Stay away from the Headlines! Cyber Security imperatives for the new normal

95% of cybersecurity breaches are caused by human error.” – Cybint

Rapid technology innovations on multiple fronts pose a complex challenge for those tasked with the security and availability of the IT infrastructure. On one hand, new devices such as mobile phones, smart screens, and IoT-enabled devices are deployed alongside computers. At the same time, IT policies allowing BYOD (Bring Your Own Device) and WFH (Work From Home) has now become the norm, which has compounded the security problem

The result is a significant increase in the threat surface along with the number of points from where the IT infrastructure can be compromised. Of all recent developments, the now accepted shift to WFH and the use of personal devices pose the biggest challenge. IT Managers now need to take measures to secure both the device and the access point from where employees connect to the Corporate network. But how can they ensure the identity of the user accessing the system and adherence to security norms while employees work from the comfort of their homes?

Many Enterprises have become soft, yet lucrative targets for hackers as a result of the increased threat surface that is as yet unsecured. Trends indicate:

  • Remote workers will be soft targets for cybercriminals
  • As a side effect of remote workforces, cloud breaches will increase
  • Cybersecurity skills gap, specially in Enterprises, will remain an issue
  • Growth of always on, connected devices will increase network vulnerability

The invisible threat to your IT infrastructure

When employees worked in offices, businesses were able to ensure that only authorized staff accessed critical infrastructure, in part through physical security measures. It was easier to ensure that staff complied with the established security norms. But with employees now working from home, businesses have to rely purely on the users’ virtual identity and trust that users comply with security processes

The probability that malicious users can compromise the System, either from within the organization or by taking advantage of unsuspecting employees, is very real. CIOs need to assign equal emphasis on securing the IT infrastructure from external threats and from internal vulnerabilities.

Indicators of Internal Sabotage

Internal Sabotage is when employees have access to the company’s sensitive systems, information and use it for malicious purposes. Most internal saboteurs come in two flavors – Players and Pawns.

Players – Are aware of the crime and have malicious intent.  They are typically disgruntled employees or people who have joined the organization with a certain motive. Research has shown that most of these have some kind of personal predisposition and hence get into this.

Pawns –  Are typically employees who do not have a motive but unknowingly participate in the act.  They are typically people who are helpful and enthusiastic. Their intention to help people or their ignorance gets exploited. 

It is important to understand the persona and motivation of the “Players”:

  • Most internal attacks are triggered by an unfavourable event or condition at the workplace. The motive generally  is revenge.
  • Largely the attacks happen after office hours and outside the office premises via remote access. Perpetrators find comfort in not being surrounded by people  or physically being present in the workplace.
  • Generally, it’s likely that peers are aware of the sabotage, or at least observed a change in behaviour even if they are not aware of the concrete plan.
  • Most attacks are carried out through compromised or shared computer accounts.
  • In several cases these indicators are observed but ignored by organizations due to work load or carrying on the age-old way of doing things.

Preventive steps / actions

Combating internal vulnerabilities and securing the IT infrastructure requires a coordinated approach on 2 fronts. Organizations need to take advantage of the latest technologies to monitor, analyze and identify threats in advance. Simultaneously, people processes also need to be updated to address security topics for the remote working scenarios

HR Initiatives

Align all teams who are responsible for data security. This includes HR, IT, Maintenance, and Security. Make them aware and educate them on the increased threats and the latest trends in cyber attacks. Educate employees about internal attacks and encourage them to come up with a collaborative plan.

Clearly document and consistently enforce policies and controls. Ensure all the employees who have access to data are also educated about the new threats and vulnerabilities.

Encourage employees to provide insights on the new policies and take inputs for threats that could potentially come from within.

Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees.

Disgruntled employees are a major source of internal threat. Create an HR plan to identify and track potentially disgruntled employees.

One of the best ways to track personal-level issues and problems is to use peers themselves. Create strong and well-crafted whistleblower policies where the employees feel empowered and responsible for the well-being of the company.

Technology-led Initiatives, Systems, and Approach

The Zero Trust model

Created by John Kindervag back in 2010 based on “never trust, always verify”. It is a concept where organizations should not automatically trust any research or individual inside or outside. It suggests a fresh start by revoking all access and providing access on a case-by-case basis with a clear understanding of the need. Technologies such as Identify and Access Management (IAM) and multi-factor authentication (MFA) are complementary to this approach.

It is just not enough to implement these technologies alone. There should also be a strategy and a clear SOP in place to manage the operations of the organization. However, this strategy is a little aggressive and requires a complete overhaul of the security policies and ongoing work which is not always practical and more often than not, could potentially break the system or make it brittle by holding it together with bandages.

Security Mesh

Most traditional security systems are designed and inspired by the castle-and-moat layout where all systems inside the moat are secured. This was an effective strategy in the traditional ecosystem. Over the years though, certain adaptations such as cloud and distributed workforce have created new challenges. Security mesh is one such approach where the focus is on securing every node of the network and not the traditional approach of building a boundary around the entire network.

Identity-first security and Identity Management

Identity management (IdM), also known as identity and access management (IAM) is the security practice that enables the right individuals or machines to access the right resources at the right times and for the right reasons.

Identities are the most vulnerable threat surface of every organization. Identity includes people, machines, IoT devices, and an active device or a group of devices on the network that needs to access a resource or service. Identity Security is one of the primary implementations of the Zero Trust model where all identities used in the organization are secured and managed using technology.

This enables providing fine-grained access to resources and data at an almost individual identity level and prevents Privileged Account Compromise. One example of this is the IAM security provided by AWS. Most solutions in this space span multiple technologies and platforms.

There are several products in the market that cater to this need:

  • IBM Security Verify Access
  • Cisco Identity Services Engine
  • CyberArk – Idaptive
  • Okta
  • OneLogin – Access

Remote worker Endpoint Security

With remote work becoming the new normal, securing remote access nodes poses new challenges especially with them being present outside the firewall. This problem is further compounded with infrastructure moving to the Cloud.

Breach and attack simulation

Is a continuous fire drill performed typically by independent vendors where they simulate sophisticated attacks similar to techniques used by cybercriminals to find vulnerabilities and report the same. 

Cloud security breaches

Refers to the compromising of data or nodes on cloud infrastructure. With more companies moving to the cloud, this has only snowballed in the past few years. Most of the data breaches can be attributed to configuration errors, IAM permission errors, re-use of identity. 

Best practices to reduce these vulnerabilities are

  1. Encrypt all data that is persistent (databases, logs, backup systems). Build this process in the QA checklist for all releases. Classify systems and data into sensitive and others. Ensure that sensitive data is secured and encrypted
  2. Prevent re-use of resource identities in the infrastructure and ensure each identity’s permissions are allotted on a need basis. Use tools like Centrify, Okta and CyberArk to manage these permissions.
  3. Routine audits on identity permissions, firewalls and cloud resources can help prevent these breaches. 

Securing your infrastructure

Over the years as companies have moved to the cloud, we have seen only an increase in cyber attacks.  With remote working becoming commonplace,  the line between internal and external attacks has blurred.  It is better to preempt the company’s defenses than be a victim.  Get in touch with us for an inside on how you could secure your company’s business and infrastructure. 

Want to know more? Contact us now

Understanding the Concept of Anywhere Operations and Its Scope

The pandemic has had a lasting impact on many things including the way we work. We have all transitioned into the digital world for virtually everything. The massive shift has posed infrastructure challenges to organizations urging them to re-examine traditional methods of working and enable a ‘work from anywhere’ culture. It has also become important for enterprises to use their resources wisely both during and after the pandemic. They are now pulling up their socks to prepare for the evolving needs of hybrid workspaces in the New Normal.

What they truly need is Anywhere Operations – an IT operating model Gartner believes 40% of organizations would have applied already by the end of 2023 to offer a blended virtual and physical experience to employees as well as customers. It is garnering a lot of attention since the time it has come into being.

So what is Anywhere Operations after all and how does it impact enterprises? Let’s find out.

The concept

Remote working has become a reality that will continue even in the future. In a recent survey by Gartner, 47% of the respondents said they intended to allow employees to work remotely full time. Explains Elisabeth Joyce, Vice President of advisory in the Gartner HR practice, “The question now facing many organizations is not how to manage a remote workforce, but how to manage a more complex, hybrid workforce. While remote work isn’t new, the degree of remote work moving forward will change how people work together to get their job done.”

As boundaries between real and virtual environments continue to blur, enterprises need to ensure ubiquitous access to corporate resources. There is greater dependability on digital tools and the resilience of enterprises will largely depend on how well they deploy them. Enterprises will have to adopt a more serious approach towards the transformation of their IT infrastructure – be it devices & apps or remote IT support and cybersecurity.

It is imperative that businesses deploy management solutions that allow teams to work in tandem and continue to enjoy the same accessibility irrespective of the location they log on from. Anytime Operations, clearly, is inevitable and the need to match pace with the fluid working style of today will push it towards mass adoption. Remote work however is more about the workforce whereas Anywhere Operations includes customers into the mix so that customers are also able to connect and interact for all their needs any time from wherever they are.

When implemented correctly, Anywhere Operations will serve as the perfect model for building resilience and flexibility.

Anywhere Operations supports:

  • Remote work
  • Remote deployment of products/services
  • Business partners, stakeholders, and customers

It encompasses productive business operations and its core objective is to ensure that these operations can be managed effectively from literally ‘anywhere’.

Anywhere Operations is not just an enabler of work from home, online customer support, or remote deployment of products/services but an organizational paradigm that offers value across multiple areas. These include:

Collaboration and Productivity

The need to attain the pre-pandemic level of collaboration and productivity has led to the emergence of virtual offices replete with task management tools, meeting solutions, club office suites, digital whiteboards, and video conferencing platforms. This enables employees to see each other, interact, conduct meetings, assign tasks, share ideas in real time, review space occupancy and usage, etc.

Remote assistance is crucial to enable sharing of digital replicas of devices and maintain real-time analytics. While it was easier to visit the client’s office in the past, the need to implement XR tools is being felt today to facilitate better collaboration around tangible objects and help clients in this period of social distancing.

Secure Remote Access

Development teams and clients are provided secure remote access via cloud solutions powered by firewalls to ensure safe access to the virtual environment. In order to fortify the security measures, ways and means are being explored to replace traditional VPN for users operating in multiple time zones.

Identity & Access Management (IAM) solutions that enable multi-factor authentication, passwordless authentication, Zero Trust models, and Secure Access Service Edge (SASE) are now being applied to ensure secure access to data and applications, anywhere, any time. Cybersecurity mesh is also being considered by modern enterprises. While ensuring timely responses and a more modular security approach, it makes identity the security perimeter.

Cloud and edge infrastructure

Organizations had already started discovering the power of automation and how certain tasks that were being performed manually needed immediate automation. In order to ensure 24/7 secure access, ubiquitous cloud migration was important.

Distributed cloud now has become the future of cloud computing and provides edge cloud for a nimble environment. Edge computing provides an opportunity for enterprises to collect a huge amount of data from various locations separated by distance and time zones to create efficiencies and bring down operating costs. It ensures that cloud computing resources are closer to the location where data and business activity is.

Project management and product development tools along with CRM tools used by sales and marketing departments are therefore being moved to the cloud. Enterprises are shifting infrastructure to cloud to ensure governance and accessibility for business continuity. Apart from flexibility and security, cloud solutions offer cost benefits with respect to smart repository usage.

Enterprises are looking at integrating IoT and 5G technologies to catalyze connectivity beyond imagination. The ability of IoT to allow back and forth flow of data makes it critical for dynamic business environments of today and will continue to drive edge-computing systems. Cloud and edge infrastructure will help avoid latency and gain real-time insights. Cloud and edge architectures will minimize time lags in data processing to help industries perform computing tasks closer to where data is gathered quickly.

AI edge processing is now being leveraged extensively for applications that have sub-millisecond (ms) latency requirements and helps circumvent bandwidth, privacy, and cost concerns. Enterprises are now critically evaluating their API platforms that serve as the essential building block on the road to successful digital transformations.
Google’s recently rolled out Apigee X is a case in point.

Says James Fairweather, chief innovation officer at Pitney Bowes, “During these uncertain times, organizations worldwide are doubling-down on their API strategies to operate anywhere, automate processes, and deliver new digital experiences quickly and securely,”
Automation to support remote operations

Automation will be at the helm of operations in a bid to minimize human intervention. Enterprises are now keen on automating tasks that can help make better business decisions.

Enterprises are increasingly using AIOps platforms that connect ITSM and ITOM to deliver high-value insights that can predict outages, prioritize events, and get to the root of event patterns to fix them. The modern AIOps platforms help a great deal for discovery, endpoint automation, and self-enablement. Zero-touch is also being deployed for automatic provisioning and configuration of devices without manual involvement.

Quantification of the digital experience

Dubbed as ‘total experience’, digital experiences are a culmination of customer experience, employee experience, and user experience that can be tracked by mapping the EX and CX journeys. Quantification concerns the entire interaction from the time the first contact was made up to the present day. As interactions get more virtual, distributed, and mobile, total experience will give enterprises the edge to reach new frontiers of growth and make technological leaps.

Enterprises need to offer better technology to support the hybrid workforce while supporting the buying behaviors of customers. Just offering a great customer experience is not enough, and effort must be made to monitor and respond to experiences in real time to strengthen the relationship with employees as well as customers.

Achieve Anywhere Operations with Trigent

With decades of experience in turning insights into strategies and a sophisticated suite of products to drive your business, we can help your organization usher in a much-needed technology transformation for achieving Anywhere Operations seamlessly. We can be your trusted partner in delivering Enterprise IT solutions.

Talk to our experts for a business consultation.