I believe that the main lessons that could help us do a better job in the cybersecurity area are:
Greater visibility. Our employees are likely to use the same network as their families, creating additional entry points for attackers. Home is the new network, with a wider perimeter than ever.
New work environment. People have always gone to work. But now, the work goes to the people. They could be using any device, network, location. What used to be ‘bring your own device (BYOD)’ is evolving to bring your own cloud.
Wherever employees work is the new normal. Building structure will require acceleration of automation, machine learning, artificial intelligence, cloud use and management, and other trends that have been in the works for years.
Sustained awareness. The environment changed, the network became more complex, and hackers increased their attacks. We need to redouble cyber awareness, ongoing training, and drills. The user is still the weakest link.
Agility to provide security. We have to consider the modernization of cybersecurity as a vital investment in our organizations, it must be a must in digital transformation projects.
An attack is a matter of time. It is more than evident that attacks have increased regardless of the size of the company or its line of business. It is not enough to comply with the rules and audits. Or be sure to try to avoid an attack. I believe that you have to have a plan to respond in a timely and coordinated manner to the complexity of the attack and reestablish critical services as quickly as possible.
In terms of authentication, what has been the most outstanding advancement? We are living in the most important moment: remote work.
See identity as the new perimeter. To gain a competitive advantage, companies quickly adopted cloud-based technologies and services, automated processes, developed applications, and all to deliver engaging experiences for their customers.
This put further pressure on the integrity of the security, which was based on the perimeter of the network. From the outset, many of the clients allowed access to the most sensitive systems. But access was centralized.
In the new environment the company had to connect home offices, support new devices, and bring new collaboration tools online as quickly as possible.
With thousands of entry points, the perimeter of the network became even more porous, and cyber attackers have been taking advantage of it. In today’s multi-cloud world, identity is the new security perimeter, all identities can be a route of attack on an organization’s most valuable assets.
The identity is in each user internal or external to the companies and in the applications. Securing the growing number and types of identities is the challenge, and it requires a new approach based on access privileges.