Rebalance your cyber security with a “prevention-first” strategy
It is said that the most efficient way to reduce insider risks is to prevent insider incidents. A prevention-first strategy must also prove effective at rapidly detecting and mitigating the effects of insider threats originating from both malicious and accidental insiders.
What if you could secure and protect your users and devices, even BYOD laptops and smartphones, with a method that is focused on earning trust across any end point and continuously validating that trust at every event or transaction?
We brought together a group of CISOs, IT and security heads, and cyber security directors to discuss the challenges they’ve faced managing cyber security threats, and more about:
- How working from home has affected their security strategy
- Prevention-first strategies
- Securing vulnerabilities and developing for the future
Rela8 Group’s Technology Leaders Club roundtables are held under the Chatham House Rule. Names, organisations and some anecdotes have been withheld to protect privacy.
BlackBerry provides intelligent security software and services to enterprises and governments around the world. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry’s vision is clear – to secure a connected future you can trust.
The challenge of remote working
With the world in an extended period of uncertainty when it comes to how we work, businesses were forced to revaluate their security strategies with prevention in mind. Every organisation was at varying levels of cyber security maturity when the pandemic began, some were more able to adapt than others, some already had a working from home provision in place. One challenge all organisations had in common however, how do we ensure our endpoints are secure?
Security strategy reshaped
Given how many employees were now working from home, the number of potentially unsecure endpoints became a critical concern for many businesses. The attack surface for cyber-attack and insider threats (both malicious and accidental) increased exponentially. Even for businesses already offering working from home, it was clear the approach to security needed reshaping.
For all the problems it caused, the pandemic did help businesses by rapidly accelerating security development. As a result of the pandemic, implementation of multi-factor authentication (MFA) and endpoint protections, coupled with awareness training and education, drove cyber security’s development. Risk profiles were changed to being more about security posture, focusing on patching vulnerabilities and running assessments.
Data logs have always been important for security, but now businesses are ensuring these logs are interrogated and cleaned up, focusing on use-cases to drive more targeted threat analysis. Another approach to minimising attack surface is investment in services that mitigate endpoint risk, such as remote browser isolation and virtual desktops. After all, why have an endpoint if you don’t need one?
Clients and partners who insisted that their security operations centres (SOCs) remain on-premises also benefitted from the shift to remote working. These businesses saw a dramatic shift in mindset where they were forced to embrace the benefits of the cloud when on-prem was no longer an option.
Endpoints and end users
When looking at securing their endpoints, organisations quickly understood that identity management is what required the most investment. Identity being the initial point of control makes it the control plane which businesses needed to organise their strategy around. Ensuring then that all users were being thoroughly verified through Identity Access Management (IAM) and MFA was paramount. Some businesses saw success in the deployment of more advanced technologies that were able to detect who is sat at the screen and whether anything was being recorded, but this naturally came with privacy implications and friction for the users. Effectively implementing these more advanced measures is a delicate balance, one that is best structured around individual data security requirements.
It wasn’t just the users that needed securing, ensuring their devices were uncompromised and secure was also critical. In the rush to remote working, a lot of kit was deployed without necessary hardening, scanning, and securing. This was a necessary cost to pay for those without existing infrastructure and hardware in place for remote working. The next step for these businesses was to look back and reassess their security posture to optimise it, ensuring the endpoint vulnerabilities were closed with effective cluster patching.
Effective IAM will resolve a large portion of security concerns. To that end, concepts of least privilege and zero trust are looked at as being the gold-standard for identity authentication, but it does come at the cost of user friction. The idea of continuous trust is to mitigate this friction while remaining secure. This is achieved by establishing a trust score for each user/device that dynamically updates in response to activity and security. However, continuous trust is not something easily implemented and is only suitable for businesses with strong security foundations in place already.
An easier way?
Even if users are provided with secure devices, how secure are the endpoints in practice? Users will tend to find a way around restrictive security protocols if they feel it would make their life easier, and some users prefer to use their own unsecured machines to work on. Organisations can implement conditional access policies that ensure all productivity activity is done on managed devices, but what if there was an easier way?
Tools exist to help silo all work documents and applications on devices into secure containers, this way even if there is a security breach, the data is secure. A data first approach is based around the idea that the security focus should be on the data. This is done by pinpointing what you are trying to protect, where it resides, and using that to inform what level of protections you need and where.
Focusing on the data seems like an obvious decision, but the data first approach is not without its issues. It doesn’t account for reputational damages in the event of a breach. Even if all your data is secured and nothing is lost, for business partners who only see that you have had a data breach, this results in a loss of trust. When it comes to deciding what to protect – data, endpoint, or end user – all 3 are important, but what gets prioritised is dependent on industry and organisation.
In the wake of the COVID-19 pandemic, there has been a noticeable shift from the idea of an internal perimeter, to focusing on endpoints and identity as prevention. Implementation of MFA and improved security practices has accelerated rapidly to match the broader attack surface. Businesses who were lucky enough to be already equipped to handle working from home began looking towards other approaches such as continuous trust and data first strategies to stay on top of the shifting security landscape.
One thing that is clear for all organisations, security is a journey. There is no best practice that fits for every organisation but focusing on solid security foundations and compliance will offer a jumping off point that can then be developed in line with business needs.