< PreviousFuture Trends in Network Management future trends www.networkseuropemagazine.com 30to the pandemic. These organisations were worried that, with the way that users access resources changing so drastically, this would now be wasted. However, this concern is unwarranted. SD-WAN solutions will instead grow increasingly prevalent as more people realise its usefulness in the ongoing global shift to hybrid working. While business networks pre- pandemic were typically on-prem with little bits here and there distributed to the cloud, the nature of the current situation means that everything is now heavily distributed. In order to make this approach more feasible for companies (and long-suffering network managers), multi-cloud is becoming increasingly popular. Multi-cloud has its drawbacks, such as an overall lack of collaboration across different platforms. However, as businesses look to achieve their countless IT requirements, using different providers and their offerings to do so, it has grown in adoption. Multi-cloud does also offer many benefits, including the ability to place all sensitive data on a private cloud while using the offering of one of the big guys (you know the ones) for their endless computing power and processing. SD-WAN’s place in all this is as connective tissue – empowering connectivity between the different solutions and users and offering a truly modern way of routing traffic. In 2022, network managers will primarily be concerned with adjusting how traffic runs through an organisation – a challenge, and a trend that SD- WAN can play a huge part in. Creative spending Despite the challenges facing IT teams over the past two years, the overall uncertainty regarding budgets saw IT spending decrease. Even though the problems that arose over the last two years will bleed into and likely define how businesses work for the next year, and many more going forward, network managers and IT teams will be expected to do more with less, strengthening tech that’s already in place to optimise businesses. We can also expect this tightening of the purse strings to result in network managers becoming more creative in the way they spend their budgets. This will see attention shift from systems and infrastructure that were once considered business-critical (such as the fibre backbone running across a site), and instead concentrate on parts of the network that were once deemed as “nice to have”, but have now become essential (such as client VPN connections for every employee). In fact, with the wave of innovation initially set in motion in 2020 unlikely to crash any time soon, creativity will continue to be required in the longer term for network managers. With workers and network managers now having two years of practice at working from home and the tech required to make that happen, 2022 may be more certain than the year that preceded it – but it certainly won’t be boring. Thinking about network management, there was a sudden need to ensure every single person in an organisation could work from home at the same time, all the time, from all around the world. This was a kick up the backside in terms of what we are forever doomed to call ‘digital transformation’. Network managers already knew that home working would one day become ubiquitous – the writing has been on the wall since phones got smarter and sofas got comfier. So far, the move to accommodate this has been a relatively slow burn, taking years to ensure users have access to the required connectivity. However, the events of 2020 meant that years of planning had to become a reality within weeks – a metaphorical brick placed on the accelerator of what was once a gentle drive towards innovation. Both now and in the near future, we are seeing a phase of businesses and network managers, going back to reassess and repair the mistakes made at the beginning of the pandemic. This is no criticism of network managers – force a painter to finish a portrait in ten minutes and you’ll end up with a job that requires touching up. The beginning of 2020 was a hot needle scenario, implementing changes as fast as possible, even if it was imperfect. Now, it’s all about ironing out kinks, fixing any issues and ensuring that this enforced network optimisation is not just temporary, but can do the long-term heavy lifting. This, however, is not the only trend we expect to see as we head into year three of this new way of living and working. So, two years into the pandemic, what does the future of network management look like? Routing traffic Over the past couple of years, several businesses have raised concerns about their investment in SD-WAN prior Sascha Giese, Head Geek, SolarWinds The last two years have been chaotic, terrible and frustrating – for everyone. While our lives changed beyond expectation almost two years ago in 2020, the pandemic has also been a catalyst for innovation, even beyond the well-known example of vaccine development. future trends www.networkseuropemagazine.com 31Cyber Protection Starts by Thinking Like a Hacker cyber protection www.networkseuropemagazine.com 32Endpoints are becoming increasingly diverse and more distributed, prompting security experts to issue warnings that in the not-too-distant future, attacks may extend beyond PCs and servers to include everyday items such as phones, watches, cameras, printers, HVAC solutions etc, as well as insulin pumps, pacemakers and connected cars. With foreseeable cyberattacks on items that were previously thought to be secure and the rise of cryptocurrencies that provide cybercriminals with the ability to strike with complete anonymity, organisations need to transition from a mindset of ‘if’ an attack will take place to ‘when’. Cyberattacks are taking place at an accelerated pace, becoming increasingly difficult to recover from and posing significant consequences. Given the frequency of attacks, the larger attack surface and the severity of attacks, investment in protection technologies is no longer enough. To be ready for an attack, companies are changing their tactics. They are now taking an ‘Assume Breach’ position, which entails combining their traditional cyber security programmes with robust incident response, crisis management and disaster recovery plans. While the foundation of a comprehensive cyber resilience strategy encompasses the ability to identify, protect, detect, respond to and recover from threats, it is more about effective risk management. This means identifying which cyber security events would have the greatest impact on the organisation and prioritising defence measures accordingly. To achieve this level of protection, organisations require detailed knowledge of the ‘enemy’, ‘battlefield’ and ‘themselves’. Know the enemy By far, gaining knowledge about the enemy is the most difficult of the three. To start, organisations need to study the threat actors and understand why they view the company as a viable target. In order to gain this level of knowledge, companies need answers to the following questions: what are the cyber criminals’ motives and goals, what are the tactics, techniques and procedures (TTPs) they use, how are the TTPs applicable to the business environment we operate, where would the attack most likely take place based on current defences, and how could it compromise the organisation, the supply chain or customers? Pinpointing and knowing potential attackers is not easy. Fortunately, there are several open-source resources that provide insights into how cybercriminals operate. To start, the MITRE ATT&CK database provides a library of known adversary tactics and techniques. It provides information on cyber criminals’ behaviour and exposes the various phases of an attack lifecycle and the platforms these threat actors are known to target. Another encyclopaedia of threat actors can be found in the ThaiCERT. Finally, security vendors monitor cybercriminals and frequently publish their insights and findings. For example, Datto’s Threat Management Cyber Forum provides threat briefs for known threat actors targeting the MSP community and their SME customers. Ryan Weeks, CISO at Datto ion ing ker Across the globe, companies have made great strides in digitalising their data and processes. Unfortunately, these digital assets provide a larger attack surface than ever before, proving to be extremely attractive to cybercriminals. cyber protection www.networkseuropemagazine.com 33Know the battlefield Cyber resilience requires a comprehensive strategy to reduce risk. Basically, the risk is a function of the likelihood of a cyberattack and of it causing various adverse impacts. For instance, an event that is likely to happen but has minor consequences presents less overall risk than an event that is deemed likely but would cause significant consequences. To truly understand the organisation’s exploitable surface, insight into the likelihood of being attacked via a particular attack vector is fundamental. Organisations first need to evaluate which of their assets have the highest probability of being attacked. Second, they need to determine how valuable these assets are to the company or their customers. Know your organisation With insight into knowing which threat actors are lurking and their preferred battleground, the organisation is ready to simulate their attack methods to determine where the greatest risks reside and take proactive measures to mitigate potential risk. This is best accomplished by reverse engineering a cyber criminal’s past breaches. The intelligence gained by this exercise enables organisations to prioritise and implement the most effective security controls against specific cybercriminals and their tactics and techniques. To adequately test the configurations, open-source tools are available to emulate specific adversaries, such as Caldera (which leverages the ATT&CK model) or Red Canary’s Atomic Red Team. It is important to note that adversary emulation is different from pen testing and red teaming in that it uses predetermined scenarios to test specific adversary TTPs. The goal of this process is to determine whether the tactics can be detected or even prevented. As part of the emulation exercises, it’s also important to examine technology, processes and people. This will provide a comprehensive understanding of how all defences work in unison. Be sure to repeat the testing cyber protection www.networkseuropemagazine.com 34until there’s a level of confidence that the organisation will prevail against the specific adversary. How often to perform adversary emulation is dependent on the size and type of company. For instance, large organisations and MSPs should perform this exercise on a quarterly basis, SMEs at least once a year or whenever there is a major new threat, whereas for enterprises, a threat-informed defence programme needs to be an ongoing effort. Be cyberattack ready While the processes may appear arduous and even overwhelming, it is impossible to build an efficient cyber resilience programme without understanding the methods attackers are going to use. Being ready to combat cyberattacks means thinking like a hacker to improve overall security. Regardless of the size of the company, cyber resilience needs to be given the highest priority, and at a minimum, all organisations should follow the CIS Critical Security Controls. Many businesses begin the process with a step-by-step gap assessment against CIS Group 1 (IG1). To make better risk-informed decisions and be better prepared to protect the organisation, investing even an hour a week on a risk- and threat- based approach will improve overall cyber security. The main thing is to simply get started. cyber protection www.networkseuropemagazine.com 35The backup ‘mantra’ for a few years now has been the need to embrace the ‘3-2-1 rule’: have three copies of data, on two different media, one of which is offsite. This appears to have been heeded, with two-thirds of respondents to Apricorn’s most recent Twitter poll stating that their company does back up to an offsite location. However, relying on one single type of offsite solution can still leave organisations vulnerable to a data breach. Many businesses have selected cloud storage as their primary backup location: of those that have formal data backup procedures, more than half (55%) rely on the cloud. This makes a great deal of sense, as the cloud offers a convenient, fast and cost-effective way to back up critical information. It’s also ‘low maintenance’ – the provider takes care of routine tasks such as updates and patching, for instance. However, this devolution of responsibility also creates risk. When you sign the contract, you’re also signing over a chunk of the control you have over your data’s security. Jon Fielding, managing director EMEA, Apricorn Why backup strategies must combine cloud with hardware Companies have comprehensively bought into the need for a solid backup strategy to protect their data in a world where a breach can simply never be off the cards. It’s a key pillar of cyber resilience: the ability to prepare for, respond to and recover from disruption. When information is backed up regularly and securely, it can be quickly restored, and critical applications got back up and running fast. backup strategies www.networkseuropemagazine.com 36backup strategies www.networkseuropemagazine.com 37Avoiding a single point of failure With cloud as the sole backup location, if the provider suffers a cyberattack that results in data being compromised, for example, or a technical issue renders services unavailable, costly business disruption will follow whether an SLA is in place or not. Adding an offline backup location to complement the use of the cloud will mitigate this risk – protecting corporate data against loss and theft from all potential angles. This provides the best chance of recovery if other copies of information are damaged, lost or stolen, and is particularly important as a defence against the rising ransomware threat, ensuring the organisation can always restore from a clean, protected data set. One of the most straightforward ways to create offline backups is to store copies of critical files on high capacity external hard drives and USBs, which can be disconnected from the network to create an air gap between information and threat. These storage devices should be encrypted, ideally in hardware, to ensure absolute security for the data held on them, and provide all employees with the capability to freely and securely store and move data offline. Make it everybody’s job Requiring all employees to back up all the data they create and handle locally – and enshrining this in policy – will ensure everyone takes responsibility for the data they handle. Employee education is key to securing buy-in here – and not only around ‘what to do’ but also the ‘why’. Individuals need to fully understand their role and responsibilities around data protection, including carrying out backups. This means briefing them on all relevant corporate security policies and processes and providing training in how to correctly and safely implement the devices and technologies they’ve been equipped with. Alongside the ‘practical stuff’, education has a critical part to play in helping to engage employees in helping to strengthen the company’s security posture. They need to fully understand the context around what they’re being asked to do: the specific threats the business faces, the risks associated with mishandling information, and the potential consequences to the organisation of a breach. backup strategies www.networkseuropemagazine.com 38Encrypt as a last line of defence The encryption of all corporate data as standard – whether it’s being stored online or offline, and also when it’s in transit – should be mandated across the organisation. An encryption policy is part and parcel of any effective cyber-resilience strategy in the hybrid working environment. When information is encrypted, it is rendered unintelligible to anyone not authorised to access it, keeping it safe and intact whatever disruption is going on around it. Encryption is a vital compliance tool; in fact, it’s specifically recommended in Article 32 of GDPR as a method of protecting personal data. For a breached company, evidence that lost or stolen data had been encrypted removes the obligation to inform each individual affected. Article 83 suggests fines will be moderated where a company can show it has been responsible and mitigated the damage suffered by data subjects. Companies are increasingly embedding encryption into their ways of working. In Apricorn’s 2021 survey of IT leaders a third (31%) said their organisation now requires all data to be encrypted, and a further 24% when it’s being stored on their systems or in the cloud. Three quarters (77%) confirm their organisation has a policy of encrypting all data held on removable media. Test and review Once the backup procedure has been implemented and communicated across the workforce, it must be routinely and regularly tested – ideally as part of the organisation’s overall disaster recovery process. Practice should be reviewed, and reinforced where necessary, to ensure that systems and files can be recovered as quickly as required and that all applications and data remain intact and functional. Backup strategies in this era of disparate workforces and evolving cyber threats should be multi-layered, incorporating more than one type of offsite location – ideally one online, such as the cloud, and one offline. These solutions will complement each other to protect businesses from unexpected data loss from all potential directions. Many organisations have chosen to back information up in the cloud – and rightly so – but in 2022 we’re likely to see more instances of data being compromised, stolen or lost as a consequence of relying on cloud storage alone. The age-old, tried and tested attacks on well-known weak points will continue, alongside attacks that specifically target remote working employees. Ransomware will become the technique of choice now that organised crime is involved and it can be easily monetised. A 360-degree backup strategy that has encryption at its core will play to the strengths of each storage location incorporated into the process, to cover all eventualities. backup strategies www.networkseuropemagazine.com 39Next >