Investments in cloud infrastructure have helped companies survive a potentially catastrophic period in the pandemic. Now it’s time to look at boosting security from the edge, argues David Shepherd.
The world has changed a great deal in the past since the start of the Covid-19 pandemic. Rapid digital transformation in the form of investments in cloud infrastructure and services helped organisations survive a cataclysmic 12 months last year. But it has also expanded the corporate attack surface, exposing more data and endpoints to information-stealing raids and ransomware. At the same time, security priorities were ditched in favour of operational necessity, at least in the early days of the crisis. This will need to change going forward.
To move from just surviving to thriving , organisations need to start their cloud security efforts at the edge. This means layered security and innovative approaches like hyper-automation to drive true advantage.
Complexity is everywhere
Complexity is often the enemy of effective security. So, from a risk mitigation perspective, there has been plenty to concern the average CISO. By April, around half of the UK population was working remotely, forcing major investments in new corporate devices and SaaS-based tools to support web conferencing, team collaboration and productivity. Microsoft claimed to have seen two years’ worth of digital transformation in just two months, as the number of daily active users on Teams soared to 75 million. At the same time, we witnessed an explosion in remote working endpoints, raising the spectre of shadow IT in many organisations where staff were forced to use personal devices for work.
“Having weathered the initial storm, organisations should now be planning their next steps, with security front-and-centre of any post-pandemic growth strategy”
It’s not just that IT departments lack the visibility needed to apply patches and endpoint protection on such devices. Users also engage in more risky online behaviour away from the office, leading to the possibility of employees clicking on links they shouldn’t. In fact, 45% of IT professionals reported a rise in risky, non-compliant employee behaviour when surveyed in April.
First to react
This matters because cyber-criminals were quick to target these gaps in corporate security. Attackers usually have the advantage in being more agile than defenders, and they were when the pandemic hit. They rebranded existing phishing campaigns with COVID-19 lures and deployed them in huge quantities – Google claimed in April to be blocking 240 million COVID-themed spam messages and 18 million malware and phishing emails each day. They also targeted remote working endpoints, including vulnerabilities in VPN products and RDP accounts with easy-to-brute force or previously breached passwords. Specific organisations, such as those battling the virus on the frontline, were singled out ruthlessly for targeting with customised ransomware.
In many organisations, IT security teams were themselves depleted by illness and forced to work remotely. On top of this, large numbers were told to down tools to help with more pressing operational matters. According to a global ISC2 poll of security professionals, nearly half (47%) said they had been taken off some or all of their typical security tasks to support remote working and other work.
Starting at the edge
The good news is that the story so far doesn’t need to continue. Having weathered the initial storm, organisations should now be planning their next steps, with security front-and-centre of any post-pandemic growth strategy. In many ways, the future might not look too different, with remote working set to continue at much greater levels than before the crisis. That means more endpoints to manage, alongside a predicted explosion in IoT devices driven by 5G adoption.
Securing these highly distributed, cloud-centric environments will not be easy. In fact, in the case of SaaS applications, much of this responsibility will be out of your hands. That’s why it makes sense to begin with what you do control – corporate endpoints.
No silver bullet
There’s no silver bullet when it comes to cybersecurity, and threat protection at the edge is no different. That’s why you need to layer up defences, starting with effective end user training and awareness. By running real-world phishing simulations, collating and analysing results, and adapting programmes on an ongoing basis, businesses have a great opportunity to create a fantastic first line of defence.
Next, it’s time to shine a light on endpoints, with anti-malware to keep threats at bay, strong passwords and multi-factor authentication, risk-based patch management to fix critical bugs, and app control to ensure no untrusted applications are running. To support stretched IT and security teams, consider hyper-automation technologies, which leverage AI to detect and protect every single endpoint on the distributed network. They help endpoints to self-heal by optimising device performance and configuration, and even proactively work to detect and remediate any security issues.
In a world where the number of corporate endpoints has already vastly exceeded the number of IT specialists able to track them, intelligent automation is the key to a secure and prosperous future.
David Shepherd, Global VP Sales Engineering, Ivanti
Register to receive the latest cyber security news and analysis straight to your inbox