The resilience theme for RSA 2021 was spot on. With apps, people, and data moving outside the traditional enterprise, we’re now in a world defined not just by SaaS but also by new buzz words like hyper-distributed workforces and multi-generational IT.
In short, digital transformation went from being an aspiration for many organizations to being a fact. With more electronic borders being broken down every day, we’re in the age of what Manny Rivelo, Forcepoint’s CEO, called “The Unbound Enterprise.” Giving people access to critical information and then protecting how they use it after they access it what it’s all about now.
WSJ Intelligence C-Suite Report
That was the underlying theme of the RSA session that Nico Fischbach, our Global CTO, co-presented with Nicolai Solling, CTO of Help AG. Their topic, “New Normal, New Security? Five Security Trends to Watch in 2021 and Beyond,” was fittingly presented online instead of in-person.
Nico and Nicolai discussed five trends that they expect will gain prominence and the proactive steps you might wasn’t to consider taking as security and business leaders.
1. The Emergence of the Zoom of Cybersecurity
2. People Do People Things
3. Disinformation is Inevitable
4. The Rise of Insider Threat-as-a-Service
5. Where is Your Data? You’ll Find Out…
The Emergence of the Zoom of Cybersecurity
Cybersecurity is now a business differentiator, and it needs an industry disruptor that is deeply integrated into the public cloud ecosystem.
The need for a converged, digital, cloud-delivered platform means we’ll see the emergence of the “Zoom of Security." As we all discovered last year, Zoom “just works.” Security that just works isn’t simply a matter of providing a good experience for security teams and end-users, it’s also about time-to-value. Security has to be easily accessible and usable for everyone. This is what boards of directors will demand of their cybersecurity platforms.
What to do next
- Recognize that cybersecurity is an integral part of any transformation
- Start moving from a strategy of point products to converged cloud services. Adopt cloud-native security that fully integrates capabilities, automation, and simple deployment to the enterprise edge, branches and remote sites.
- Instead of rip-and-replace, consider subscription-based models that allow you to add capabilities as you need them. The Zoom of cybersecurity needs to fit alongside existing technology and security investments to be effective.
People Do People Things
Speaking of users, Nico and Nicolai stressed a key point that runs counter to the usual rants: Your users aren’t the weakest link. Working from home (WFH) can’t take more friction if we want employees to remain productive.
Looking to the future, my colleague Dr. Margaret Cunningham said it best: “Successful cybersecurity strategies will stop trying to use technology as a unilateral force to control human behavior. In fact, additional layers of security may push more people outside of the guiderails due to increasingly aggravating security friction that blocks them from completing tasks or easily accessing critical organizational assets.”
What to do next
- Assume breaches will happen and plan accordingly. Look for new approaches such as risk-adaptive data protection bring your real world practices into the digital world, connecting the dots across cyber behaviors to reduce the noise and prioritize risk.
- Use real-time intelligence and automation to actively coach users through interactions as they occur. Maybe your research scientist tried to copy a confidential chart for an executive presentation. They should understand that risk, but you’ll likely want to allow the activity if the context is “to get their job done.”
- Automating DLP is the best way to eliminate friction while ensuring valuable intellectual property or critical data only ends up where we want it.
Disinformation is Inevitable
My colleague Eric Trexler said “Currently, disinformation is one of the biggest yet most nebulous threats facing democracy” and I agree 100 percent. Nation states have continued to target the U.S. government to disrupt elections and foreign policy. We’ve seen that all too many people will take what they read on the Internet at face value without looking further. Disinformation-as-a-Service is real and it has mostly targeted our Federal civilian, intelligence and military organizations, but what can we do when the disinformation campaign targets private enterprises? The campaigns are extremely asymmetric, typically low-cost to enact and sustain but delivering a huge impact to our way of life and commerce.
What to do next
- Be diligent about questioning what you see online and pay attention to the growing dialogue from legitimate news and social networks around disinformation campaigns.
- Re-assess your security awareness programs. Test, validate and engage your users constantly.
- Support the partnership between governments, think tanks and the private sector to ramp up disinformation research.
The Rise of Insider Threat-as-a-Service
The biggest threats might come from where you least expect: your people, partners, contractors and other user accounts with privileged access. This is why applying Zero Trust principles that require explicit permissions for every place data is accessed and used is so important. We want to believe our employees are good, but research (and the news) tell us between 15 to 25 percent of them just aren’t—whether on purpose or by accident. The only way to find these people before they do irreparable damage is by understanding the context of behavior and spotting when their activities simply don’t match up. The goal needs to be “Left of Loss,” not “Right of Breach.”
What to do next
- Ask tough questions about your ability to spot and stop anomalous behavior before it’s too late. Do you have solutions that enable you to shift left of loss and stop high-risk actions before they turn into breaches?
- Constantly strive to have better visibility into the actions of the hybrid workforce. Your “anywhere” workers are now moving seamlessly among their home, office, and remote locations (as people begin traveling again).
- Take proactive steps to automate data protection against risky behavior.
Where is Your Data? You’ll Find Out
As we’ve discussed here before, we’re finally starting to understand exactly how much intellectual property was stolen by external attackers and malicious insiders during the time the world turned upside down. Cyber criminals have made their presence known in various ways, from themed phishing to Orion Sunburst to Colonial Pipeline. Profit or foreign policy disruption is now the end game for the data stolen by many bad actors.
What to do next
- Infrastructure and data protection need to adapt: the management of data protection is the most important cybersecurity imperative for enterprises in the next months and year.
- Do your best to introduce resiliency, security and visibility into your efforts. Re-visit your security posture to ensure it encompasses on-premises, work-from-home (WFH) and SaaS.
- Spend the time to understand the efficiencies of endpoint security. Implement consistent “follow-me” enforcement policies and increase visibility so security controls can go where users go.
Challenges for security are nothing new. What’s new is the immediate timeframe and the highly-distributed and constantly-changing nature of this particular challenge. The best way to be prepared is to adopt a mindset of evaluating everything critically—from policies and processes to postures and risk management programs. Along the way, continuously ask yourself whether you’re putting data security first in your thinking. That will give you the foundation for truly building resiliency into your business.