Do you have what you need for a safe, modern digital workplace in 2021?
Since the Covid-19 pandemic and the massive move towards homeworking, security and compliance breaches have skyrocketed. Research even suggests more attacks occurred globally in the first half of 2020 than all of 2019 as criminals ramped up their attacks on remote workers.
Focusing on your core business activities with threats like these looming behind you can be challenging. It is a tough balancing act – investing in digital workplace security measures to keep your business safe while remaining productive and competitive. No wonder many businesses have continued to ramp up their spending on security even as the pandemic puts a squeeze on their budgets – Gartner estimates security spending saw a 2.4 percent growth even as overall IT spending fell more than eight percent. We have seen this first hand, particularly when it comes to strengthening endpoint device security.
However, many of the businesses we speak to tend to focus on just one or two areas. But we hate to be the bearers of bad news: this is not enough.
So, where to start?
There are so many different areas of security to invest in that the task can almost seem overwhelming. You may have found yourself puzzling over the question ‘What should I be prioritising?’ on more than one occasion.
The best way to approach a task like this is to break it down into more manageable chunks and focus on prioritising solutions that help to prevent or significantly mitigate some of the most common types of cyber-attacks.
While every business will have a unique threat profile and security priorities, our experience shows us that there are six capabilities that should feature in every security strategy. Of course, this is not a problem you can solve by throwing cash at it – even if you could get the budget signed off. While you will want to take on all six of these, it is important to prioritise with a feasible plan of attack.
As a baseline, conducting a full audit and risk assessment will help to highlight where your existing digital workplace strategy has gaps, as well as which assets should be the priority. This will help determine which of these capabilities will provide the most immediate benefits and greatest overall value in keeping the business secure.
Here are six of the most essential security principles that need to be on your security roadmap for 2021 if you want to maintain a safe, modern workplace in today’s hostile security environment:
A zero-trust framework verifies each request as though it originates from an unknown source on an open network. It ensures secure authentication and authorisation of requests with just enough access based on a user’s identity, location, device, service, or data classification. Zero-trust enables users to work more securely from anywhere and on any device. This will greatly reduce the chances of an attacker accessing the network with stolen credentials and is more important than ever when much of your workforce is operating remotely.
2. Cloud Access Security Broker (CASB)
Users rely more and more on software as a service (SaaS) solutions, whether sanctioned or shadow IT applications. CASBs have become a vital part of enterprise security, allowing businesses to safely use public clouds while protecting sensitive corporate data with sophisticated analytics to identify and combat cyber threats across all cloud applications. CASBs will improve your security by identifying when personnel are using unauthorised and possibly unsafe applications, as well as detecting signs of misuse that could mean a cybercriminal or malicious insider is at work.
3. Endpoint Detection and Response (EDR)
As mentioned, we have already seen focus on this area, and rightly so. EDR solutions monitor devices for malicious activity, such as attempted malware injections and signs of accounts being compromised. Unlike firewalls, which can only block known threats as they appear, EDR solutions can detect existing security breaches, enabling you to close them before they escalate. This is an essential capability as threat actors are increasingly moving away from using known malware in favour of more subtle attacks exploiting compromised user accounts.
4. Identity and Access Management (IAM)
Cyber threat actors view your human workforce as the weakest link in the security chain, and most attacks now focus on exploiting workers. Fortunately, there are solutions you can implement to protect your staff and reduce the impact when an account is compromised, including:
- Multifactor Authentication (MFA): Requires users to verify their identity using a second channel of authentication, such as separate email, text message, or a dedicated application.
- Conditional Access Management: The modern security perimeter now extends beyond an organisation’s network to include user and device identity—control who can access what resources and from which devices.
- Privileged Identity Management (PIM): Implement time-based and approval-based role activation to mitigate the risks of excessive, unnecessary, or misused access permissions on sensitive resources.
5. Managed Device Compliance
Users now access workplace services from an increasing variety of mobile devices and all types of networks. It is critical to ensure your device fleet is compliant and identify those at risk. Device compliance allows you to govern the conditions for access on devices, such as requiring a minimum operating system version, update level, anti-virus, disk encryption or even a specific location when connecting to corporate resources. Effectively managed device compliance will close most of the common attack paths used by criminals seeking easy access to the network, particularly when used in combination with zero-trust and IAM.
6. Advanced Threat Protection (ATP)
With more attackers using methods centred on identity-based attacks, it is no longer sufficient to just rely on anti-malware protection. ATP leverages an array of security solutions that defend against complex malware and cyberattacks that target sensitive data including:
- Attack surface reduction to identify and constrain risky behaviour of applications and scripts.
- Threat trackers that provide the latest intelligence on prevailing cybersecurity issues enabling you to deploy counter measures before they reach your organisation.
- Attack simulators which allow you to launch realistic attack scenarios in your organisation to identify vulnerabilities in your services and devices.
- Automated investigation and response (AIR) capabilities include a set of security playbooks that can be launched automatically, such as when an alert is triggered, mitigating threats instantly and efficiently.
ATP is important for keeping up with the latest tools, techniques and procedures (TTP) of cyber criminals. Organisations with higher risk profiles, such as those in finance or the public sector, should be prioritising ATP capabilities.
Still not sure where you need to start? With our secure-by-design approach to our entire portfolio, including Getronics’ Digital Workplace solutions, our team will help you to assess your current standing and prioritise your activity.