In the current climate, maintaining business continuity has been a key priority for organisations worldwide. Likewise, re-evaluating security approaches has been crucial for survival, as COVID-19 forced businesses to make fundamental operational changes overnight to deploy a digitally dispersed workforce and migrate to private and public clouds. However, this rapid transformation has created multiple security challenges.
- Accelerating threat prevention
- Detection and response mechanisms
- Unifying endpoint and workload security
- Simplifying the environment
These have led organisations globally to shift the balance from a reactive security posture to a position of strength. The demand for secure access to applications and data has soared. It has been driven by a rapid move to a digitally distributed way of working. As a result, 98% of C-suite professionals surveyed in the UK said the volume of attacks they faced had increased.
Defending a broader attack surface
Cyber defences have been placed under unimaginable strain. Security teams have been tasked with multiple challenges:
- handling hardware and software issues
- managing remote devices
- allowing access to critical company resources
- defending a much broader attack surface.
With more employees working outside the traditional corporate environment, points of vulnerability became greater. It has provided an attractive space for bad actors to disrupt and extort enterprises. Attackers found new methods to penetrate defences and stay undetected. Some 88% of cybersecurity professionals reported increased phishing attacks relating to COVID-19. Meanwhile, new variants of ransomware were also released to stop companies in their tracks, as well as an influx of Denial of Service (DDoS) attacks.
Outside of navigating increased threats, organisations faced multiple new challenges, including managing security in a remote working environment and ensuring employee accessibility. To enable employees to remain productive, organisations had to provide continuous, secure access to applications across remote endpoints while tackling security awareness for employees working from home.
So, how have IT and security leaders across the world been dealing with these challenges? And how can organisations unify IT and security teams to alleviate this pressure going forward?
Many security teams have benefitted from moving back to the basics, simplifying and strengthening their security strategies.
Simplifying security strategies and going back to basics
Providing the flexibility and agility required in the modern environment has required organisations to build new elements into their security strategies. They have had to fully leverage their infrastructure and control points while seamlessly securing data centres, clouds, and endpoints.
In this heightened threat environment, attackers have become too sophisticated in their methods to be averted by traditional endpoint security. More modern security technologies, like Endpoint Detection and Response, which are internet or cloud-native, were the ones that worked seamlessly as organisations pivoted to support a distributed workforce.
However, moving from in-office to remote working has required new security standpoints. Businesses have moved back to the fundamentals of security. Starting with internal accessibility, security teams had to start from ground zero and look strategically at their connections. For example, many organisations experienced a complete change in typical traffic volumes. Employees were operating at different hours to suit their work-from-home lifestyles. It meant security teams had to alter their trigger points from a monitoring perspective rapidly.
Despite shifting security strategies, products cannot solve these problems in isolation. To alleviate the immense pressure of rapid adaptations, IT and security teams must unite and work closer together. More than ever, businesses require an approach that makes security intrinsic and enables IT operations and security teams to integrate both strategically and tactically.
One obstacle which invariably challenges security teams is knowing who they should report to and how they can effectively collaborate with different teams, particularly IT. The challenge internally can be difficult. However, some level of cross-pollination of employees across different teams can work well. For example, security can work in an adjacent function of the business that they have expertise in. Building bridges with other departments and being able to talk to each other is always beneficial.
The journey toward cloud transformation and application modernisation
COVID-19 has radically changed the pace of innovation across many industries. After previous months and years of deliberation on infrastructure upgrades, decisions like moving to the cloud are accelerating. However, such sudden transitions are not without complexity. Security teams have had to adjust to the vast amounts of data now available.
Organisations need to start with this data and identify its meaning. Getting more context is critical for enriched visibility into the network environment. Capturing more data allows more context, so teams should focus on putting this in place where it is accessible. Then layer over the top the ability to drive down into the core data elements.
In an era of cloud applications and mobile users, organisations should prioritise their controls and rethink how they get that all-important visibility. While there is no magic wand to dissolve legacy technology, uniting teams will help protect the business from threat. Likewise, prioritisation will help. Security teams will be better positioned to overcome obstacles and navigate the current environment by prioritising certain areas.
Here are four top tips that our CTO Scott Lundgren recently shared at our CISO roundtable:
- Accelerate the work you’re doing around security tooling to enable both the security team and the engineering team with a single set of tools tailored for each department. It can make everyone work together more simply.
- Recognise the importance of basic cyber hygiene. Understand what is installed and what’s not. Where devices are and where they’re not. It’s easier said than done, yet it is the foundation of any security strategy.
- Get the required visibility into your systems. If you don’t have the right visibility, then you can’t even begin to have efficiency because you’re completely blind and chasing threats that don’t exist.
- Understand the consequences of your decisions. We often talk about specific technologies and specific product capabilities. While they’re important, it doesn’t work if they don’t tie the whole system together. Also, understanding the big decision points and the multiple consequences is important for the future of security.
In light of the new working environment, no organisation can say that they are truly secure. Here at VMware Security Business Unit, we spend a lot of time convincing others that 100% security is not the goal, nor is it attainable. However, organisations can create a platform for success by putting the right foundations in place – including gaining visibility into the environment and shifting security to the cloud.
It is time to unify endpoint and workload security to simplify the environment and build security intrinsically across applications, clouds, and devices. It will bring together IT operations and security teams to tackle new threats and eliminate blind spots. This will deliver better visibility and proactively address vulnerabilities before they become breaches or attacks by shifting from a reactive security posture to a position of strength.
VMware Carbon Black is a leader in cloud-native endpoint protection dedicated to keeping the world safe from cyberattacks. The VMware Carbon Black Cloud consolidates endpoint protection and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analysing billions of security events per day across the globe, VMware Carbon Black has key insights into attackers’ behaviours, enabling customers to detect, respond to and stop emerging attacks.
More than 6,000 global customers, including approximately one-third of the Fortune 100, trust VMware Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use VMware Carbon Black’s technology in more than 500 breach investigations per year.