Maksim Kabakou - Fotolia
Security Think Tank: Cyber effectiveness, efficiency key in 2021
After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be selling like hot cakes?
Before embarking on any predictions, the first thing to say is a huge “hats off” to IT teams around the world. Their significant contribution to the recalibration of working life in 2020 saw whole organisations successfully transition to working from home full-time thanks to remote IT networks that were both secure and functional, thereby ensuring minimal impact on business operations.
And even with a vaccine being rolled out, working from home has been established as entirely possible, as well as desirable for many people, even when returning to the office en masse is an option. While the pandemic taught us that nothing can be taken for granted, after a year that raised the profile of “the techies”, it seems fairly safe to say that IT and IT security will play an increasingly visible role in business development in the next 12 months and beyond.
Facilitating safe remote working
Extensive numbers of the workforce operating from home potentially provides cyber criminals with a host of additional channels – virtual private networks (VPNs), Wi-Fi networks, cloud-based services, and so on – to exploit to gain access to sensitive data.
In this quest, they are unintentionally aided by employees using shadow IT – tools and devices that are not centrally authorised, and therefore not secured, by the IT team. Meanwhile, malware attacks and phishing are more likely as a result of the exponential increase in access points; this is combined with employees, understandably anxious and not in their normal working environment, dropping their guard against social engineering tactics.
Combating these risks requires organisations to deploy stronger remote security policies and develop online privacy reviews for new software. From a purchasing perspective, customised firewalls, automatic online backup tools and appropriate antivirus solutions will all be in demand, while anti-phishing tools (supported by greater awareness training) will be more essential than ever.
Simon Persin, Turnkey Consulting
To effectively secure their cyber practices, organisations need to know what devices interact with their business-critical data. Mobile device management (MDM) software monitors assets on a network and can locate and secure lost and stolen devices; applications can also assess the security and compliance of devices, allowing companies to take strategic action to improve their landscape.
Additionally, changes to network architecture may be required. Rather than assuming that each individual is keeping their device protection up to date, increasing the use of zero-trust and access-driven malware scanning will block connections, demand additional authentication and trigger virus scans at the point of access, thereby bolstering the security of remote working.
Solutions that help to mitigate the risk of unauthorised system access will also be prioritised in many budgets; multifactor authentication (MFA) and strong password controls ensure the right people have access to sensitive information.
The administration of servers, databases and applications will often need to be undertaken remotely, which exposes these layers to public-facing cloud gateways. Organisations need to be prepared to invest in privileged access management (PAM) tools to protect key application and server stacks from abuse, misconfiguration, change management violations and threat actors (both internal and external).
Working practices may also change, for example with cloud technology that does not require corporate-to-corporate VPNs; encryption could be downgraded for access to non-sensitive assets such as Microsoft 365 and SharePoint, with this requiring greater deployment of single sign-on (SSO) authentication schemes; a VPN would only be required for activities involving enterprise applications such as SAP.
Automation as workforces are reduced
The economic shock of Covid-19 has forced many organisations to reduce their workforces, which has increased their need to rely on automated services.
Robotic process automation (RPA) was already a valuable tool and the pandemic has only accelerated its deployment to cover critical business processes where human resources are unavailable. Its adoption can deliver significant benefits, but also comes with its own challenges. Scripts need to be accurate, the access appropriate, and controls to monitor the people scheduling the jobs should be in place to ensure that no fraudulent behaviour is occurring while business processes race to catch up with technology.
Already over-stretched functions, including the security operations centre (SoC) and assurance teams, are trying to automate as many tools, checks and alerts as possible.
With the disparate nature of the present working environment, it is impossible to monitor that all network traffic is legitimate and appropriate for the demands of the business. System information and event management (SIEM) technology collates and monitors events, while adding security orchestration, automation and response (SOAR), with its extensive automation capability, helps security teams keep pace and detect any potential threats before they become security incidents.
Measuring security effectiveness
But despite the pressures to continue to operate effectively and securely in an environment with new risks, many organisations will have seen a reduction in budgets available for IT investment in 2021. The always-challenging requirement to “do more with less” will be particularly acute.
Every purchase will need to be justified before it is signed off, and all investments will need to show proven value. This is challenging for IT security, as many organisations judge the success of this budget spend on the lack of security incidents.
Tools that can measure the effectiveness and efficiency of key security processes will therefore become increasingly popular. Identifying where there are bottlenecks in processes, or emerging patterns in non-compliance, often indicate that attention is needed. Real-time data from SIEM applications and ticketing systems provides more concrete grounds for investment, compared with the qualitative risk management processes used traditionally.
Placing a numerical value for the overall risk to the organisation, based on the constituent elements (which are weighted to reflect the specifics of each enterprise), means these quantitative tools provide insight on where to valuably deploy finite resources in mitigation strategies.
Correctly implemented, they allow security managers to prove that investments have been well made, both by showing improvements in parts of the security organisation and through demonstrating the impact of these improvements on the five-year plan, or cyber risk, by tying the measurements into a wider picture. Successful security projects can be quantified and celebrated rather than a lack of hacking being put down to good luck.