V.R.Murralinath - stock.adobe.co

This article is part of our Essential Guide: Essential guide to operation-centric security

There’s no going back to pre-pandemic security approaches

The cyber security world will probably never return to its pre-pandemic state, and different approaches to security will come to the fore in 2021

This article can also be found in the Premium Editorial Download: Computer Weekly: How security will be different after Covid-19

The majority of cyber security professionals say their approach to security will never return to how it was before the Covid-19 pandemic, as they emphasise securing remote workers and cloud deployments as ongoing challenges heading into 2021, according to a report.

Research organisation Dimensional Research polled 613 IT professionals on a global basis, on behalf of security firm Check Point, to assess the lay of the landscape at the end of a tumultuous year. It found that 95% of respondents had completely changed their security strategies over the course of 2020, in an “unplanned pandemic response”, with only a quarter saying they had stuck to existing security projects.

“The survey shows that a majority of organisations do not expect their current security issues and priorities to change much over the next two years,” said Peter Alexander, Check Point Software’s chief marketing officer. “For many, the rapid changes they made to their networks and security infrastructures in response to the pandemic will be permanent.

“At the same time, cyber attacks and threats are increasing as hackers try to take advantage of those changes. So organisations need to prioritise closing off any security gaps across their new distributed networks, from employees’ home PCs and employees themselves to the datacentre.

“Dealing with the impact of the pandemic on business operations, and ensuring they can continue to operate as efficiently and as securely as possible, will be the biggest ongoing challenge for most enterprises,” said Alexander.

Going into 2021, the biggest security challenge will be securing remote workers, cited by 47% of respondents, followed by preventing phishing and social engineering attacks (42%), maintaining secure remote access (41%), and protecting cloud applications and infrastructure (39%). 

The survey suggests that these trends will be deep and long-lasting, outpacing other security issues by some margin through to at least 2023, in a clear indication that whatever the new normal actually is, it is probably here to stay.

Plug the gaps

Check Point said that to put themselves in the best stead to block the growing volumes of threats, security teams needed to prioritise closing off gaps in their distributed networks, from home PCs and employees themselves all the way to the heart of the datacentre, knitting the whole together with unified management capabilities.

Julia Voo, HP’s global lead for cyber security and tech policy, agreed that the pandemic had weakened traditional approaches to security. “Remote access inefficiencies, VPN vulnerabilities and a shortage of staff that can help the business adapt means data is now less secure,” she said.

As a result of this increased threat surface, organisations can expect to see malicious actors rushing to take advantage of any of these remaining gaps, putting, as Voo’s colleague Boris Balacheff, HP Labs’ chief technologist for security research and innovation, pointed out.

“We have to expect home infrastructure to be increasingly targeted. The scale at which we operate from home increases the incentive for attackers to go after consumer IoT [internet of things] devices and pivot to business devices on the same networks,” said Balacheff. “And as we know, if attackers are successful with destructive attacks on home devices, remote workers won’t get the luxury of having someone from IT turning up at their door to help remediate the problem.

“2020 demonstrated that it has become critical to manage highly distributed endpoint infrastructure,” he added. “Organisations need to accept that the future is distributed. Everything from remote workers’ devices to industrial IoT devices have become the new front lines of the cyber security battleground in our increasingly cyber-physical world.

“To meet this challenge, organisations need to rethink their security architectures and controls, and embrace the necessary innovation in technology and processes to help them support this new environment. For example, modern hardware technology exists that can help not only protect, but also recover employees remotely and securely in the face of destructive attacks like those we have seen in the past few years.”

Read more about security in 2021

James Muir, threat intelligence research lead at BAE Systems Applied Intelligence, said: “Much has been written about the potential implications of increased remote working on organisational security, with particular attention to increased attack surface through additional devices and different connectivity mechanisms.

Survey data has suggested that lack of awareness around security best practices has led to an increased rate of data breaches. There have been reports of ‘WFH compromise’ leading to 'organisational compromise’ – although it is unclear whether these would have occurred from the office anyway.

“Definitive trends in whether remote working has led to increased prevalence of specific attack paths are currently unclear,” said Muir.

“However, we expect further attention from both attackers and defenders in 2021. As a global movement to work from home has shifted the enterprise ‘last mile’ to include consumer network-enabled technology, 2021 shapes up to be the beginning of a new revolution in adversary tactics, tools and strategy.”

IT support function now critical to security

The remote working surge has also highlighted the criticality of the IT support function to security, with a sharp uptick in the number of inquiries into organisational IT helpdesks noted in 2020, which will continue, according to Liz Beavers, one of SolarWinds’ head geeks.

“As organisations explore how to drive efficiencies throughout the business, we also anticipate the IT helpdesk will further embrace technology and streamline their operations to become a more central resource for all employee tech requests: the IT service desk,” she said.

“Before the broader transition can begin, teams must put the proper infrastructure in place so they’re able to sufficiently manage employees’ systems,” said Beavers. “Organisations will then begin to look at how all factions and departments within the business can utilise the service desk. By reviewing – and in some cases rethinking – their processes, we expect to see numerous businesses decide the IT service desk should become the central resource for employees so they can get the help they need, when they need it, as remote working becomes the norm.”

Although the IT helpdesk won’t be responsible for owning all requests, given its staff’s experience and expertise it will become a useful way to help remote employees better address security, Beavers went on.

For example, she said, where a helpdesk would traditionally have coached a user through a one-off ticket like a password reset, leveraging automated classification and responses in IT service management (ITSM) solutions will help eliminate manual triage, make incident categorisation more efficient and resolve problems quicker for the user.

For more complex practices like offboarding, or adding new remote devices, helpdesk teams can also use ITSM platforms to digitise the collection of information and automate changing access rights.

“Implementing these updates won’t shift the onus from the IT helpdesk, but it’ll help eliminate service silos and enhance visibility,” said Beavers.

Multiple clouds are maybe not security best practice

The events of 2020 also brought increased reliance on multicloud infrastructures to the fore, as Forrester principal analyst Dave Bartoletti observed.

“Without public cloud apps, development services, tools and infrastructure available to every business and consumer on demand, imagine how different (and hobbled) the pandemic response would have been. In 2020, cloud proved that, indeed, one should never let a good crisis go to waste,” he wrote.

However, much has already been said about how IT teams have struggled to handle an increasing number of cloud instances, and Patrick Hubbard, another member of SolarWinds’ team of head geeks, said that multicloud strategies had been overhyped from a security perspective, and that it was time to rethink this practice.

“With multicloud adoption, there’s a lag between initial investment and deployment,” said Hubbard. “Those who first started with a multicloud strategy may grow to realise how expensive and quickly complicated it can get, making the return on investment questionable.

“It’s expensive because it requires a high level of understanding for each target platform, a strong development team, an observability and monitoring focus, orchestration-first processes, nearly complete change automation, and more.

“For most businesses, there are also some lost cost opportunities because not all cloud providers offer the same services mix, especially for advanced services – and this is where things start to get more complicated. Businesses must develop and maintain advanced cross-cloud services in-house for anything not common to all target platforms,” he said.

Hubbard urged organisations that have gone down the multicloud route to think about their business cases for why they believe multicloud meets their business needs to begin with, and if they choose to persist with this strategy, to either better train their teams or secure the budget to outsource cloud management and monitoring.

Read more on Business continuity planning