Cisco recently disclosed a data breach in which a hacker, posing convincingly over a phone call, tricked a company representative into granting access to a third-party database. Classified as a vishing (voice phishing) attack, the breach exposed basic profile information of users registered on Cisco.com. While the company confirmed that cybercriminals were able to access and export user data, it has not revealed the number of affected users.

This incident underscores a worrying trend: vishing attacks are on the rise and are proving just as dangerous as email phishing. For enterprises, the key takeaway is clear—security must evolve beyond technology to include processes and human vigilance.

Here are six critical lessons from the breach:

Deepfake readiness is essential
Enterprises must prepare for the increasing sophistication of social engineering, including deepfake-enabled vishing, through cultural, process, and tech-level interventions.

Zero Trust is non-negotiable
No user or device should be inherently trusted. Continuous identity verification, least-privilege access, and multi-factor authentication are vital, even for internal requests.

The firewall is still the frontline
Despite advanced detection tools, a robust firewall remains a foundational defence against evolving cyber threats.

Don’t trust the voice on the line
Treat calls with the same suspicion as phishing emails; verify before acting.

Prevention beats disclosure
Early disclosure limits damage, but layered prevention strategies are the real shield.

The human factor is the weakest link
Continuous employee training, awareness programs, and simulated social engineering drills are essential to turning people into the strongest line of defence.

(With inputs from Muqbil Ahmar)

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!