Wednesday, 20th October 2021

Digitalisation World Q&A – Business Resilience

By Adam Philpott, EMEA President, McAfee.

1. How should enterprises adapt their approach to cybersecurity in the new normal?

As we prepare for the 'new normal', it's vital that organisations adapt their approach to cybersecurity to overcome the security obstacles that come with hybrid working and ensure business resilience. Many employees will continue working remotely to some extent, and it’s important that businesses provide staff with a secure and efficient method of accessing internal apps in the public cloud or data centre - enabling secure 'work from anywhere' practices.

In the new normal, we’ll also see blurred lines between online activity on corporate and personal devices from staff working remotely. To keep cyber attackers at bay, it’s vital that organisations go beyond establishing baseline protocols to create and maintain a secure environment for employees. This includes educating their workforce on best practice, such as questioning whether a link looks suspicious and reporting any activity they’re unsure about, both at home and in the office.

In addition to this, it is critical that businesses educate their workforce on best practice when it comes to cyber hygiene and adopt a Zero Trust mindset. This means that organisations can maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary - all without compromising experience. This approach will allow businesses to enjoy the benefits that come with hybrid working, knowing they're taking the necessary steps to protect their organisation, no matter where employees are working.

Lastly, but by no means least, organisations should consider deploying risk intelligence to prioritise threats, predict which malware campaigns will be launched against them and pre-emptively improve their defensive countermeasures. This is particularly important as we continue to see a rise in cyber threats – at the end of last year our researchers detected 648 threats per minute, and this number is only continuing to rise. By taking these pre-emptive measures, organisations can get ahead of adversaries and ensure corporate systems remain secure while navigating the new normal.

2. Why is taking a Zero Trust approach to security important for businesses?

Zero Trust arms organisations with a more comprehensive approach to IT security and network defences by allowing them to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. Adopting a zero trust mindset essentially means that businesses should trust no one – for example, not trusting anything inside or outside of the network by default.

As the cloud continues to gain prominence in business operations, identifying who and what should be trusted within an organisation’s networks is becoming increasingly difficult for IT and security teams. This is where a Zero Trust mind set comes into play, as it allows teams to reduce the risk of their cloud and container deployments, while also improving governance and compliance.

With a Zero Trust approach, businesses are able to continually detect and verify threats, and therefore stop them before intrusion occurs. By designing Zero Trust capabilities into business processes and systems, businesses can increase visibility across their network, continuously monitor and respond to signs of compromise, reduce architectural complexity and prevent data breaches. This will improve overall organisational security, while ensuring that user experience remains consistent.

3. When it comes to cybersecurity best practice, why is taking a collaborative approach to security important?

When looking to ensure best practice across the industry, transparency and accountability are crucial. A shared responsibility model of security is therefore very important. This involves a layered defence where organisations address each part of the “stack of responsibility” individually, yet they all interact together as a complete framework.

Securing data in the cloud is ultimately a shared responsibility that doesn’t fall solely on one party. From cloud service providers to end users, each element of the “stack of responsibility” has an

individual part to play, but they all interact together. Taking a collaborative approach and using a framework to standardise investigation across cloud services and on-premises infrastructure is crucial if we are to meet today’s complex security challenges head-on. When implemented correctly, cloud is the most secure place to do business and an incredible driver of business growth, innovation and resiliency.

Failing to adopt a shared responsibility model across the sector will ultimately lead to a higher level of risk and poorer overall security. Without a clear understanding of responsibility and a collaborative approach, IT will not have a comprehensive view of systems required to keep track of all data and potential threats. At the end of the day, limited visibility means limited security.

It’s hard to imagine a time when Internet connectivity was such an important commodity in our everyd...
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source E...
Where should cloud-centric organisations focus data protection? By Anurag Kahol, CTO, Bitglass.
The most crucial part of any cloud native journey is learning about cloud native security early on i...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten businesse...
Zero trust security clearly offers the most efficient and cost-effective way to secure the everywher...
The Open XDR movement is gaining traction. By Brian Foster, Vice President of Product Management...
Every increment in understanding and collaboration around the stack, delivery, governance and empowe...