sb-au logo
Story image

How cybersecurity leaders are overcoming the new risk landscape

19 Aug 2020

Article by Micro Focus head of enterprise security George Atrash.

Working from home has significantly increased the threat surface for businesses around the world.

Businesses that thought they were protecting themselves by using virtual private networks (VPNs) have been in for a shock, with a data breach affecting millions of users due to an unsecured server shared by several VPNs. 

This lapse in security raises the question of how to manage security in a landscape characterised by a highly distributed workforce. Businesses need to take a fresh look at cybersecurity and move beyond VPNs to protect the organisation in this environment of heightened risk.

Dealing with COVID-19 has required organisations to accelerate their digital transformation, but many have overlooked security. The old castle-and-moat approach to security is no longer sufficient; businesses need to move from assumed trust to zero trust, and then towards intelligently adaptive cybersecurity.

Here are four key areas that businesses must consider when it comes to securing the distributed workforce:

Trusted access

Zero trust is the preferred approach in the current environment. It’s essential to be able to leverage context to determine trust, as well as use identity assurance via multifactor authentication, and provide the least privilege access possible.

Adding intelligence allows organisations to become prescriptive in how they apply zero trust.

Safeguarded interactions

Interactions usually take place through applications, so it’s crucial to ensure applications are as solid as possible. This means choosing applications with a strong development pipeline and the ability to test them in a variety of ways. 

Strategies should include agility, with application testing and security happening both on-premise and in the cloud. 

Dynamic and static testing, open-source integration, and machine learning to help reduce false positives can combine to ensure applications don’t present undue risk.

Data protection

Classifying data is essential to managing its lifecycle and protecting it effectively. There is increased risk for businesses due to evolving privacy regulations, increased sensitivity around how data is used, and the fact that people are accessing data from new locations in new ways. 

Classifying data and managing it according to policies will help deliver the right outcomes for the business in terms of locking data down or making it securely available for certain tasks.

Ongoing monitoring

Being able to block unwanted access, monitor and detect threats, and respond rapidly to incidents are all vital capabilities that are non-negotiable in the current landscape. 

A fragmented environment puts pressure on security operations teams which have to continue to provide context to the monitoring to deliver intelligent outcomes. 

Next-generation SecOps capabilities will help organisations intelligently adapt by protecting identities, apps, and data, and letting businesses detect threats and evolve their posture for new threats.
 

To manage these four aspects strategically, it’s important to take an intelligently adaptive approach where the infrastructure has enough intelligence to detect threats, remediate at once, or notify teams with remediation steps. This approach can be built over time as needed.

Security intelligence services with dynamic functions are needed for security in motion, leveraging intelligence and analytics. Vendors gather masses of information that can be analysed to gain a more comprehensive view of the threat landscape and accelerate customers’ speed to value. 

An intelligent approach is the only way organisations can keep up with the rapidly accelerating threat landscape.

Story image
AppDynamics launches Cisco Secure Application to protect against vulnerabilities
AppDynamics, part of Cisco, has released Cisco Secure Application, a solution designed to simplify vulnerability management, defend against cyber attacks and protect applications.More
Story image
2021 global salary guide: Cybersecurity, data analytics professionals in high demand
"Technology has been one of the most successful sectors throughout 2020 and that looks set to continue for the foreseeable future.”More
Story image
Ingram Micro advances dedicated security practice with new hire
Lazarus has strong advice for all resellers. He says, “If you’re not talking security as part of every customer engagement, you're not having the right conversation.”More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
Investing in digital trust for the post-pandemic business landscape
Business leaders in 2021 need to make sustainable investments to give their organisations a much-needed resilience boost to tackle new disruptions, while still enabling growth.More
Story image
Stone & Chalk and AustCyber confirm strategic merger
"The integration of Stone & Chalk and AustCyber will enable our joint organisation to pursue a resilient and prosperous future not just for founders, enterprise and governments, but for all of Australia.”More