IT Analysis
Cisco must reassure customers


The growing number of hacking attacks against products from leading network security firm Cisco may irreparably damage customers’ confidence in the vendor, says Martin Courtney.

IT Analysis

In the absence of evidence to the contrary and any definitive statement from Cisco, there is no reason to doubt reports that the source code to the firm’s IOS 12.3 router operator system was stolen earlier this month.

But the ensuing debate about whether that source code could be used by hackers to attack the millions of Cisco routers that currently inhabit carrier and enterprise networks may be missing the point.

What may prove more damaging for a firm that sells network security products is that its own network and intellectual property were successfully compromised, which hardly inspires confidence among existing or potential customers.

Cisco, like Microsoft, is very much a victim of its own success. Hackers target the networking giant because they know that attacks against Cisco routers will have the maximum impact possible.

It is possible to feel some sympathy for any company that seems to constantly take all the flack. But Cisco is well aware of its leading position in the market, and knows that it, of all networking vendors, needs to be especially vigilant.

There is no doubt that while they have so far maintained a conspicuous silence, Cisco’s competitors will, behind closed doors or in the privacy of conversations with customers, be having a field day. Such a high-profile disaster befalling their biggest competitor – Cisco has around 64 percent of the global core router market according to analysts’ estimates – can only be manna from heaven for the likes of Juniper Networks, Foundry Networks, Lucent, Nortel and Alcatel among others.

All of which are queuing up to accommodate any disgruntled Cisco customers that may happen their way – a task which is perhaps easier when a mishap of this magnitude happens to a firm that already has a reputation, whether deserved or not, for arrogance and inflexibility when it comes to dealing with customers and partners.

It is inconceivable that Cisco is not already reassuring customers and informing them how to combat any threats resulting from vulnerabilities exposed by IOS theft. For obvious reasons, the vendor may not want to do this in the public eye. But irrespective of whether any serious vulnerability can be quickly rectified or not, has customers’ trust in Cisco been irreparably dented to the point that next time they decide to buy a new router, Cisco will not automatically top their lists?

A recent report from analyst firm Burton Group says that Cisco has made great progress in improving network security tools, and it suggests the future of network security at Cisco is bright. What Cisco now needs to do is to make sure its customers know it is at least striving in the right direction