Once again, a professional company is hacked
Cisco with all its resources and egghead staff could not (or did not) prevent this. No doubt Cisco has 24x7 computer/network security staff. They caught it after the event. It's the equivalent of some burglars getting in, the alarm goes off, the security mob comes running, but the burglars get away with a load of loot. The specifics don't matter, there *always* seems to be a way in. It doesn't matter how many times Cisco prevented access if the bad guys get in once. They will probably get in again.
Is there *really* much hope for smaller companies to prevent this happening to them? Surely it is time to stop talking of "computer security" and instead consider that computers (in general, including networks) are insecure? Efforts to prevent unauthorised access will fail. It is only a matter of time.
The fact that you haven't been hacked offers a few possibilities: 1. You're not important enough (time is money to the bad guys too). 2. There are easier targets. 3. You have been hacked and you don't know about it. It doesn't mean that you are secure.
Maybe it is time to keep data in air-gapped silos. If you want access to accounts, you have to go to the accounts room because that is where the data is. Etc.