During the past year, IT and network professionals at nearly every enterprise were forced into action as remote work became the norm following the arrival of the COVID-19 pandemic. This has resulted in large-scale change for remote access architectures, as well as for cloud and cloud-delivered services. In many cases, there has been an increased adoption of software-as-a-service (SaaS) models.
Of course, with these significant changes have come heightened cybersecurity risks. Cyberattackers are taking advantage of shifts in business connectivity, finding new ways to exploit security vulnerabilities.
This evolving threat environment has made it necessary to increase vigilance related to cybersecurity. The recently published white paper “Cyber Security After the Pandemic,” from HardenStance, outlines four important trends.
1. Security must be part of your corporate culture.
Security and business continuity planning should be ingrained in every enterprise’s corporate culture. This planning should include a cyberattack response plan and other “war-gaming” activities. In addition to creating a rapid response plan, it is advisable to conduct extensive employee training to stand as a line of defense against cyberattacks. Good cybersecurity practices must be reinforced across all functions of every organization. Leadership should set an example, demonstrating a commitment to security that sets a tone for the business.
For some organizations, the chief information security officer (CISO) is increasingly taking on an elevated role such that in some organizations the CISO’s role is on a par with the Chief Information Officer’s (CIO’s) now. Consistent with that the role has tended to become more proactive and more tightly coupled with Business Continuity Planning (BCP) In some companies, the role could become merged along with CIO, BCP and other roles into a unified function of digital process officer or cloud technology officer tasked with greater accountability across the business.
Another important cybersecurity best practice is threat intelligence sharing. Organizations can learn a lot by engaging in sharing within peer industries.
2. Security at the edge is increasingly important.
As work has largely shifted to remote, many enterprises have come to rely on VPN architectures for connectivity to vital systems and applications. However, the security governing these VPNs may not be sufficient. This has led organizations to substitute their VPN with SD-WAN. Over the past few years, many SD-WAN vendors have integrated security controls into their portfolios. In addition, the emerging secure access service edge (SASE) solutions are unifying network and network security into a single cloud service that provides much-needed connectivity and device security at the edge.
3. Segmentation and microsegmentation requirements may be emerging.
The HardenStance white paper predicts that in the near future, more-integrated approaches to addressing segmentation of home networks will become prevalent. The paper also anticipates “accelerated investment in vendor roadmaps to meet the segmentation and microsegmentation requirements of all legitimate stakeholders in the data and applications that run on personal devices.”
4. There’s a continuing need to combat ransomware attacks.
As ransomware attacks continue to target enterprises, several industry initiatives are underway to combat this scourge. Security vendors, industry associations, business organizations, and governments are increasingly working together to put measures in place to curtail these attacks. One such measure under consideration is extending Know Your Customer (KYC) transparency rules in financial transactions to include cryptocurrency transactions. These forms of payment are the primary choice of ransomware attackers because they are untraceable, so new KYC rules may act a powerful impediment. Enterprises should strongly support efforts such as these.
Download the white paper “Cyber Security After the Pandemic”