Written by Carol Hildebrand, Senior Writer, Security, NETSCOUT
The COVID-19 pandemic handed some Herculean tasks to many enterprise IT and cybersecurity teams. First, IT had to adjust architectures and practices to support a massive, unplanned shift to remote work for those who were able to work at home. Many companies implemented large-scale remote-access architectures, as well as increasing their adoption of cloud and cloud-delivered services such as software-as-a-service (SaaS) models. Not surprisingly, cybercriminals quickly pounced, launching more than 10 million DDoS attacks aimed at crippling targets with a heavy reliance on online services. This left cybersecurity practitioners with the second Herculean task: defending enormously distributed corporate environments that had been built at such speed that core principles of enterprise cybersecurity best practices had to be temporarily overlooked.
A recent white paper from Hardenstance (and co-sponsored by NETSCOUT and the Cyber Threat Alliance, among others) takes a look at this dynamic. Entitled “Cyber Security After the Pandemic,” the paper examines the changes that organizations have made to cybersecurity, as well as four areas in which companies can use lessons learned from the pandemic to make the following long-term improvements to cybersecurity practices:
- Thoroughly integrate security into your corporate culture. Security and business continuity planning should be ingrained in every enterprise’s corporate culture. This planning should include a cyberattack response plan and other “war-gaming” activities. In addition to creating a rapid response plan, conduct extensive employee training to stand as a line of defense against cyberattacks. Good cybersecurity practices must be reinforced across all functions of every organization. Leadership should set an example, demonstrating a commitment to security that sets a tone for the business. Another important cybersecurity best practice is threat intelligence sharing. Organizations can learn a lot by engaging in sharing within peer industries. The role of the chief information security officer (CISO) is also likely to further evolve, as the position continues to become more strategic and the role more elevated. Some companies might even merge the CISO role with that of the CIO and Business Continuity Planning (BCP) to create a unified function of digital process officer or cloud technology officer tasked with greater accountability across the business.
- Plan for converging network and security at the new edge. As work has largely shifted to remote, many enterprises have come to rely on virtual private network (VPN) architectures for connectivity to vital systems and applications. However, the security governing these VPNs may not be sufficient. This has led organizations to substitute their VPN with SD-WAN. Over the past few years, many SD-WAN vendors have integrated security controls into their portfolios. In addition, emerging secure access service edge (SASE) solutions are unifying network and network security into a single cloud service that provides much-needed connectivity and device security at the edge.
- Better segment business, private, and government domains. The shift to remote work further accelerated the convergence of personal and employer applications and data on the same home network and on the same devices. This means that security teams will need to find efficient methods of segmenting the two domains. Expect security teams to move from heavily customized approaches to more integrated ‘out of the box approaches to addressing home network segmentation. In response, vendors will increase investments in this area to meet segmentation and microsegmentation requirements of all legitimate stakeholders in the data and applications that run on personal devices.
- Support concerted action against ransomware. As ransomware attacks continue to target enterprises, several industry initiatives are underway to combat this scourge. Security vendors, industry associations, business organizations, and governments are increasingly working together to put measures in place to curtail these attacks. One such measure under consideration is extending Know Your Customer (KYC) transparency rules in financial transactions to include cryptocurrency transactions. These forms of payment are the primary choice of ransomware attackers because they are untraceable, so new KYC rules may act a powerful impediment. Enterprises should strongly support efforts such as these.
In truth, the idea of collaborative action across security companies and the public and private sector is one of the founding tenets for the CTA and its members. Adversaries are smart and motivated, and defending against increasingly sophisticated attacks is not best accomplished by a lone vigilante. Indeed, the ability to work together and improve threat intelligence sharing constitutes one of the strongest weapons available in this ongoing battle.
A veteran of Computerworld and CIO magazine, Hildebrand is an award-winning technology writer who writes about the intersection of business and IT, with a focus on cybersecurity. Hildebrand serves as the editorial lead for the bi-annual NETSCOUT Threat Intelligence Report.