What will be the top 5 areas for cyber security focus in 2021?
As the curtains close out on 2020 and the promise of new things shines the lights on to 2021 we look back at what enterprises did in the previous year to support the rise of the teleworker, the unfaltering desire to move more and more in to the cloud and the never ending threat from cyber crooks that keep businesses leaders and cyber professionals alike tossing and turning at night.
1. Securing remote and dynamic workforce - identity assurance and XDR
Pre-covid19 and with digitalisation, organisations were already working with geographically distributed teams, and with covid19, many are now looking to keep their workforces remote even beyond the crisis. As workforces become more distributed and remote, and with a widened and complex threat landscape, the traditional approach to security must has to be reimagined.
Protection combined with proactive approach to threat detection and response delivers visibility into data across networks, clouds and endpoints while applying analytics and automation to address today’s increasingly sophisticated threats. Enter eXtended Detection and Response (XDR) and Zero Trust (ZTNA) to support the noticeable acceleration in SaaS-based Identity Access Management (IAM) and Identity Governance and Administration (IGA) seen in 2019-2020.
2- Ransomware protection and cyber hygiene
According to ENISA, an estimated €10.1B were paid in ransoms during April 2019 – April 2020, €3.3B more than 2018. This makes ransomware the second most common and costliest types of extreme cyber events, according to IRIS2020 report. The sophistication of threat capabilities increased in 2020, with many attackers using exploits, credential stealing and multi-stage attacks. Considering the high yield for attackers and organisations struggling with cyber hygiene, we expect an increase in ransomware.
Significant progress has been achieved by organisations such as Europol and over 150 partners with the ‘No more ransom project’ . The portal has added more than 30 tools and can now decrypt 140 different types of ransomware infections. The Lockheed Martin Cyber Kill Chain framework can be used to map each step with the controls that organisations can implement.
3- Cloud Posture - CSPM, CWP (host, container, serverless), and microsegmentation
A successful move to the cloud is much more than just moving data. It’s an opportunity to transform the way organisations work, how they interact with data, how they interact with each other, and how they enable their teams to work with the best possible tools. Welcome to the world of “workload-based architecture” and hybrid multi cloud environment.
Unfortunately, nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement and mistakes. Security leaders would increase investment in cloud security posture management (CSPM) processes and tools as well as monitoring and protecting cloud workloads (Cloud Workload Protection – CWP) to proactively identify and remediate these risks.
4- Visibility and monitoring – adopt the triad model but bring in DevOps and AppSec
The Security Operations Centre (SOC) Visibility Triad is a network-centric approach to threat detection and response, as described by Gartner in 2015 and 2019. The SOC Visibility Triad model leverages data from three core pillars:
- Logs/user and entity behaviour through SIEM complemented by UEBA and SOAR
- Network traffic through network detection and response (NDR)
- Endpoint detection and response (EDR).
Although this is still valid in 2020, modern security operations will continue to demand integration of applications and modern development practices such as DevOps, from the first line of written code through production. Aligning the contrast platform to the modern enterprise security architecture with the SOC provides deeper visibility and enhances the security posture of the digital landscape while benefiting from efficiently secure software at DevOps speed and providing intelligent, real-time, and actionable responses to block and mitigate application threats.
Security must shift left. Security leaders will need to completely reimagine how SOCs are built and managed — sentient enough — to keep pace with digitalisation with new level of rigour, adaptive and agile processes, and collaboration across the organisation.
5- Data access governance (DAG)
As more and more organisations are making their journey to the cloud, they are faced with regulatory challenges and what to do with an increasing amount of sensitive data in unstructured formats, often found in storage solutions that are far less secure such as file shares, collaboration portals (such as SharePoint), cloud storage systems (such as OneDrive or Box), or emails.
Although Cloud Native DLP and CASB DLP both act on data at rest, organisations are confronted with running multiple disjointed governance solutions exposing themselves to security risks which often stem from duplicated and inconsistent policies, access requests and certification in this new world of work-from-anywhere, IoT, Cloud and GDPR.
DAG is becoming of more interest as a solution that works on the same basis as DLP, but instead of quarantining, encrypting or deleting data, provides large amounts of information about the data structures, access and use – as well as sensitivity and therefore some idea of risk, especially Data Security Governance.
Special mention: Iot and IoMT for manufacturing and healthcare
A June 2020 research by HelpnetSecurity of anonymised data from more than five million unmanaged IoT and IoMT deployments across a variety of verticals including healthcare, life sciences, retail and manufacturing, found a staggering number of vulnerabilities and risks concerning connected devices.
There are real risks and threats posed by IoT, IoMT, and other connected devices if not accounted for and properly managed. As many analysts predict, there is no sign of the slowing of adoption of IoT devices, thus security needs to be prioritised.
Organisations need to refocus on this growing attack surface of unmanaged and IoT devices with a better uptake on solutions to discover every managed, unmanaged, and IoT device on and off of their network, analyse device behaviour to identify risks or attacks, and protect critical business information and systems.
Iris Networks Cloud & Security offers four distinct Managed Security Services to support our customers:
- One-off Cloud Security Posture Assessment Service
This one-off cloud security assessment helps organisations to reduce their risk, and improves the visibility of their data life cycle in an era where cyber threats are complex and multi-faceted.
In this model, we provide a one-time assessment service our SaaS environment or for highly regulated customers, we also set up an on-demand offering.
Carrying out a cloud security assessment is a practical and strategic exercise to improve your cloud security health. A cloud security assessment helps you reduce your risk, and improves the visibility of the data life cycle in an era where cyber threats are complex and multi-faceted.
- Managed Cloud Monitoring
This service provides organisations with continuous security monitoring, compliance adherence and custom policy building effectiveness, across multiple major cloud platforms.
As businesses everywhere move onto the cloud, they face new security challenges. There are thousands of configurations in the cloud and the numbers increase exponentially as you start leveraging more and more services from Cloud Service Providers and more so, when you have a multi cloud posture. It then becomes humanly impossible to keep up with and understand the nuances of the configurations involved in some of the key components in the cloud, mainly centred around Compute, Networks, Identity and Storage.
Using our industry-leading cloud-native platform, our Mission Control team enable you to have assurance that continuous monitoring, compliance adherence and custom policy building are effective as well as detecting cloud vulnerabilities and attacks as they occur, across multiple major cloud platforms. Our team work directly with you as an extension of your team, bringing their cloud security expertise to bear to guide implementation, risk surface identification, and ongoing cloud monitoring, enhancing your cloud strategy security posture.
- Managed SIEM
This service goes beyond Managed Security Services, and is tailored for organisations not comfortable off-loading their data to a provider, while maintaining full transparency working with our Mission Control.
It covers a blended group of security operations specialists, running, managing, and perfecting your tools, while you retain total ownership.
This service enables your security analysts to prioritise alerts, and respond to the most suspicious threat behaviour faster, and ensuring that threats don’t go unnoticed and linger in your environment.
- Managed Detection & Response (MDR)
MDR is for organisations struggling with detecting and responding to modern cyber threats efficiently across all environments: IT, OT, and cloud. MDR a cost-effective alternative to building an in-house SOC, delivers real-time monitoring, detection, and response using a holistic, turnkey approach.
We provide 24×7 coverage, extensive security expertise, and a well-staffed security team ensuring that threats don’t go unnoticed. We eliminate alert fatigue and false positives to promote a faster response with detection, and response capabilities that are tailored to your specific needs. Our Mission Control team work directly with you as an extension of your team to perform threat hunting, incident response, and guided remediation, while also providing strategic recommendations tailored to the unique needs of your environment.