Cybersecurity, as you know it, is about to changeSeptember 9, 2020
By: Kumar Ritesh, Chairman and CEO of CYFIRMA
Pundits across the world have set their sights on a post-pandemic future, arguing that a new normal is about to descend upon us. While I recognise much of what the future holds is ambiguous, there is an area which will become our inevitable reality – cyberthreats that come with rapid digitisation.
According to a report by the Australian Cybersecurity Growth Network, global cybersecurity spending is set to increase by 86 per cent to US$270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.
To wrap their minds around post-pandemic realities, business leaders and CISOs would need to understand the cybersecurity impact of these strategic digital shifts. COVID-19 has become the catalyst to trigger change in the ways of managing and operating technology. Let me outline a few here.
Telecommuting is the only way of working for many
1. Adoption of virtual desktop will finally see an upswing:
With tele-working likely to become the norm, virtual desktops could become the security baseline for IT teams to enforce data management standards. Virtual desktops emulate a computer system so that IT can control access such as adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.
To meet the stringent criteria of regulatory and corporate compliance regarding data security, many companies will see the adoption of virtual desktops as the go-to solution.
2. We will notice surge in adoption of decentralised cybersecurity:
Traditional cybersecurity controls dictate a centralised approach where data is consolidated from different sources to perform analysis and investigation. With swift digitisation, security controls will shift to data sources, similar to the trend witnessed in IoT. We could start seeing a new wave of anti-virus, data loss protection, digital rights management and endpoint-based firewalls and other security controls gaining traction.
With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralised cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.
3. Rise in biometric way of authentication:
User access controls have largely revolved around one or two-factor authentication. These methods rely on ‘something you know (username)’ and ‘something you have (password)’ and given hackers’ interest in employees as the weak link to start a technical exploit, we will see cyberattacks directed towards individuals.
This means identity protection will be of priority and the best defence should focus on building authentication systems which focus on ‘who you are.’ This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice, and facial recognition technologies.
With biometrics, hackers’ attempt at impersonating you just got a lot harder than trying to break into passwords.
New processes will govern our way of work
1. Global privacy regulation and policies will require a re-look:
The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes. With remote working taking centre stage, re-evaluation of these policies is needed to address the new cyberthreats.
From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.
Governance around companies and employees’ social media profiles would also have to be included as these platforms are frequently trolled by hackers as they carry out reconnaissance before launching a cyberattack.
2. Cloud will become more important than ever before:
The shift to cloud services offers employees, customers, suppliers, and everyone else across the ecosystem a seamless and friction-less access to data and applications. Remote access by various users would compound security challenges and presents many new potential attack vectors.
In the post-pandemic world, IT resources would shift towards data, particularly keeping data secure across cloud platforms.
3. Containerisation technology will be extended beyond enterprise network to include endpoints:
IT architectures will extend containerisation and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerisation, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobile devices.
This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimise risk of cyber intrusion and data breach.
Technology and tools are taking over
Innovative technologies such as ML/AI, AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.
Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities. By digitising the previously labour-intensive processes, factory operators will enjoy improved efficiencies, but at stake will be cybersecurity, if it was not integrated during the early stage of transformation.
Cybersecurity teams who are saddled with events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, business can digitise confidently with external threat intelligence as the guiding beacon.
And let’s not forget people as critical cyber defenders.
Hackers’ technical exploits will flourish in level of creativity and ingenuity, and a digital ecosystem is the perfect playground for malevolent agendas. Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into the corporate network will also intensify accordingly.
Instead of seeing people as the weakest link, view them as your frontline defenders. Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.
Hacker groups will rattle the cages of government and businesses as digitisation efforts escalate. Cybersecurity strategies would have to shift downline towards the remote worker, decentralised controls, and enhanced policy measures. Digital transformation and cybersecurity are twin engines for sustained success, and this has just risen to the top of the boardroom agenda as economies awaken to the new realities of a post-pandemic world.
About the author
CYFIRMA Chairman and CEO, Kumar Ritesh, has 2+ decades of global cybersecurity
leadership experience across all facets of the cybersecurity industry. He spent the first half of his career as the head of cyber of a national secret intelligence service agency, gaining first-hand cyber threats and risks insights on a global scale before transiting into the commercial arena as a senior executive for multi-national corporations IBM and PwC. Ritesh was also the global cybersecurity leader for one of the world’s largest mining companies, BHP Billiton. Through his blogs and public speaking engagements, Kumar educates companies on cybersecurity risks, solutions and trends.
Headquartered in Singapore and Tokyo, CYFIRMA is a leading threat discovery and cybersecurity platform company.
CYFIRMA is also an ICE71 Scale company.