A biological virus shaped the second Swiss Cyber Security Days. Not only did the event take place virtually, several presentations tackled the issue of how to safeguard the new virtual perimeters created by this age of remote working and working from home.
Text: Andreas Heer, Image: Adobe Stock,
One topic in particular was unavoidable at this year’s Swiss Cyber Security Days (SCSD), namely how IT security officers can best respond to the new challenges presented by working from home and flexible work models. The impact of COVID-19 on working life was therefore a defining feature of this year’s event, which was held virtually in light of the current situation.
A work situation that is likely to give many IT security officers a headache. Working from home coupled with the acute shortage of specialists has created a situation that is much harder to control than a company’s secure framework. The first problem is the home infrastructure. Are routers and access points in people’s private networks well protected, or can anyone gain access with “admin/admin” credentials? And are business documents really encrypted when sent to home printers?
One speaker described home infrastructure as “shadow IT”, which is certainly a good description considering how difficult they are to control. Another increasingly urgent problem is the use of insecure passwords or identical passwords for multiple systems. According to Verizon’s 2020 Data Breach Investigations Report, the misuse of login credentials is the second most common reason for cyber breaches after phishing attacks.
This situation led several speakers to the same conclusion. If the classic perimeter had already softened with the increased use of cloud services, it has now become completely irrelevant. Because when all employees work from home, they themselves become the new perimeter that has to be protected, even if traditional security measures are largely lacking in the home network. So, different security concepts and measures are needed.
The security experts all agreed that working from home is here to stay and moved on to a presenting solutions that address these new risks; for example, if a family member uses a business laptop for their own purposes and clicks on a phishing link in their private webmail account.
The approaches presented at this second edition of Swiss Cyber Security Days may seem obvious. It remains to be seen whether they can be as easily implemented in reality as the presentations suggested. The “zero trust” approach is one way to manage an unknown home infrastructure. Access to business resources – on devices and in the cloud – would require multi-factor authentication, for example, with transfer and storage of the data in encrypted form.
Security prevention and solutions for Endpoint Detection and Response are also upgraded. They become “intelligent” and analyse how a certain business laptop is being used: is it an authorised person or malware attempting to access the company infrastructure? Artificial intelligence, or at least machine learning for behaviour-based and automated security solutions, was a recurring theme in the presentations. These solutions often take the form of managed security service packages, which may also help to mitigate the shortage of specialists. This fact may have lessened the shock for some at the event of the reported number of security experts that Switzerland lacks, estimated at 40,000.
More on the topic: