By Nicolas Fischbach, Global CTO of Forcepoint
So, as we near the end of 2020 I imagine there are many CISOs, CIOs and indeed business leaders sitting out there, patting themselves on the back as they survey their workforces, established in remote / hybrid office-and-home systems, happily and productively accessing data and continuing to work in an entirely new way. It’s true that their teams have been, like so often, unsung heroes, making the impossible possible in the first part of the year.
However, I’m afraid I need to burst this bubble. In 2021 I believe we will start to realise exactly how much intellectual property was stolen by external attackers and malicious insiders during the 2020 remote working shift with the implications it had on ways-of-working, maintaining infrastructure security and continuing to protect data everywhere.
What did we do?
Almost overnight organizations flipped a switch from a predominantly office-based workforce to remote workers using a plethora of operating systems and equipment. Employees with a wide range of technical know-how were left to set up and configure home networks and devices, while IT teams added and tried to scale VPNs and moved data into SaaS applications. It is almost as if companies gave up on protecting the perimeter, and trusted in basic networking and cloud services to protect what I call the “branch office of one”. The old perimeter is clearly gone, data needs to be more accessible than ever, and the ability for the user to work remotely is paramount.
It’s my view that we don’t yet know what impact this has had, and 2021 will start to unveil it to us.
Did we keep an eye on our attack surface and did we really examine the vulnerabilities we exposed during this time?
When cloud service providers spun up new clouds or SaaS applications for us, did the security keep pace and did our policies get applied consistently?
Has lockdown meant that cyber-enforcement got lighter? Did cybercriminals think they could get away with stealing data while security and IT teams’ attention was elsewhere?
The treasure trove has been opened right up, and security teams should not rest on their laurels. From past experience, I must assume that we haven’t moved as fast as the attackers, and that 2021 will see several large data breaches revealed, while some firms discover to their horror that what appear to be nation state attackers or well-organized criminal groups have infiltrated their defences.
Like it forcefully happened to digital transformation programs, the notion of multi-year security programs will be replaced, in 2021 and beyond, with more agile security. We need to move at “bad guys speed”, and our responses to threats must be completed at the same rate of change we would expect from a business model pivot or adaptation.
The Imperative of Visibility in 2021
Data visibility and the management of data protection is the most important cybersecurity imperative for enterprises in the next year. In this way, 2021 can become the year of working securely, regardless of location. These new patterns are here to stay, and we must do our best to introduce resiliency, security and visibility into our efforts.
As part of this, we must address the elephant in the room. Data loss is damaging to business, and in order to stop that loss, we need to know exactly where our data is, on a minute-by-minute basis. That means we must introduce real-time (or near real-time!) user activity monitoring. We should be monitoring to prevent data loss: not productivity tracking. Transparency in the roll-out of these solutions and the careful consideration of user privacy should be at the heart of any user activity monitoring solutions. Forrester analyst Chase Cunningham has advised: “If you aren’t monitoring your data: your intellectual property is walking out of the door, and you’ll be out of business in twenty years.”
The fact that we have shifted to remote working so quickly, and relatively smoothly, may mean that we have no need to go back to a structured perimeter. But we will need a fast movement towards user activity monitoring – an approach that relies on analytics to understand data access patterns. Without visibility of data in this way we cannot scale and understand how to work productively, flexibly and securely. Through the combination of behavioral analytics and Indicators of Behavior (IOBs), we can achieve visibility alongside control. Data usage must be examined and understood in context, and data loss prevention policies applied adaptively, and dynamically. If we can create cybersecurity technologies which build upon machine learning and analytics to measure and understand data movements in quasi real-time, we can avoid the upcoming dawn of disappointment on the horizon.
As the “new normal” becomes “just normal”, leaders must get the basics right: revisit their policies and processes, validate their posture and risk appetite, and avoid assumptions that all is well just because they haven’t seen an incident yet. Longer term, cloud-native solutions with a deep understanding of users’ behavior will deliver permanent solutions, rather than stopgaps when it comes to protecting data and intellectual property.