How cybersecurity of organisations in Europe will change and adapt with teleworking and the migration to the cloud
When 2020 arrived, no-one could have predicted nor expected the drastic changes that we are seeing in the light of the COVID-19 pandemic. Not only has the pandemic changed cybersecurity, it has also created a huge paradigm shift in the way that organisations work.
The pandemic caused a rush across Europe to get employees out of the office and working from home, creating a requirement to better secure the teleworkers. Prior to the pandemic, only 5.2% of people regularly worked from home across the EU. A Europe-wide push for people to self-isolate proved challenging for the majority of the continent’s population who typically hadn’t been working from home; however, now that this paradigm has shifted, organisations across Europe are turning their attention to how they will work in the future.
Creating the New Normal in the Cloud
There has been much talk in the media about the “new normal” and what that will look like when it comes to cybersecurity. With lockdown restrictions easing, the return to the office is firmly on the board’s agenda. Most European organisations are considering two options – allow their employees to work from home full-time or adopt a “hybrid” workplace approach, where employees will split their time between working in the office and at home.
The pandemic has helped many employees realize how much they enjoy the work/life balance and appreciate not having to commute to an office five days a week. They have also proven that they can work just as effectively from home as in the office. Research predicts that the number of UK employees working from home on a regular basis will double, increasing to 37%, compared to 18% before the pandemic hit.
In line with this change, many European organisations have reduced their real estate and have a decreased need for on-premise solutions. This is creating a shift to cloud-based solutions that will provide stronger protections for teleworkers. The growth in cloud computing has been massive and transformational – and quickly sped up with the pandemic.
Cybersecurity for Teleworking
If employees are going to work from home on a regular basis, their cybersecurity hygiene should be considered by the organisations they work for. There are a myriad of different challenges with securing teleworkers; for instance, employees might be more likely to fall victim to a phishing email or cut corners when it comes to backing up important company data.
Phishing attacks have grown by over 60% in the UK since the COVID-19 pandemic and are widely recognised as the top cause of data breaches. Hackers are getting much more sophisticated in their approach to phishing attempts and once an employee clicks on a malicious link, they may be able to gain access to the employer’s device or sensitive data.
Cybersecurity for home workers is very different than for the office. Employees’ home networks will often have weaker protocols (WEP instead of WPA-2, for example), which can allow hackers to access network traffic much more easily. To help with this change, many organizations are looking for upgraded security tools and services that can be entirely cloud based. It’s a good time to review remote access solutions and policies, to ensure your team is working securely while remote.
Securing the Cloud
With the transition of more employees working from home, it is not surprising that cloud technologies are being adopted at an incredible rate in recent months. Of the 250 IT leaders surveyed, 82% said they have increased their use of the cloud in direct response to the COVID-19 pandemic, with 60% saying their use of off-prem technologies have continued to grow post-pandemic. The same study also found that respondents believe that by 2025 only 22% of workloads will reside on-prem, compared to 35% of workloads that resided on-prem prior to the COVID-19 outbreak.
From a business continuity perspective, there has never been a better time to make the move to the cloud. The ability to allow employees to work from anywhere via a virtual desktop or remote infrastructure has been instrumental to keeping employees working, and business moving, during the COVID-19 pandemic.
However, now data sovereignty issues become more of a focus and risk, especially for Chief Regulatory Officers and General Counsels. This country-specific requirement states that digital data must remain within those country’s borders and is subject to the laws of the country in which it is collected and processed. Many countries have had data protection laws for decades, and with the stricter rules put in place by the EU’s General Data Protection Regulation (GDPR), the concerns have become much more prominent.
So while the migration to cloud-based technologies may be straight-forward, securing it may not. Some teams are well equipped to deal with the transition, but many teams find themselves struggling to secure their teleworkers. The cybersecurity skills shortage in Europe is expected to be nearly 350,000 by 2022, which means many teams will have to look for alternative ways to secure their cloud technology.
For many in Europe, the idea of a SOC-as-a-Service, or outsourced managed services, wasn’t a consideration prior to the pandemic. But given the swift changes organizations had to make, they have realized that partners can help to fill a gap with their IT security. Cloud-based SOC-as-a-Service providers offer a lot of flexibility for organizations and 24/7 protection that many organizations can’t fulfill in-house.
If you find yourself trying to build out a secure, cloud-based security program, here are a few principles that you should follow when transitioning data to the cloud:
- Monitor and secure your Office 365 implementation. Office 365 is continuing to be adopted at an exponential rate, especially since the global coronavirus pandemic hit earlier this year. While it allows businesses to be more efficient and productive when it comes to remote working, it is also a high-value target for cybercriminals. Properly monitoring your Office 365 environments for your remote workers can help to detect account compromises, identify phishing attempts or suspicious email patterns and detect password attacks, suspicious file sharing, permission changes or downloads. Protecting your organisation and having use cases to monitor your remote workers Office 365 environment is crucial, whether you have a hybrid cloud or multi-cloud model – is even more important if you have employees working from home.
- Make sure your data is secure. The encryption of data in transition should be end to end. In addition, all interactions with servers should happen over SSL transition (TLS 1.2). This will ensure the highest level of security. The SSL should only terminate within the cloud service provider network.
- Get a virtual private network (VPN) and virtual private cloud (VPC). Having a dedicated cloud environment gives you total control of your data. Customers can connect securely to your corporate data centre, and all traffic from and to instances in your virtual private cloud can be routed to their corporate data centre over an industry standard encrypted Internet Protocol Security (IPsec) hardware VPN connection. This should also be monitored 24/7 for suspicious activity.
- Look for partners who can help. If you’re struggling to secure your cloud environments, consider finding a partner to assist. Utilising SOC-as-a-Service or other managed security services allows you to not only fill a gap within IT security, but also offers significant cost savings through tailored service offerings. Their continuous detection, protection and response is a great option for organisations that do not have resources for a 24/7 in-house team.
- Ensure partners follow rigorous compliance standards. If you find yourself looking for partners, make sure their compliance standards are robust. Two of the most important are SOC 2 Type 2 and GDPR. SOC 2 Type 2 is good for internal risk management processes, regulatory compliance oversight and vendor management programs. It confirms that a cloud service maintains the highest possible level of data security. GDPR is the European standard when it comes to data compliance. You should ensure your partners are adhering to best practices that will achieve GDPR compliance.
There is a lot to consider during this time of uncertainty, but once the dust settles, migrating to the cloud properly will provide benefits to your employees and customers alike. If you’re looking for a partner who can help you with this transition, or if we can be of help in any way, please feel free to contact us.
2019 was another busy year for cybersecurity professionals. There were more security incidents than in any previous year, and they included some of the largest breaches of all time. According to Forbes magazine more than 4.1 billion records were compromised.
Looking forward to the next decade, we expect cyber defenders to still face many challenges. Fueled by the growth of the Cloud, IoT devices, and mobile, the attack surface will continue to grow exponentially. Cybercriminals have been using Machine learning and will expand on its use in the coming year. Nation States will invest more in cyberwarfare to target government, Critical infrastructure, and organizations.
Proficio has been providing our clients managed security services for nearly a decade. Our understanding of the cybersecurity landscape is informed from being both a user and a provider of cybersecurity technology. The following projections define 10 important changes that we see driving the cybersecurity agenda over the next decade:
- AI Gets Real
At Proficio, we have been both experimenting and deploying Machine learning (ML) for years. We think ML is now transitioning out of the early stages of the Hype Cycle into the early stages of broader adoption as a credible cybersecurity technology necessary for a meaningful part of any cyber defense arsenal and playing a significant role for Incident Response (IR) and Security Operations Center (SOC) teams.
There’s been a lot of talk about the potential for ML to replace Level 1 or 2 Security Analysts. We strongly disagree. We see ML as a tool that augments Security Analysts, helping them to identify relationships between seemingly unrelated events, cutting out false positives, and detecting anomalies. Combined with threat intelligence, ML will enable security teams to detect and respond to security incidents faster, more effectively, and with far fewer people than would otherwise be possible.
- Automation to the Rescue
Talk to any CISO and it won’t be long before you hear an anecdote that illustrates the cyber skills gap. Conventional wisdom is the shortage of cyber professionals is now measured in millions, and when you peel back this issue, the gap is more complicated by the range technologies used to ensure a strong cyber defense. In addition to Security Analysts, Incident Responders, and SIEM Engineers, organizations are now in need Data Scientists and ML Experts.
We don’t expect the cyber skills gap to go away in the 2020s, but there is light at the end of the tunnel in the form of SOAR (Security Automation, Orchestration, and Response). Proficio was the first MSSP to create a proprietary SOAR platform and today automation plays a significant role in the services we deliver.
SOAR platforms promise to help SOC and IR teams reduce response times, cut down on manual work, and engineer repeatable, semi-automated processes. By creating standardized, repeatable processes — and automating them where possible — SOAR reduces the burden on security teams. In addition, a SOAR platform integrates with other technologies and provides a single orchestration interface for security teams. Instead of learning to use five or more different tools, security engineers need only become accustomed to a single interface that is integrated into their operational processes.
- GDPR Goes Global
Since the General Data Protection Regulation (GDPR) came into effect in May 2018, organizations with EU customers have had to step up their data privacy compliance processes and systems.
Historically, the major compliance frameworks (PCI-DSS, HIPAA, ISO27001, etc.) were akin to audit checklists. So long as you ticked off certain requirements — and you could prove it — your job was done. It didn’t matter if you were actually secure, as long as you followed the rules.
But GDPR changed the game. Now, instead of a checklist, organizations are responsible for collecting, analyzing, and acting upon security data to ensure the ongoing protection of sensitive assets. If an organization is breached, and sufficient action wasn’t taken to prevent it, irrespective of any checklist, large fines will follow.
We believe that in the next decade GDPR like regulations will be adopted by most developed nations, and the afore mentioned industry specific compliance regulations will adopt a similar stance and have already started to do so.
- The Cloud is the Thing
In terms of decades, if the 2000s were about defining the perimeter and improving perimeter security controls and the 2010s we same the introduction of evasive techniques and more sophisticated maleware that evolved over time bringing about the need for next generation technologies, including endpoint, firewalls and software defined perimeter controls within virtualized platforms, the 2020s will significantly expand on the extension of the security controls into the cloud as the adoption of cloud and hybrid architectures become more mainstream.
Data and applications have been moving to the cloud for a while now. Not only are cloud environments more complex to secure than local datacenters, they’re also vulnerable to a wider range of cyberattacks. For these reasons, some organizations have avoided a complete move to the cloud in favor of a hybrid approach.
Over the next decade, security and IT leaders will need to look for ways to secure complex, multi-cloud environments while retaining control over how cloud services are consumed. IT will need to find a way to be an enabler within the organization by defining standards that allow for the adoption of cloud technologies and limit shadow IT.
Cloud Access Security Broker’s will continue expand its use as more organizations consume cloud services in all areas of their business operations. This is a key enabler that protects corporate assets and data, reduces the burden on IT, and allows the business to explore new and improved technologies that better enable them.
We expect the compensating controls within big cloud infrastructure platforms — Azure, AWS, and Google Cloud, among others — to mature. This is an inevitable response to a clear business need, as cloud providers seek to keep customers ‘on brand’.
Security leaders will need to ensure that tools being used to secure traditionally hosted data and services also extend to the cloud. This may take time to fully realize because many security tools currently don’t work well in the cloud. However, now that cloud usage has become the norm, security vendors are scrambling to ensure their tools remain relevant, you will also continue to see cloud focused security vendors becoming more relevant and even prominent amongst the startups.
- Marie Kondo for Security Tools
When organizations began to take cybersecurity more seriously, they went on a security tool buying spree resulting in a proliferation of tools that often did not work together. This was made worst by the abundance of Cybersecurity startups that claimed to be the next best thing and were trying to define a new market, which has created significant confusion in the industry compounded by baseless opinions often using marketing and global reach as an indication of effectiveness of a technology.
There were two big problems with this approach. First, it was expensive. Second, it introduced another problem: The hidden cost of resources to manage these tools, a “Best of Breed” purchasing strategy creates unnecessary complexity in the architecture requiring more trained resources to manage all the technologies in alignment with the vendor recommended best practices. This approach generally results in duplication of functionality across technologies and as a result ineffective implementations and underutilization of the investment.
Cybersecurity industry is slowly maturing, organizations are realizing that they can’t solve all security problems by purchasing extra tools. It’s often quite the opposite. They need to simplify their technological footprint while focusing on the other two components of a functional security program: a strong team and effective, repeatable processes.
Similar to Marie Kondo’s approach to simplifying and organizing household belongings, we expect security leaders to see that their teams are better off maximizing the value of a handful of core tools rather than they are using just 5-10% of the functionality of many disparate technologies, we expect smarter purchasing decisions that factor in cross vendor integration capabilities or through consuming technology as a service from an MSSP focusing their buying decision on a business outcome.
- The Rise of 5G
The 2020s will be the decade of 5G. Any time there is a greater than 10X change, you should expect significant related affects. The promise of 5G is to improve mobile data rates and latency by 50 to 100 times. This technology will enable new applications, restructure cloud architectures, and notably be used in mission critical enterprise applications like factory automation, robotics, transportation, and more.
5G will accelerate virtualization, proliferate distributed edge networks, and enable hackers to attack more devices at faster speeds. Cyber defenders will need to respond with new policies, security virtualization, tighter access controls, and approaches to device authentication. Next generation endpoint security technologies will need to be far more effective on mobile technologies being more effective of locking down the OS of the devices and access to the hardware capabilities and apps. Think crypto jacking on mobile devices as an example of an attack type that would become viable.
- The SOC of the Future
A Security Operations Center or SOC is the nerve center where a team of security experts monitors and responds to cyber threats on behalf of their organization. Proficio operates a global network of SOCs and is leader in innovating how SOCs operate for maximum effectiveness.
Over the next decade we expect the way SOCs function to change in a number of ways;
Historically, security event monitoring and response has been log-centered. If a log entry flagged as suspicious, an alert was created and investigated by a security analyst. This approach is problematic when it comes to unknown threats because, until a threat has been seen and reported, there’s no rule to detect it. Unless an organization has an active threat hunting program in place, such threats can go undetected for some time. Keep in mind that the current industry average for mean time to detection of a breach is 200 + days.
We expect SOCs to adopt frameworks like the MITRE ATT&CK which encourages security teams to think in terms of tactics, techniques, and procedures (TTPs). While a new threat may contain hashes, C&C infrastructure, or URLs that haven’t yet been categorized as malicious, only a tiny proportion of threats use completely new and innovative TTPs.
As a result, a security program that’s setup to identify TTPs (rather than specific indicators) is much more likely to identify attacks and breaches.
For many organizations, a fully-functional 24/7/365 operation is essential to ensure the ongoing security of sensitive data and assets. For all but the largest and most profitable organizations, however, building a security function of this magnitude is simply not financially viable. Currently the minimum viable number of resources for an average organization of about 3000 employees, to implement a 24X7 SO operation, is 27, this gives them the minimum viable for shift coverage, and this assumes a well rounded optimized technology stack for security control enforcement and monitoring. The challenge with this is that your resources would only have an effective average utilization of less than 20%, which is not very conducive to staff retention . Add this to the ever-present challenge of the cybersecurity skills gap, and it’s easier to understand why many organizations will turn to Managed Security Service Providers (MSSPs) to supplement the capabilities of in-house resources.
Women represent about a quarter of the cybersecurity workforce. We expect this percentage to increase considerably over the next decade with the consummate benefit of reducing the shortage of cyber professionals and adding diversity.
- More Intelligent Patching
Vulnerability Management is key to a mature security program. However, VM Scans can generate so many vulnerabilities that IT teams only have the resources to patch a fraction of the hosts and devices identified as requiring updates. Sometimes the quantity of alerts can be so overwhelming that it slows down remediation or results in no action at all.
The solution to this challenge is to prioritize based on the risk of a vulnerability being exploited in the context of the criticality of the asset, industry vertical, and level of known activity in the wild. Vulnerability Management needs to become a process that prioritizes based on risk, includes expert advice on the best approach to remediation, and measures and reports on progress.
We see Risk-based Vulnerability Management becoming standard to most organizations over the next decade.
- Don’t Forget Humans are Fallible
Human error is the second most common cause of a security breach. Human errors range from configuration errors on cloud architectures, servers and security devices to failure to follow organizational policies by administrators and users alike.
Humans are not going to change. So, to compensate for this reality we urge IT leaders to prioritize training, process control, and use technology where possible to automate tasks and detect issues resulting from simple mistakes.
- In the End It’s All About Risk
It is inevitable that most organizations will experience a security breach at some time. The operational priority for any organization is to quickly detect and remediate a breach.
In the 2020s, we expect IT leaders will increasingly need to explain the magnitude and types of cyber risk that apply to their organizations and provide their executive teams with strategic options to reduce risk.
Shareholders and customers want to understand what organizations are doing to protect important assets and data.
Up until now, security leaders have been forced to spend a huge amount of time preparing reports for board and stakeholder consumption. Many resorted to Excel and manual databases because alternatives weren’t available.
Over the next decade, security leaders will rely on business intelligence dashboards that show the threats facing their organizations and trends by type of attacks and attack targets. These dashboards will summarize the organization’s security posture, identify gaps, and compare risk with that of industry peers in near realtime as apposed to a monthly point in time based on sometimes limited and stale data. Proficio’s ThreatInsight is an example of such a dashboard
2020s: A Decade to Embrace Change
As we wave goodbye to 2019, we are excited about the changes that the next decade will bring and looking forward to helping our clients protect their data and brand.
From all of us at Proficio, we wish you a safe and successful 2020.