We have now passed the stage of emergency policies and procedures being implemented, new technology being procured outside a normal tender and we have determined our businesses tasks that cannot be performed remotely since they require strict supervision. There were a few hiccups, lessons learned, but we are there now! In this blog post, we will look at how some of these major shifts will impact the three pillars of cyber security: People, Process, and Technology.
The expected cloud transformation over the next years has been accelerated, however, it has done so in a way that encompasses remote working at its core — which definitely wasn’t predictable. Indeed, corporate VPNs that were expected to manage the traffic of no more than 20% of employees have been insufficient. Companies have either expanded these or moved to cloud VPNs to access corporate information. In addition, cloud online meetings and collaboration tools had to be bought by many companies, in part due to the network constraints on existing VPN technology.
Certain employers who did not provide the option of remote working, have been forced to implement it. Desktops were shipped to employees’ residencies when new laptops couldn’t be bought and in certain cases, personal devices were employed (a prime example of an increased attack surface!).
Also, as offices emptied, so did the justification for expensive MPLS routes between them. Redundancies and furloughing within organisations created resentment. Simply its risk to employees in a difficult job market has created fear, which leads to unpredictability.
The key changes to the People pillar are the increased risk of insider threats. Indeed, staff behaving in a legitimate fashion will still act abnormally in the eyes of the security tools (which don’t have “pandemic behaviour” data), and therefore any system employing UBA should be adjusted.
Moreover, without face-to-face interactions, it will be difficult to spot resentment amongst employees at a time when redundancies and salary reductions are rampant. Policies and procedures around insider threats that would revoke access and hold devices pending an investigation would not be possible with remote working. For this reason alone, it is recommended to have staff come to the office periodically, to not arise suspicion that an investigation is underway.
Processes have clearly changed due to the new constraints. The obvious ones are remote working and hiring/firing procedures. As mentioned in the paragraph above, justify the need for periodic office working (even if simply once a week).
Technology has shifted towards a zero-trust architecture where cloud Identity & Access Management is key instead of network segmentation/segregation. The shift will lead to different skill sets being required within a company and potentially less IT personnel (which again would be difficult to make redundant in a secure manner in the current climate).
Fortunately, cyber security standards and guidance were not dependent on employees working from offices, these were designed to be flexible. Below are three key recommendations:
The pandemic has accelerated the expected cloud migration but with an unexpected constraint. Several decisions were made outside the normal processes, these changes can increase the risk of cyber attack, and therefore it is recommended to verify they are secure. People’s behaviours have also changed from this pandemic and it may be more difficult to spot the malicious actors within your organisation and to remove them.
Stay safe. Stay secure.
Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…
Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…
It is an undeniable fact that all applications and infrastructures are essentially in need of…