimal technology decisions, having the right experts on board is critical to ensuring the right solutions are selected to support future success.

When designing a strategy for the future of your healthcare business, don’t go it alone. Tap experts who have helped countless health organizations find the right solutions that work with their current systems. Explore the status of the healthcare industry and the technologies that power the future of healthcare.

Cisco is here to help you find the right solutions. Hybrid work is not a one-size-fits-all set of tools. Let our experts help you make the best technology decisions for your business.

The post Hybrid Work Technologies Help Healthcare Workers Tap Resources and Reduce Burnout appeared first on Cisco Canada Blog.

Canadians were looking to stay connected to a wide array of services, while accessing them in safe, virtual ways. Organizations had to quickly evolve, putting in place the right tools — from the network technologies, to collaboration software and security solutions — to deliver a seamless, secure experience for everyone.

At Cisco we understand the nuances of how public sector organizations operate. Every organization is facing its own set of challenges and unique opportunities — and as we reflect on the past 16-months, here are a few IT trends to ensure these organizations are prepared for whatever comes next.

• Creating better user experiences: More than ever, people are looking for instant and intuitive access to digital platforms. In fact when it comes to accessing government services in particular, a recent report found that 8 in 10 Canadians think navigating those services would be simpler with more digital tools. Whether it’s trouble accessing the information they need or making sure their information is safe, ease of use, flexibility and security when accessing government services online is critical for the end-user.
• Doubling down on end-to-end security: As IoT devices become the norm and organizations adjust to a hybrid working environment, the risk of security breaches and ransomware attacks are on the rise. Now is the time for organizations to put security on the forefront, not just updating their tools — like enabling multi-layer security solutions to protect networks — but rethinking their security philosophy to adopt a Zero Trust approach.
• Supporting infrastructure modernization: As public sector organizations have accelerated their digital transformations over the last year, they have also started to facilitate the modernization of their technology infrastructure, allowing them to deliver effective and connected services. But there is still more to do to ensure all the pieces — from the hardware itself to data analytics and security — are working together to deliver an accessible and effective environment for all users.

The stakes were set undeniably high for public sector organizations over the course of the pandemic. From ensuring citizens have access to vital services, employees could work safely and securely while remote, and that operations could run as smoothly as possible, it certainly wasn’t business as usual. But it also highlighted the vital role various technologies play in keeping people connected, working and secure.

To learn more about how to ensure success in your virtual sales organization, read more from the Virtual Sales Vantage Point series here.

About the North Star program

In a year unlike any other, Cisco’s Global Virtual Sales and Engineering (GVSE) team has risen to the challenge of remote work, developing out-of-the-box solutions to solve our customers’ challenges.

To recognize the true teamwork the GVSE organization has demonstrated this year, we’re highlighting outstanding work from team members every month as part of our North Star Club. From winning a tough deal to going the extra mile for their teammates, North Stars have adapted their approach to virtual selling to best suit the needs of our customers and their team.

The post North Star Stories: Preparing public sector organizations for what comes next appeared first on Cisco Canada Blog.

Given the rate of change that we’ve seen over the last year, it’s difficult to say what’s to come. What skills will be in demand over the next few years? What industries will come out on top? When might we have to pivot again?

While you can’t predict the future, you can prepare for it. Here are a few lessons from the past 15 unpredictable months to help sales teams succeed in the future — whatever that might look like.

Don’t get too comfortable

If this last year has taught us anything, it’s not to be tied down with processes and ways of working. We often found the most success when we were listening and reacting to our customers’ needs, working quickly to find out-of-the box solutions for them.

Now, as many organizations are starting to return to in-person work, they’re once again faced with uncertainty about what this hybrid world could look like. There’s an opportunity for sales leaders to act as valuable partners through this time of change, listening closely to understand the challenges of customers, and reacting quickly to support them as they look to create a better, more resilient workforce.

Short stories shorten sales cycles

People are distracted. From extra work, to family duties, to a global pandemic — getting the attention of a prospective customer is more challenging than ever. So, how can you improve your odds? Tell stories that stick. Listing off product features and functionalities can only go so far. Instead, wrapping these benefits into a concise, outcome driven story that will make it much more memorable for the customer.

Meet your team where they are

The speed of digital transformation needs to be embraced by sales teams just as much as it has been by customers. That’s why it’s just as crucial to apply this understanding within your team. While it would be great to be in the same room, we have so many tools at our advantage to ensure that our teams are set up for success exactly where they are: at home.

Some ways you can engage and support your team remotely include:

• Hosting weekly check-ins with your team to discuss highs and lows of the week, in addition to upcoming deals;
• Creating a group space where you can crowdsource questions and answers; and
• Keeping the camera on for internal team catch ups. This encourages face-to-face conversations so that you can get the full picture — like facial expressions and body language — of how your team is really feeling.

Train for the new normal

To fully embrace the future of virtual selling, you need to be well versed in the new ways of working, reaching customers and quantifying your sales processes. How do you go about doing this? Train for the new normal.

From ensuring teams understand how to take advantage of integrated systems and tools, to how they can leverage data and insights to personalize and more meaningfully connect with potential and existing customers, training for this new era of virtual selling is crucial. As more customers are taking a digital-first approach to purchasing and sales teams are increasingly crunched for time, understanding what tools are at your disposal — and how to use them — will be key in finding, connecting and building long-lasting relationships with customers.

There has been a lot of change within the last year. Across nearly every industry, teams have needed to adapt, adjust and overcome to embrace the new normal. We now have a huge opportunity to do things better and more effectively than ever before, embracing the future of virtual selling one step at a time.

Read more about how to future-proof your virtual selling with Cisco at the Virtual Sales Vantage Point blog series.

The post Virtual Sales Vantage Point: Four lessons to help embrace the future of virtual sales appeared first on Cisco Canada Blog.

Today, 84 per cent of sales professionals say their digital transformation has accelerated since the start of the pandemic, which makes it clear that virtual selling is here to stay. Understanding the trends that we’ve been seeing in virtual sales can not only help us to understand what comes next, but the best way to handle it.

As we’ve adjusted to these new realities, we’ve been able to pinpoint the trends that work, leveraging all we can to offer flexible solutions. Here are the five top trends in virtual selling that I’ve seen over the last year:

1. The tools we’re using:

Now’s the time to rely on sales tools to help you reach your customer. Using video or market intelligence tools can not only support you as you reach out to customers, but overall improve the customer experience.

• All about video: Whether through a video call or a short, instructional video over email, video can speed up initial touchpoints with customers so that interactions can happen faster and more effectively than ever.
• Automating the process: Sales automation tools can help to streamline time-consuming tasks, keeping your sales team focused on interacting with prospective customers. Tools such as Outreach can help sales teams to increase productivity, generate more sales opportunities, and beat your sales goals.

2. Engaging your team

One of the biggest changes we’ve witnessed this year is how teams have been separated in order to work from home. While this will likely stick long after the pandemic, the way that we’ve engaged, interacted and supported our teams has done a full 180.

As employees are quickly burning out, facing challenges in their personal lives, and more generally, living through this pandemic, it’s now more important than ever to carry and support your teams as people — not just co-workers. Caring about people first and business objectives second, while interacting with a touch of empathy can go a long way in ensuring your team’s performance comes out on top.

3. The right skills for the job

While many of the selling fundamentals remain the same from virtual to in-person sales, there are new, unique skills that you need to add to your toolbelt when it comes to virtual selling.

• Communication: The days of meeting up with prospective clients are long gone. Today, you need to be able to communicate effectively and efficiently through a screen. Whether through video calls, voice calls, e-mail or direct messages, now’s the time to brush up on your virtual communication skills.
• Business knowledge: We’re no longer in the business of selling products. Today, we’re selling solutions. Understanding your customer’s business challenges and their industry overall will not only put you above competitors, but help you to offer the best solution for your customers’ challenge.
• Empathy: No matter what it is that you’re selling, you are doing business with people. This means that no tool, skill or technique can match the impact of showing empathy, especially when selling virtually.

4. Interacting with customers:

Today, B2B buyers report spending exceedingly little time with sales reps. In fact, only 17 per cent of the total purchase journey is spent in such interactions. The reason? Customers today are constantly exposed to endless amounts of information. This means that it’s more important than ever to customize the way you approach prospective customers, offering fully tailored solutions. Get to know exactly what your customer is looking for, so that when you have an opportunity to get in front of them, you’re selling a solution that sticks.

5. Joining forces with Marketing

Marketing is now driving much more of the customer journey, from prospecting them through data intelligence, tailoring their experience by customizing their sales journey or meeting customers where they are, through social media or SEO. As we continue to reach the customer through digital channels, it’s more important than ever for sales and marketing to join forces and offer the best experience for customers.

As customers’ buying habits are shifting to soft products, such as software or licenses, we need to adapt to their needs. Now that we know the ins and outs of selling virtually, it’s more important than ever to leverage what we know to be more successful, agile and resilient.

Read more about how to future-proof your virtual selling with Cisco at the Virtual Sales Vantage Point blog series.

The post Virtual Sales Vantage Point: 5 Trends in Virtual Selling appeared first on Cisco Canada Blog.

Having a foundation of passionate people at Cisco has been a key factor in our success over the last year, despite the challenges of working and living virtually. That success includes supporting healthcare providers delivering care virtually via Webex and building out IT infrastructure in field hospitals, ensuring continued access to youth mental health services with the Child Development Institute, maintaining access to learning and mental health resources for students in the remote North, and making an impact in our communities through programs like the City of Toronto’s Digital Canopy.

But the foundation for this success didn’t happen overnight. It started with creating a conscious culture – an intentional focus to cultivate the skills and talent of our team – whether in person or remotely.

Here are a few lessons for organizations looking to reimagine culture in a virtual world.

Create a conscious culture

A strong culture is linked to higher rates of productivity, less stress in the workplace, and increased employee morale. At Cisco, our conscious culture is the glue that holds our business together; it’s what guides and unites us. At its core, it’s three pillars:

• Environment: An environment of dignity, respect, fairness and equity is the foundation of any thriving culture.
• Characteristics: From the CEO to the leadership team, organizations can provide signals about what’s important. Cultures are molded by a company’s beliefs, behaviors, rituals and principles.
• Experience: A company’s characteristics work in combination with the direct experiences an employee has through their manager, team and work they do – day-in and day-out.

Culture exists whether it’s good or bad, so it’s crucial for organizations and their leadership teams to manage the work required to create the culture they desire. At Cisco, that means employees of all levels understand the importance of everyone being aware – being “conscious” – of the environment they’re part of, and feeling accountable and empowered.

Continue to develop your people and teams

When Cisco went completely virtual last year, our investment in our people didn’t stop. We’ve continued to build on their existing strengths, communicate clear career and performance expectations, and have provided ongoing opportunities for learning and development. Through initiatives like The Multiplier Effect and our inclusive hiring practices, we strive to implement workforce practices that engage the full spectrum of diverse talent at Cisco.

Our passionate people are the foundation of our success. Organizations looking to reimagine their culture in today’s virtual – and soon to be hybrid – world need to prioritize how they invest in and enhance their employee experience.

Prepare for the future of hybrid work

The remaining piece of the virtual puzzle is how we bridge remote work with an eventual return to the office. Working from home is not for everybody, especially all of the time – even in a technology organization like Cisco.

Organizations need to start planning for how to move forward. Whether it’s establishing flexible working arrangements or ensuring a safe return to the office. Keep open lines of communication with employees and build in flexibility. What works for one employee might not work for the next, and individual needs might change as time goes on.

We know that managing a hybrid workforce will be an entirely different challenge from the shift to remote work. However, we now have a unique opportunity to fundamentally improve how people work in-person and remotely, and prioritizing people and culture will continue to be table stakes for success.

To learn more about how to ensure success in your virtual sales organization, read more from the Virtual Sales Vantage Point series here.

The post Virtual Sales Vantage Point: Developing culture & talent in a virtual world appeared first on Cisco Canada Blog.

However, as vaccination rates continue to rise in Canada and the rest of the world, analysts are predicting that we are on the cusp of one the largest upturns in the last 100 years. For customers, this means continuing to invest in digitization, particularly as some employees return to a physical workplace and others continue working remotely. Partners, on the other hand, will need to make sure their teams – from sales, marketing, and enablement – are ready to support them.

As marketing and sales teams prepare, here’s what they need to keep in mind to remain relevant to customers.

New customer habits are here to stay

Pertaining to virtual selling, not much has been left unturned over this past year, instead of the traditional sales process, customers are now exposed to digital marketing early on in their customer journey.

The Gartner Future of Sales 2025 report predicts that by 2025, 80 per cent of B2B sales interactions between suppliers and buyers will occur through digital channels.

Not only that, but buyers typically only spend around 17 per cent of their purchase journey with a sales representative, meaning that more than ever, digital-first marketing is critical.

We’ve seen how customers’ buying habits have shifted dramatically over the course of the pandemic, and this is bound to continue well into the future. The challenge for sales organizations will be to prioritize this move to digital, or risk leaving behind the digital-first customers, which makes up so many buyers today.

Sales teams need to leverage their digital marketing know-how to drive customer engagement and offer a customer journey in line with the way customers are buying today.

Get sales and marketing teams future-ready — no crystal ball required

As the economic opportunity of a lifetime looms on the horizon, ensuring sales and marketing have the tools, processes, and skills in place to meet this pending opportunity will be crucial. Not just to remain relevant to customers, but also to ensure your organization’s long-term profitability.

Not only are digital customers here to stay, but we also now have more insights into their behaviours, their interests, and their careabouts than ever before. Teams need to be ready to leverage these insights and analytics to get a more nuanced understanding on where customers are in their journey, and once again, act with speed to support them.

But that won’t be enough to seize this opportunity. Differentiation will also be key to unlocking profitability. That means sales and marketing teams will need to increasingly focus on emphasizing the unique value their organizations offer across various product lifecycles — whether it’s the cloud, collaboration, or security – to ensure their profitability both today and in the future.

Rethinking the future of sales

Sales today isn’t quite what we thought it would be prior to the pandemic, accelerating the move to virtual for both customers and sellers alike. As we think about what the next five years have in store, we need to ensure virtual sales teams are equipped with the right resources and skills, so they can respond to changing customer needs with vigor and know-how.

We recently announced new additions and changes to Marketing Velocity that will help sellers differentiate themselves from competitors, reach more customers, create more value, and ultimately drive a better customer experience. From Marketing Velocity Voice, where partners can network and connect and elevate their marketing practices, to Marketing Velocity Central, where teams can gain access to Cisco-led and on-demand webinars that accelerate demand generation through invitations, webinar syndication and post-event follow up.

The customer journey is evolving, which means to stay relevant, agile, and profitable, sales teams need to follow suit. Read more about how to future-proof your virtual selling with Cisco at the Virtual Sales Vantage Point blog series.

The post Virtual Sales Vantage Point: Supporting sales and marketing meet the economic opportunity of a lifetime appeared first on Cisco Canada Blog.