The pandemic had a major impact on our IT operations and has brought many changes that we still need to live with. Early on, great emphasis was placed on solutions to enable people to work from home, which has now become, to varying degrees, the norm. The ability to work from home has brought many challenges, one of which is the ability to secure individuals and data in uncontrolled environments. At the same time, malicious actors have seized the opportunity and we have seen higher than normal activity of malware and attacks over the period.
Today's cyber attacks are increasingly sophisticated and harder for the average user to identify and defend against. Those of us who talk about security on a more day-to-day basis tend to divide them into two types of threats, the untargeted and the targeted. Untargeted threats refer to more opportunistic attacks that may not have a specific target. This type of attack is cheap for the attacker to carry out on a large scale, in much the same way as spam. Typically, it involves the spread of various types of viruses, worms or ransomware.
Targeted threats are against specific targets and attacks are more controlled by what they want to achieve. For extortion of online businesses, denial of service attacks are a relatively cheap method and difficult to defend against. Information theft is a more expensive but also more profitable method if successful. Most targeted attacks are linked to organised crime with extortion as a business objective. In the case of intellectual property theft, other industrial espionage actors and actors with national links are more often visible.
With the IT workplace being the primary window to business systems for the employee, it is an attractive target for accessing the valuable systems. The IT workplace and the way we work has changed in the wake of the pandemic, which has changed the way security is managed.
WORK IS NO LONGER SYNONYMOUS WITH THE OFFICE
A concrete example of change has been the shift in where work takes place. Work and workplace are no longer synonymous with the office. For many with mainly administrative jobs, it became the predominant form of work during the pandemic. As a result, our traditional approach of managing security from the office with firewalls and VPNs was quickly shattered.
Our working methods have also changed. A job is no longer a place but rather a function that we employees perform. Where physically we are matters less, especially at a time when more and more is saved and stored in the cloud. Security comes into a whole new focus than when the server was in the local basement and the network didn't reach outside the office.
 FOI-R-4738-SE, Total Defence Research Institute
CONSEQUENCE OF HOMEWORK
Homeworking has meant investments and costs beyond what was actually budgeted, affecting an already strained budget. For many, the introduction of homeworking has also resulted in an increased burden on support. Other areas that have been affected are of course the IT workplace itself, but also the costs of IT security have increased. Sensitive information is suddenly moving more and more in uncontrolled environments, and while security challenges have increased, much effort has been put into ensuring that while working remotely we have the platforms and tools to access the right information at the right time. Given new conditions, many of the traditional security models have been challenged and new more modern models are now required to try and meet today's threats to both business and employees.
ZERO TRUST - DON'T TRUST ANYTHING
A traditional model often starts from a perimeter mindset with firewalls, VPNs, and trusted users where you are considered secure at different stages. The concept of Zero Trust, instead, is about assuming that nothing is secure. Now we have to work on the assumption that threats, to varying degrees, already exist inside our networks and systems. This is a natural extension of the way we work, which has changed so much.
- Data - Must be secured, categorised and encrypted both when sent and at rest.
- Networks - Need to be segmented, isolated and controlled similar to perimeter models.
- Workloads - Applied across the entire application stack and not isolated islands
- Devices - Like networks, need to be isolated, secured and controlled.
- People - Restrict user access with identity management. Monitor and log everything.
Restricting access is about always providing the least possible access and can be the most important thing. This significantly reduces the potential attack surface and increases logging, auditing and compliance capabilities. This also limits an attacker's ability to so-called horizontal movement within their own environment. Zero Trust is highly relevant in the context of increased work from home, even if it is not feasible to implement for the entire business.
Whatever the methodology and security model, the amount of data generated is a problem and our security solutions are no exception. Here one might consider the benefits of having someone with the skills take responsibility for managing the volume through an established SOC, something that is usually only afforded to the largest businesses. The benefits relate in particular to the ability to maintain scale, critical mass in specialist skills, established partnerships and ecosystems with other technology providers to address complex threats. In short, everything that is difficult for an individual business but is at the heart of our offering.
If you are interested, we would be happy to tell you more about how we solve security problems in a pragmatic way. Contact us at firstname.lastname@example.org