Is WFH going to change the way I secure my IT?
The McKinsey report, The future of work after COVID-19, noted that before COVID-19, the largest disruptions to work involved new technologies and growing trade links. COVID-19 elevated the importance of the physical dimension of work, and the extent to which changes to how work gets done because of the pandemic.
As societies and industries adjust to the reality that COVID-19 may be here to stay, as what happened with the influenza virus, governments and businesses will need to assess to what extent their security strategies and postures will need to be amended to reflect the new way of working.
Gary Gardiner, head of security engineering, APAC & Japan at Check Point Software Technologies, shares his thoughts on the influence of the work from home movement on how IT security professionals are re-evaluating approaches to enterprise-wide cybersecurity.
How is the WFH model going to change the way I secure my IT?
Gary Gardiner: The focus for security teams has been made more complex from the days of layering defences, patch management and bubble-wrapping all-critical assets/users.
WFH has changed the game drastically, where your assets have gone into a mist (called the cloud) and you could no longer realistically confine your users within your iron fortress.
The main game-changer in WFH is that the frontier has made reliable user identity and endpoint management the new key consideration, on top of the traditional focuses.
One of the key challenges facing organisations in a hybrid work environment is the intensity of cyberattacks rather than the exposure to new vulnerabilities.
In fact, our 2021 Remote and Hybrid Work Security Report revealed that the top breach and attack vectors since COVID-19 are data infiltration and leakage (55%), phishing emails (51%) and account takeover (44%) since the shift to remote work.
Even the threat actors know that the once limited confines of access to users are now (even more) open for grabs.
Further to this, IT and security professionals identified scalability (46%), privacy (42%) and supporting BYOD (40%) as the top administration challenges with remote access. As a result, we are witnessing an increase in ransomware, supply chain attacks and zero data attacks globally.
Take, for example, the Sunburst attack, believed to be one of the most sophisticated and severe attacks ever seen in the wild, followed by the “Hafnium” (aka Microsoft Exchange server) attack and the Colonial Pipeline attack.
These vulnerabilities cause IT and security professionals who are faced with the relentless discovery of new exploits, to constantly race to patch and fix the cyber incidents. However, patching external facing systems is not enough in this new normal.
There is now a need for IT and security leaders to protect the ‘soft’ areas such as employees and assets from vulnerabilities which means securing all users and endpoints.
What should my cloud management strategy be?
Gary Gardiner: Here are the top strategies to ensure cloud security:
- Consolidated threat prevention cloud tools: Cloud security is much more complex than traditional on-premises security because instead of one perimeter (the network link connecting your company to the internet), you now have multiple perimeters, including each cloud computing service, each employee and access role accessing those services, each new data storage and each different workload or application operating in the cloud.
While each cloud provider has its own security services, there are thousands of 3rd-party vendors providing cloud security solutions to complement and enhance them. The addition of such “point solutions” to your organisation has requirements on staffing, training, deployment, integration, and maintenance.
The more point solutions are implemented, the more complex it gets to manage security. Evaluate cloud security solutions that cover the broadest range of capabilities instead of multiple solutions with narrower functionalities- as this will give you a broader range of security with less to manage. - Centralise visibility: Visibility is particularly important in cloud security, because you can’t secure what you can’t see. With so many different resources running across multiple public and private clouds, visibility becomes an even greater issue. Implement a cloud security solution that will also provide you with broad visibility across your environments, and leverage on well integrated Artificial Intelligence (AI) and Machine Learning (ML) engines to help you act on the alerts that matter. This integration will also help identify blind spots where hackers often lurk.
- Perform regular risk management exercises for every possible and impossible cloud security solution. Disaster recovery is the new normal. Refer to the example of Gas South, who suffered from power outages and needed to ensure scalable and secure remote access for their call centre employees to their cloud provider.
They were very pleased that they could offer their employees the benefit of working one day a week from home, and then the coronavirus pandemic struck and sent all their employees home. Importantly, conduct stress tests to ensure the deployment truly does securely scale without impeding performance. - Trust no one: Adopt zero trust security in everything, including networks, people, devices, data and workloads. Make sure there are security perimeters around each of these areas and that your organisation is only giving access based on minimum permission and privilege levels to both its people and applications.
- Consult with a trusted cloud security advisor in order to benefit from industry best practices and architect cloud security, by design. Cloud security detection exposes organisations to risky and expensive cloud security threats, which cause real danger well before the threat can be managed. Work with a professional fully trained on these threats to implement the best possible solution to protect your unique environment.
How secure are my IT perimeters? Am I doing enough or do I need to scale up?
Gary Gardiner: With remote users connecting to corporate applications on the organisation’s network from anywhere, each organisation’s attack surface is increasingly expanding. It is no longer sufficient to protect the network, businesses need to also ensure they are protected across all vectors including mobile, endpoints and cloud.
Here are some things organisations can do to stay safe:
- Reinforce education and awareness across the company: With remote work, there are increased risks to security management. However, IT professionals at the frontline of protecting organisations from cyber threats and attacks should be working together with security leaders to reinforce education and awareness across all company levels.
Regular communication with simple, concise policies and setting up controls to prevent threats is essential to ensuring employees are compliant while generating user awareness. - Ensure proper security policies and infrastructure: Cybercriminals are fully aware of the timeframe industries can take to identify and remediate; it could take days, weeks, and even months to patch vulnerabilities if organisations don’t have the proper security policies and infrastructure.
Almost half of organisations (48%) consider application protection against cyberattacks and zero-day threats important therefore ensuring there are proper security policies and infrastructure in place can alleviate challenges in securing the hybrid work environment. - Adopt Secure Access Security Edge (SASE) Solutions: With the hybrid workplace taking front and centre stage across many organisations, the important lesson for IT professionals and SOC teams is to leverage unified solutions that will provide valuable protection on multiple fronts.
The responsibility to detect, assess and monitor security threats coupled with several different solutions is never an efficient way to secure business and IT networks.
For this reason, Secure Access Service Edge (SASE) solutions aim to bridge the security, management and performance gaps caused by the digitally dispersed workforce.
The benefits of SASE adoption mean simpler, more efficient management of potential threats and consistent policies with fast access from anywhere at any given time.
This security strategy is an inroad to providing that additional layer of protection for your organisation.
What new threats can I expect in 2022? Are there any unique IT security issues faced by SEA organisations?
Gary Gardiner: A unique issue would be the frequency of attacks. According to Check Point Intelligence, an organisation in Southeast Asia is being attacked on average 1,542 times per week in the last 6 months, compared to just 819 attacks per organisation globally.
This is almost double the number of attacks. As such, IT and security teams need to remain focused on keeping their organisation secure.
Cybercriminals will continue to evolve their methods of attack, and leverage opportunities available to them. It is important to be on guard against large-scale attacks including phishing, zero-day and supply chain attacks, as these will continue to become more common in 2022.
