Saturday, 28th November 2020

It is time to stop trusting and start protecting

By James Taylor, Strategic Development Manager for Cyber Security, Nuvias.

Remote working is now fully ingrained in business operations with over a third of all working adults based at home as a result of the global pandemic. As businesses look to the future, it appears that a return to the office will be slow with most employees continuing to work at home. This news is music to the ears of hackers and cybercriminals. Having such a large proportion of the workforce away from the usual protection and support of an office environment creates opportunities for cybercriminals. So much so, that the National Cyber Security Centre responded by launching a new Cyber Aware campaign and scam reporting service in April. Coupled with the fact that the average data breach takes six and a half months to be uncovered, could mean a big spike in data breaches is just around the corner.

Already, we see warning signs with big enterprises being hit by cyber-attacks. The recent attack on Twitter that saw verified accounts being taken over by bad actors, resulted in a 7% drop in its share price as investors moved away from the business. Twitter, while one of the most obvious examples, is unlikely to be alone in suffering an attack during the pandemic.

Shake up your security

It is not just the shift to working from home that is impacting security; the move to the cloud is also changing how businesses operate. With data increasingly stored on servers in the cloud rather than on-premises, the previous ‘castle and moat’ security model that businesses relied on, has been shown to be no longer adequate. The idea of building ever stronger and better firewalls as a means of keeping criminals and bad actors out is simply not up to the task of protecting businesses that now operate with flexible and highly fluid infrastructure and workforces. To handle this new security environment, a new security model has emerged in recent years, that of Zero Trust.

With a Zero Trust approach in place, each individual user is only given access to the data and services that they need, and nothing more. In fact, unlike a castle and moat approach which enables users to view the whole castle once past the wall, with a Zero Trust solution, users can only see the areas they have been granted access to. The reason for this is due to the Zero Trust model’s core principle that you must verify and cross-examine every single interaction across the IT infrastructure. Using a process such as software-defined micro-segmentation means security teams can isolate users, applications and even workloads, preventing bad actors and cybercriminals from spreading across the entire IT system. This approach dramatically reduces the attack surface, making life even harder for criminals.

Mitigating risk and measurement

Zero Trust not only improves security and protection. By streamlining the aspects of the network employees can see, it enables them to work more efficiently and effectively as it guides their focus area. In addition, the latest Zero Trust platforms such as those offered by ColorTokens offer businesses improved visualisation of their network and infrastructure so that new assets and equipment can be added in and managed, avoiding gaps. By combining visualisation with policy automation, any changes to the IT network can be quickly actioned, reducing the impact on employees without lowering security standards. Finally, security can be fully enforced with the ability to isolate and contain selected groups, which reduces the complexity of managing internal firewalls and access-control lists. Zero Trust is not just about security but also about enabling productivity.

Going even further, more advanced Zero Trust platforms provide the ability to align risk mitigation with financial value. This allows CISOs and business leaders to easily link risk assessment with threat management to better plan, articulate and manage security in a way that clearly aligns to business strategies and goals.

As businesses settle into the ‘new normal’ and a more dispersed way of working, getting security right as a business enabler will be key. The good news is the technology and expertise to support these changes is already here.

By Stuart Reed, UK Director, Orange Cyberdefense.
By Peter Carlisle, Vice President, nCipher Security.
By David Critchley, Regional Director UK & I, MobileIron.
By Elena Molchanova, Head of Security Awareness Marketing, Kaspersky.
By Dror Davidoff, Co-Founder and CEO, Aqua Security.
A recent HP panel discussion sought to provide some answers to this question – topics covered includ...
Pascal Geenens, director of threat intelligence, Radware, offers some fascinating insights into some...
By Mike Kiser, senior identity strategist, SailPoint.