Friday, 29 May 2020 16:46

Breaches are Inevitable

Louis Tague, FireEye Louis Tague, FireEye

How do You Detect and Respond to Them?

GUEST OPINION By Louis Tague, Vice President, Australia and New Zealand, FireEye: As efforts to adjust to the “new normal” are forcing huge portions of Australians into remote working and outside the relative safety of their employers’ corporate networks, cyber risks have become top-of-mind even for employees who don’t work within security.

Their concerns are justified. Despite the security of the public cloud infrastructure, a rapid shift toward remote working means that the number of entry points into the corporate network has ballooned. Now that the corporate network extends through every public ISP into almost every household in Australia, there are far more opportunities to access cloud environments where organisations are storing more and more sensitive data. Cyber criminals have wasted no time in trying to capitalise on this new landscape.

 This creates obvious challenges for security teams, but there are both immediate and long-term ways to mitigate the risks. Here are three tips for protecting Australia’s suddenly remote workforce:

1. Extend monitoring and auditing into cloud environments.

Whether employees are accessing a public cloud through Azure or AWS, or public apps like Salesforce, organisations need to monitor the audit logins and traffic going from the corporate environment into their instances of the cloud.

Because attacks will generally come in through the corporate network rather than the back of the cloud, the type of traffic you’re seeing will need greater scrutiny. Just as unusual behaviour would be monitored in the corporate environment, it will also need to be monitored against organisations’ cloud environments, too.

2. Remember that your cloud’s credentials are your organisation’s crown jewels.

This is probably the number one most important thing any organisation can do toward securing cloud environments. While it might seem rudimentary for organisations with large security teams or budgets, small- to medium-sized businesses will need to make it a focus as best they can.

It will require monitoring to ensure that the right credentials are used for the right thing when users are logging into your cloud environment. As always, a large piece of this puzzle is protecting employees’ passwords through increased vigilance around phishing and ensuring that multi-factor authentication is used, especially those that would offer complete access to cloud-based environments.

One silver lining is that the influx of remote working has been accompanied by a growing number of cyber security conversations in traditional and social media, which means many workers are increasingly cognizant of their vulnerability. Now is a great time to continue educating them and helping them recognise risks like phishing attempts.

3. Looking toward a post-VPN environment — or, at least, one that’s less dependent on VPNs.

Employee education will always be important, but organisations also need to ensure they’re separating people’s personal activity on their laptop from their business use.

The radical increase in Australians working from home has heightened this issue. A huge number of organisations are leaning on VPNs to do this and, given the fast-changing nature of pandemic responses, this technology may be a necessary stop-gap solution for many teams. However, most security pros are also aware, as cloud applications increase, VPN as a legacy technology creates its own set of security risks and provisioning challenges.

Going forward, as more people acclimate to remote work, there’s a good chance that many organisations will retain some of the emerging norms and habits around working from home. This might even be a silver lining, with future employees working more flexibly and organisations operating with reduced overheads. But it also means that security teams will need to consider more sustainable options — ones with more  scalability, less bandwidth overload and more network security features than VPN technology.

While the foreseeable future will no doubt be challenging for organisations and security teams, it might also be a golden opportunity to rethink security approaches in ways that both respond to current crises and create more sustainable environments in the long run.

 

Read 2245 times

BACK TO HOME PAGE

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

INVITE DENODO EXECUTIVE VIRTUAL ROUNDTABLE 9/7/20 1:30 PM AEST

CLOUD ADOPTION AND CHALLENGES

Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.

REGISTER HERE!

BACK TO HOME PAGE
BACK TO HOME PAGE

Webinars & Events

VENDOR NEWS

REVIEWS

Comments