Mitigating risk of ransomware attacks Ransomware is a type of malware that allows a hacker to encrypt an organization’s data, preventing users from accessing files or databases until a ransom is paid. Ransomware attacks can target a company’s operations, service delivery to customers, supply chain, or end users. To help safeguard Cisco and our customers, we evaluate each of these risk scenarios and work closely with internal IT and engineering teams to identify, understand, and remediate gaps and vulnerabilities that might put the company or our customers at risk. Protecting customers from counterfeit products Cisco is engaged in a decades-long effort to prevent and detect the distribution of counterfeit products. We do this by embedding security tools in Cisco products that validate their authenticity and educating customers about how to protect themselves. To stop bad actors, we employ strategies to detect potential compromises and partner with law enforcement and government agencies to investigate and disrupt counterfeiting operations. How Cisco engages in security and privacy Cisco connects across the public and private sectors and with the next generation of potential industry talent to help improve the world’s overall cyber posture. Here are a few of the many ways we engage: Government organizations ● Raising concerns when government legislation could potentially impact the security or privacy of technology. ● Spearheading agreements to share threat intelligence with select organizations, such as NATO and Interpol , to jointly fight cyber crime. ● Encouraging standards organizations to accelerate the advancement of technology engineered with security and privacy by design and trustworthy technologies built in. ● Providing comments and input on draft privacy legislation to enable global interoperability. Industry peers ● Participating in industry working groups and international standards bodies to help develop better collective cyberresilience strategies and privacy practices. ● Investing in a Center of Excellence and Co-Innovation to focus on security and privacy. ● Publishing new research and leading practices in Cisco’s Trust Center to share what we have learned with the public. ● Participating in industry events such as Cybersecurity Awareness Month , Data Privacy Day, and Privacy Awareness Weeks in multiple countries. Talent ● Working with global universities on research projects and programs dedicated to the enhancement of security and privacy. ● Making multimillion-dollar, non-directed grants to higher education institutions to fund research and support internships on security and privacy topics. ● Teaching security and privacy courses to students around the world through Cisco Networking Academy and working with higher education institutions to develop security and privacy curricula. FUTURE INTRO POWER INCLUSIVE 2021 Cisco Purpose Report | csr.cisco.com | ESG Reporting Hub 19