< Previousprotecting your corporate network www.networkseuropemagazine.com 20 Large businesses have large amounts of money flowing through them which, according to the same report, is a cyber-criminal’s most common motive. But corporates also hold other assets which can be monetised: greater and greater volumes of sensitive data and information. So it’s not surprising that 70% of all data breaches recorded by Verizon involved large organisations. While the pandemic continues to change the way we work, how can IT teams at corporates protect their networks this year? Make cloud security a priority There’s already plenty of conversation about whether the cloud will reach its peak this year. It’s easy to see why, given 92% of organisations’ IT environments are to some extent already in the cloud, according to an IDG report, and COVID-19 has accelerated cloud migration plans. But all change, good or bad, brings new dynamics and new sets of diverse challenges with them. Cloud is no exception. An increased attack surface is one of the implications of the complex nature of the cloud. When traditional network perimeters are removed, the question of accountability must be asked. Whose responsibility is it to secure data hosted in the cloud? Is it the cloud providers? Or the customers? Top three methods to your corporate network Rich Turner SVP EMEA CyberArk Cyber-criminals are motivated by a variety of different things. Some want to spy, some want to disrupt, and some want to steal. Their targets cover the entire spectrum, from individuals right up to nation-states. But of all victim types, large firms are the most frequent target of cyber-attacks, according to a 2020 report by Verizon. It’s not hard to see why.protecting your corporate network www.networkseuropemagazine.com 21 ds to protect etworkprotecting your corporate network www.networkseuropemagazine.comwww.networkseuropemagazine.com 22 Misconfiguration of account privileges is one of the most common consequences of this misunderstanding and, by extension, one of the leading causes of data breaches. When default credentials aren’t reviewed, excessive permissions can allow standard users unnecessary access to sensitive data. AI-powered automated tools that review user permissions and privileges can be of great use to IT teams trying to overcome this problem. They provide both a quick and effective way of discovering accounts with excessive privileges and removing any superfluous permissions for specific users. Secure third-party contractors Research carried out last year discovered that 25% of British businesses use over 100 third-party vendors. Whether consulting services or supply-chain managers, outsourcing internal functions has become commonplace. Many of these third-party services require access to internal resources and data to fulfil their obligations. Our research found that 90% of businesses allow third parties to access critical internal resources – sensitive assets that if disrupted or stolen would cause significant harm to the organisation. This presents a problem for IT teams because responsibility for security is then passed to your third party partner. You may be able to trust your own security measures, policies and protocols, but can you trust theirs? In fact, last year the flexible office space firm, Regus, suffered a breach due to this exact situation, with detailed employee performance information being leaked via a third party vendor. Regus had hired a vendor to audit its staff. The vendor’s security measures were weak and the data breach was discovered in an investigation by the Telegraph. The impact an event like this has on reputation, as well as a company’s finances, is deep. This example is a warning to any business using third- party vendors. The privileged accounts of all external operators must be constantly managed and monitored. They must be secure, structured, and multi-levelled, granting third parties enough access to carry out their jobs without putting the firm at risk of a punishing data breach. Advanced Security-as-a-Service packages are well worth consideration for businesses hoping to ease the burden of monitoring and management on their IT team. Make education part of security policy The most evident challenge of 2020 was the transition into home offices from the traditional corporate workplace. IT teams were thrown into a maelstrom of consumer technology trying to connect to corporate data and assets. Whether via an employee’s Wi-Fi router or their personal laptop, the huge number of new devices introduced posed varying security risks. This challenge will only continue in 2021. With the UK still protecting your corporate network www.networkseuropemagazine.com 23 under lockdown, a year in which we all work from home to a greater or lesser extent is easy to envisage. This way of working will have to be managed. The approach many businesses take to this challenge adds to the problem. Far too many businesses are over- reliant on security policies to keep bad threat actors out of their networks. These are almost never enough by themselves. In fact, our December research found over 50% of UK employees ignore corporate security policies and in fact, actively take steps to circumvent them. More must be done. A lack of user-friendly processes is a common reason security policies are not followed. Businesses may recognise the importance of security, but the processes implemented are too difficult for employees to use, creating friction in the user experience. In the end, people find shortcuts in the pursuit of efficiency and ease of use. A balance must be struck to address this problem. Employees must first be educated on the importance of adhering to security policies, but in turn, IT teams must adopt tools and processes that help minimise disruption to the wider business. Widescale cloud adoption, a proliferation of third- parties in the corporate ecosystem and remote work will continue to drive a shift in security. The landscape is never constant and will always change, but by following these tips, your corporate network will be better prepared to nullify incoming attacks. n Widescale cloud adoption, a proliferation of third- parties in the corporate ecosystem and remote work will continue to drive a shift in securitydata security www.networkseuropemagazine.com 24 Data security in the new business worlddata security www.networkseuropemagazine.com 25 Many businesses may have already had some level of cybersecurity protection in place, but the shift in working environments and practices means that the emphasis on data security must be reinforced. Some IT security leaders have seen a 30,000% increase in Covid-19 themed attacks, as cyber-criminals continue to use the current global crisis as an opportunity to target potentially vulnerable end-user systems. With a de-centralised workforce, there is an even greater need for employees to take responsibility for keeping sensitive company information secure, and not just rely on security software to assume the role of data guardian. Harder, better, faster While the transition to remote and flexible working has been implemented gradually across many organisations over the years, the overnight change triggered by government protocol has had a dramatic impact on employee working practices. With no peer review or easy access to conversational questions to quickly ask: “does this email look strange to you?”, employees are potentially at increased risk of falling foul of phishing scams. Add to this the heightened pressures of staff feeling the need to work harder, faster, for longer and demonstrate how much they are actually working when at home, it’s no surprise that mistakes are made. For example, responding to emails immediately rather than taking the time to stop and think whether the email is actually genuine, or giving out sensitive information over the phone to be seen as helpful during a difficult and stressful time. Reinforcing responsibility With tools to support employees that reinforce the need to think before they press send on an email, and consider whether it is authentic or not, employees can assume some of the responsibility for keeping data secure. And as 53% of data breaches are classified as insider, clearly the workforce has a critical role to play in an organisation’s cyber defence strategy. Businesses can support employees to avoid commonly made mistakes such as forgetting to attach a document when you wrote that you had, or sending misaddressed emails or attaching incorrect information by deploying technology to provide a simple safety check. This provides the user with a prompt prior to any email being sent, reminding employees to double-check and confirm the addressee and what has been attached. Parameters can also be set to add certain domains to an allow list, or the solution can be deployed on a department or user basis. For example, financial data is highly sensitive, so may require confirmation for all emails, but another department may only need checks on external emails. The cybersecurity puzzle Certain keywords can also be defined, so when those keywords are identified within an email – an unreleased new product name, for example – an additional confirmation is prompted before the email is sent, allowing for that all- important double-check that the right person is being sent the right information. Technology provides a vital piece of the cybersecurity puzzle through high quality layered protection that covers email security, web and end-point protection. As the threat landscape is arguably evolving at a faster rate than ever before, coupled with the workplace shifting to a new normal – these tools have never been more critical. Focusing on the user is also key, educating them and empowering them to take some responsibility for data security, supported by innovative software – not just relying on the IT department. Those that adopt such an approach will be far more successful than those that rely on technology in isolation. The race to normality In the rush to keep ‘business as usual’ during such uncertain times, businesses may have inadvertently made their security infrastructure vulnerable to a data breach – be that from external threats or accidental insider data leakage. As we slowly make the transition from home working to moving back to the office or transforming to a hybrid workforce, security needs to be reinforced yet again, with a combination of reminders, prompts and continuous training. Employees are a vital tool in a business’ arsenal, so they must be regularly trained and reminded about how they can stay one step ahead of cyber threats. But it’s human nature to make mistakes and as such, employees must be appropriately supported with intuitive technology that can spot anomalies, errors and factors that fall outside of set parameters to highlight where potential threats, scams and faults are about to take place. n Andrea Babbs Country Manager and Head of Sales VIPRE Security Limited With many businesses having to overhaul their operations overnight to enable their staff to work from home due to Covid-19, maintaining as close to business as usual was an absolute priority. But in the rush to implement collaboration tools to get employees up and running for business continuity, cybersecurity was pushed further down the list of priorities, potentially putting organisational data at significant risk. taking care near the edge www.networkseuropemagazine.com 26 Investment in the ‘edge’ enables ISPs to offer a range of new services to customers and creates operational and infrastructure efficiencies, but with the DDoS landscape more volatile than ever, ISPs will need a new chapter in their security strategy for 2021. Darren Anstee CTO for Security NETSCOUTtaking care near the edge www.networkseuropemagazine.com 27 Over the past few years, as the architecture of ISP networks has evolved, there has been more investment in content and services infrastructure, and distributed peering, across the customer edge. In the last year, this seems to have taken on a new aspect. ‘Edge’ data- centres are being planned and deployed in many wireline network operators. We’ve all heard about MEC (Multi-Access Edge Cloud) enabling new services in 5G mobile, with low-latency access to application and services for 5G users, but wireline ISPs - in some cases - are already there. It is apparent, that in 2021, the shape of traffic in ISP networks is changing (again). With more critical infrastructure distributed across the network edge, rather than in central data-centres, we will need to take more care of threats targeting this expanding threat surface. New opportunities at the edge A decade ago, ISP networks were hierarchical, with Peering, Core and Provider Edge routers providing layers of connectivity and a clear north-south prevailing traffic flow, as eyeballs and enterprises consumed content sucked in through centralised peering and transit connections. This has changed, with networks becoming much more meshed, routers becoming multi-purpose and traffic flowing every which way as content caches and peering have become more distributed. This has been driven by the growth in the volume of OTT service traffic, especially video, making it necessary for ISPs to acquire or cache content as near to their consumers as possible, to keep costs down and service quality up. This isn’t news, but it has changed the way that network investments are being made – with much more focus ‘at the edge’. Take care near the Edgetaking care near the edge www.networkseuropemagazine.com 28 What is news, is that the distributed cache infrastructure is now being joined by other value-added service infrastructure e.g. cloud gaming infrastructure such as Microsoft’s xCloud and Google Stadia, service enablers such as DNS and AAA, and 5G packet-core. This new infrastructure is being deployed within new Software- Defined-Data-Centres or extensions of public cloud infrastructure, deployed near to the customer edge in ISP networks. These new environments are racks of generic compute connected to an SDN environment, where all of the services and applications are virtualised or containerised, and fully orchestrated. These new environments enable new services and greater efficiencies. They enable ISPs to open up new opportunities for revenue growth, and operational and infrastructure cost savings. The risk of the edge and a new approach to securing networks As with every new opportunity there is risk. ISPs have been used to defending the availability of their networks, services and customers from DDoS attacks using semi- centralised mitigation capabilities, usually deployed at major peering locations. Given that investment in capacity and service infrastructure is now at the edge, backhauling potential attack traffic across the network is no longer desirable or practical. This is driving a need to mitigate Taking care near the edge of the ISP network, managing threats such as DDoS quickly and cost-effectively, will be an essential component for an ISP’s success in delivering next-generation services in 2021taking care near the edge www.networkseuropemagazine.com 29 threats in a more distributed way ‘at the edge’, blocking attack traffic at its entry point – regardless of whether it is coming from a peer, customer or public-cloud connection – all of which are common attack sources. This is a big change, and to make matters worse, the DDoS threat landscape has also shifted; attacks have become more frequent - up 15% in 2020 - more short-lived and more complex – with attacks comprising 15 or more attack vectors up 2851% since 2017. And, of course, there’s the continuing risk from IoT devices of all shapes and sizes being subsumed into botnets and used to launch DDoS attacks. The three key network security tenets of 2021 All of this is driving a new set of requirements from ISPs for their DDoS defences, with automation, orchestration and integration as core capabilities, if ISPs are to balance the risks with the rewards: • Automation: to manage the mitigation of more sophisticated attacks without increasing operational overhead; to speed up response, as the Internet is now seen as a ‘utility’ by many; and, to enable new types of value-added DDoS protection services at a greater scale, driving much-needed revenue. • Orchestration: to pull together and manage distributed mitigation capabilities across the edge of the network, and beyond, protecting more fragile virtualised and containerised environments from any attack, effectively and efficiently. • Integration: to combine both the intelligent and infrastructure mitigation capabilities across the network edge to best effect, in complex multi- vendor environments. Taking care Existing solutions must evolve to meet these new requirements, and we have to remember that there are few fixed points here, with new technologies, changing working practices and major shifts in traffic now the norm. Taking care near the edge of the ISP network, managing threats such as DDoS quickly and cost-effectively, will be an essential component for an ISP’s success in delivering next- generation services in 2021. nNext >