Successful cyber attacks show that today's protection is no longer sufficient. IT security needs to be transformed. “Assume the breach” is a new approach that takes account of changing IT infrastructures, the inevitable destination.
Text: Andreas Heer, Image: Adobe Stock,
Barely six weeks into the 2021, the National Cyber Security Centre (NCSC) announced a new record: over 800 cybercrime incident reports were received for the first week in February. And security managers in companies are not having a quiet time of it, either. “In recent months, we have observed an increase in DDoS attacks and further ransomware attacks,” recounts Stefan Marzohl. As Head of Cyber Security Sales B2B at Swisscom, he has his finger firmly on the customer pulse.
Attacks like these are increasingly successful. In mid-April, for instance, a company from Eastern Switzerland reported that it had to shut down all of its IT systems to deal with the consequences of a ransomware attack. These incidents might not hit the headlines, but the companies are still very active behind the scenes. “The companies are aware that prevention measures alone are not enough,” says Stefan Marzohl. “We are seeing a transformation towards threat detection & response.”
The types of attack are not new. But the starting points have changed. Instead of being confined to the company network, employees now work on the move and from their homes too. Many companies are transforming their infrastructure by putting it in the cloud. The benefits are undisputed, but it presents new challenges in terms of IT security. Systems and applications can now be accessed through the Internet, beyond the confines of the secure corporate network. This calls for a different security architecture, as Stefan Marzohl explains: “One example: in the local network, companies can model their security policies using a physical firewall. Now, specialists are confronted with different types of firewalls and security systems: their own, and those in the cloud.”
The effects of configuration errors are all the greater because systems are much more exposed. With no need to gain access to the corporate network first, attackers can strike the infrastructure directly in the cloud. For Stefan Marzohl, the threat is clear: “Policy management is a big challenge in such decentralised environments.”
The result, logically, is that the change in IT infrastructure needs a similar transformation in IT security. “Assume the breach” is the new starting position, with the trend towards threat detection & response and enhanced Security Incident Management. SIEM (Security Information and Event Management), SOC (Security Operations Center) and Security Incident Response (CSIRT) are issues increasingly at the forefront, even outside sensitive sectors like banking and insurance.
Yet permanent infrastructure monitoring and security incident response requires highly trained security specialists, who are still as scarce as ever. The demand for external expertise in the form of Managed Security Services is therefore just as unlikely to diminish as the cyber attacks themselves.
Increasing interconnection of networks, the use of cloud services and the multiplicity of endpoints are leading to a significant increase in attack areas and new vulnerabilities. Cybersecurity must therefore transform too, to meet these new challenges appropriately and resolutely.
More on the topic: