sb-nz logo
Story image

How cybersecurity leaders are overcoming the new risk landscape

19 Aug 2020

Article by Micro Focus head of enterprise security George Atrash.

Working from home has significantly increased the threat surface for businesses around the world.

Businesses that thought they were protecting themselves by using virtual private networks (VPNs) have been in for a shock, with a data breach affecting millions of users due to an unsecured server shared by several VPNs. 

This lapse in security raises the question of how to manage security in a landscape characterised by a highly distributed workforce. Businesses need to take a fresh look at cybersecurity and move beyond VPNs to protect the organisation in this environment of heightened risk.

Dealing with COVID-19 has required organisations to accelerate their digital transformation, but many have overlooked security. The old castle-and-moat approach to security is no longer sufficient; businesses need to move from assumed trust to zero trust, and then towards intelligently adaptive cybersecurity.

Here are four key areas that businesses must consider when it comes to securing the distributed workforce:

Trusted access

Zero trust is the preferred approach in the current environment. It’s essential to be able to leverage context to determine trust, as well as use identity assurance via multifactor authentication, and provide the least privilege access possible.

Adding intelligence allows organisations to become prescriptive in how they apply zero trust.

Safeguarded interactions

Interactions usually take place through applications, so it’s crucial to ensure applications are as solid as possible. This means choosing applications with a strong development pipeline and the ability to test them in a variety of ways. 

Strategies should include agility, with application testing and security happening both on-premise and in the cloud. 

Dynamic and static testing, open-source integration, and machine learning to help reduce false positives can combine to ensure applications don’t present undue risk.

Data protection

Classifying data is essential to managing its lifecycle and protecting it effectively. There is increased risk for businesses due to evolving privacy regulations, increased sensitivity around how data is used, and the fact that people are accessing data from new locations in new ways. 

Classifying data and managing it according to policies will help deliver the right outcomes for the business in terms of locking data down or making it securely available for certain tasks.

Ongoing monitoring

Being able to block unwanted access, monitor and detect threats, and respond rapidly to incidents are all vital capabilities that are non-negotiable in the current landscape. 

A fragmented environment puts pressure on security operations teams which have to continue to provide context to the monitoring to deliver intelligent outcomes. 

Next-generation SecOps capabilities will help organisations intelligently adapt by protecting identities, apps, and data, and letting businesses detect threats and evolve their posture for new threats.

To manage these four aspects strategically, it’s important to take an intelligently adaptive approach where the infrastructure has enough intelligence to detect threats, remediate at once, or notify teams with remediation steps. This approach can be built over time as needed.

Security intelligence services with dynamic functions are needed for security in motion, leveraging intelligence and analytics. Vendors gather masses of information that can be analysed to gain a more comprehensive view of the threat landscape and accelerate customers’ speed to value. 

An intelligent approach is the only way organisations can keep up with the rapidly accelerating threat landscape.

Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Claroty discovers vulnerabilities in Ovarro TBox RTUs
The vulnerabilities could enable attackers to break into the systems and run code, crash systems, and meddle with configuration files, amongst other malicious actions.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More