By Elliott Wilkes, chief technology officer at Advanced Cyber Defence Systems.
When the Covid-19 pandemic began, and the initial lockdowns were imposed, businesses faced the urgent need to resume operations, even in remote work setups. Ensuring the continuity of business activities became the top priority for many organizations during this uncertain time.
However, in their haste to enable remote work, businesses often had to compromise their security strategy and security measures. Remote access tools like VPNs (virtual private networks) became overwhelmed by the sudden influx of users who required quick user access to business systems and applications. As a result, security protocols were relaxed in favor of maintaining business as usual.
Unfortunately, this temporary loosening of security guidelines was never revisited and rectified, leading to the accumulation of security vulnerabilities that organizations, regardless of their size, are still carrying today, months or even years later.
Challenges In Securing Personal Devices In Remote Work Setups
In many cases, improving security measures comes at the expense of user-friendliness. Conversely, organizations that adopted bring-your-own-device (BYOD) policies to facilitate work using personal phones and laptops have encountered significant challenges in ensuring adequate security.
To mitigate the inherent risks associated with BYOD, organizations should consider investing in organization-provided devices, replacing the reliance on personal devices. This transition would help reduce potential security threats and enable better remote user and device access, management and monitoring.
During the height of the Covid-19 pandemic, another significant issue that came to light was the outdated perception of networks and network security held by many organizations. The conventional approach to their corporate IT networks involved a strong emphasis on network perimeter defense but lacked robust controls and security measures once users crossed the initial access threshold.
This approach was developed during the early days of the internet, however, with the advent of cloud computing and software-as-a-service delivery models, the traditional mindset surrounding networks must evolve into what is known as the zero trust security architecture model.
The Zero Trust Security Model: A Paradigm Shift
In 2009, Google experienced a highly sophisticated attack known as “Operation Aurora.” The breach was so severe that Google was compelled to rebuild its entire infrastructure from scratch, starting with a completely clean server.
The resulting security changes implemented by Google became known as the “zero trust” model. Rather than relying on a corporate IT network isolated from the public internet, where user identity is only authenticated once, Google developed a zero-trust network access using a series of services accessible via the public internet.
Each of these services employed robust authentication methods for users and devices with a passport control system at every crucial checkpoint along the user’s journey.
Adopting zero trust principles, with strong authentication measures implemented at multiple stages, is crucial for ensuring comprehensive security in today’s interconnected and dynamic environment.
The New Normal For Organization Security
The new normal should prioritize organizations investing in robust tools and services to authenticate users and their devices, ensuring their true identities. Identity and access management services play a crucial role in this journey by continuously evaluating the validity of users, their accessed data and access characteristics.
They detect irregularities such as unexpected geographical locations, outdated devices or unauthorized data access requests. Protecting and managing admin accounts and access control is a particularly important area for companies to focus on, especially in remote scenarios.
A highly effective starting point for businesses of all sizes to enhance their cyber resilience and trust security model is the adoption of strong multi-factor authentication (MFA), also known as 2FA or 2-step verification.
While SMS-based second-factor authentication has proven susceptible to spoofing and compromise, the most secure approach involves hardware tokens like YubiKey or Titan, which employ cryptography to validate users. However, any form of MFA is better than none, so if immediate implementation options are limited, it is advisable to choose the quickest option and gradually scale up to more secure alternatives.
The Rise Of Passwordless Authentication
An exciting recent development is the rise of passwordless authentication, supported by companies like Google, Microsoft and Apple. They have collaborated to establish standards that enable browsers and apps to store cryptographic keys for website logins called “passkeys,” eliminating the need for passwords. Google’s recent announcement regarding its support for this approach is just the beginning, with other companies soon to follow suit.
It will be crucial for businesses to update their websites accordingly, embracing this highly secure form of authentication that resolves the challenges associated with passwords, such as password reuse, which is a prevalent cause of numerous cybersecurity incidents.
Incident Detection And Response: Shifting Perspectives
Since business systems and networks are managed by humans and are susceptible to human error, it is essential to shift the conversation from perceiving a breach as a failure to focusing on how to respond effectively and minimize damage in the event of a breach. Building a robust incident detection and response team within a business is a vital indicator of resilience and organizational maturity.
In addition to security teams following best practices such as regular network and device scanning for vulnerabilities, both internally and externally, companies should also invest in intrusion detection services and software. These tools assist in identifying abnormal behavior and monitoring systems, serving as crucial lifelines to isolate breaches and ensure business continuity even after a successful attack.
Another critical aspect is proactively preparing for a breach before it occurs. Many companies often find themselves unprepared when faced with a breach of sensitive information. Therefore, organizations of all sizes should conduct basic exercises to establish clear lines of communication and decision-making authorities.
This enables swift and decisive action to limit the damage caused by a breach or ransomware attack on a private network. It is also important to involve relevant government authorities such as the NCA (National Crime Agency) and NCSC (National Cyber Security Centre) in the UK and CISA (Cybersecurity and Infrastructure Security Agency) in the U.S., as they can provide support and insights in such situations.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Read the full article here