IT security officers have to monitor technical developments and business-related requirements in equal measure. Current circumstances have not made this task any easier. A look at the strategic challenges involved with preventative security.
Text: Andreas Heer, first published on 13. september 2019, updated on
The specialists at Risk Based Security saw a noticeable decline in the number of new security loopholes at the beginning of 2020. This meant that IT security officers were less likely to be faced with the prospect of new exploits. 2020 got off to a promising start. But that all changed in the course of just a few months. The coronavirus crisis and the increase in the number of people working from home led to a massive increase in the number of cyber attacks. The targets were business laptops and the personal devices of employees working remotely via internet connections and private WLAN networks that were often less secure than their companies’ own local networks.
As streets and trains were becoming emptier, data pipelines were teeming with phishing emails: fake coronavirus information from equally fake official senders, emails with links to fake online coronavirus maps and fake notifications generated in the increasingly popular chat and online meeting tools.
The usual suspects were still lurking around as well. The ransomware-as-a-service REvil, aka Sodinokibi, was discovered back in April 2019. According to various sources, it was responsible for nearly a third of all ransomware attacks in 2020. What makes this malware so insidious is the way in which it not only encrypts data on the infected systems but also steals this information. In other words, even if a company successfully avoids a ransom payment thanks to its disaster recovery strategy, it still has to brace for the impact of data theft. And while spring flowers began to bloom outside, CISOs were inside brooding over their risk analysis.
Working from home may now be established and the necessary security precautions in place, but do these adequately scale up when the majority of employees are suddenly working from home? Is there enough bandwidth and resources for the VPN and RDP connections? What about updates on business laptops? And should employees be made more aware of the risks posed by the latest wave of phishing emails?
Security officers have to constantly monitor how well their protective measures are adapted to the current situation. The coronavirus crisis and increasingly sophisticated attacks are making it impossible for CISOs to establish a daily routine. Answering these questions – part of the risk management strategy – provides a basis for adjusting the IT security strategy and baseline protection.
Questions like ‘Is our company vulnerable to phishing?’ and ‘Are security measures working?’ are as easy to ask as they’re difficult to answer, because the CISO needs data from various sources. Perhaps the firewall log shows that a piece of malware has attempted to access the command & control server from within the local network. But the owner of the infected computer and the reported IP address is found in a different log – on the authentication server.
Ideally, all of this information is compiled in a central dashboard. A security information and event monitoring (SIEM) like this or a security analytics platform can help to provide a quick overview of technical incidents and find the needle in the haystack of log files. This is literally central to the handling of security incidents, as well as for modifying security measures that are already in place.
The technical and organisational aspects of IT security measures are closely related. Organisational aspects address the issue of which security posture is needed for the individual
systems. What are the business-critical environments and where might outages be manageable should they occur?
And if nothing else, for the sake of regulatory requirements and data protection laws, the CISO must know where certain data is saved and processed. Only when a security officer has all of this information in one place can they recommend what actions to take and give strategic recommendations in line with the corporate strategy. The IT security team has to adjust its methods to meet the needs of business operations, without interfering with people’s ability to act – a delicate balance.
At the very latest when employees start accessing cloud-based business applications while working from home, another problem then emerges: conventional perimeter protection, the protective wall around the company’s IT infrastructure, has become an obsolete concept in the age of the cloud and flexible work concepts. The CISO must have a solution ready to meet these challenges as well.
The training course to become a Computer Information Systems Security Professional (CISSP) specifies six methods for security prevention:
More on the topic