Digitalisation World Q&A – Business Resilience

By Adam Philpott, EMEA President, McAfee.

1. How should enterprises adapt their approach to cybersecurity in the new normal?

As we prepare for the 'new normal', it's vital that organisations adapt their approach to cybersecurity to overcome the security obstacles that come with hybrid working and ensure business resilience. Many employees will continue working remotely to some extent, and it’s important that businesses provide staff with a secure and efficient method of accessing internal apps in the public cloud or data centre - enabling secure 'work from anywhere' practices.

In the new normal, we’ll also see blurred lines between online activity on corporate and personal devices from staff working remotely. To keep cyber attackers at bay, it’s vital that organisations go beyond establishing baseline protocols to create and maintain a secure environment for employees. This includes educating their workforce on best practice, such as questioning whether a link looks suspicious and reporting any activity they’re unsure about, both at home and in the office.

In addition to this, it is critical that businesses educate their workforce on best practice when it comes to cyber hygiene and adopt a Zero Trust mindset. This means that organisations can maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary - all without compromising experience. This approach will allow businesses to enjoy the benefits that come with hybrid working, knowing they're taking the necessary steps to protect their organisation, no matter where employees are working.

Lastly, but by no means least, organisations should consider deploying risk intelligence to prioritise threats, predict which malware campaigns will be launched against them and pre-emptively improve their defensive countermeasures. This is particularly important as we continue to see a rise in cyber threats – at the end of last year our researchers detected 648 threats per minute, and this number is only continuing to rise. By taking these pre-emptive measures, organisations can get ahead of adversaries and ensure corporate systems remain secure while navigating the new normal.

2. Why is taking a Zero Trust approach to security important for businesses?

Zero Trust arms organisations with a more comprehensive approach to IT security and network defences by allowing them to restrict access controls to networks, applications, and environment without sacrificing performance and user experience. Adopting a zero trust mindset essentially means that businesses should trust no one – for example, not trusting anything inside or outside of the network by default.

As the cloud continues to gain prominence in business operations, identifying who and what should be trusted within an organisation’s networks is becoming increasingly difficult for IT and security teams. This is where a Zero Trust mind set comes into play, as it allows teams to reduce the risk of their cloud and container deployments, while also improving governance and compliance.

With a Zero Trust approach, businesses are able to continually detect and verify threats, and therefore stop them before intrusion occurs. By designing Zero Trust capabilities into business processes and systems, businesses can increase visibility across their network, continuously monitor and respond to signs of compromise, reduce architectural complexity and prevent data breaches. This will improve overall organisational security, while ensuring that user experience remains consistent.

3. When it comes to cybersecurity best practice, why is taking a collaborative approach to security important?

When looking to ensure best practice across the industry, transparency and accountability are crucial. A shared responsibility model of security is therefore very important. This involves a layered defence where organisations address each part of the “stack of responsibility” individually, yet they all interact together as a complete framework.

Securing data in the cloud is ultimately a shared responsibility that doesn’t fall solely on one party. From cloud service providers to end users, each element of the “stack of responsibility” has an

individual part to play, but they all interact together. Taking a collaborative approach and using a framework to standardise investigation across cloud services and on-premises infrastructure is crucial if we are to meet today’s complex security challenges head-on. When implemented correctly, cloud is the most secure place to do business and an incredible driver of business growth, innovation and resiliency.

Failing to adopt a shared responsibility model across the sector will ultimately lead to a higher level of risk and poorer overall security. Without a clear understanding of responsibility and a collaborative approach, IT will not have a comprehensive view of systems required to keep track of all data and potential threats. At the end of the day, limited visibility means limited security.

By Barry O'Donnelll, Chief Operating Officer at TSG.
By Dr. Sven Krasser, Senior Vice President and Chief Scientist, CrowdStrike.
By Gareth Beanland, Infinidat.
By Nick Heudecker, Senior Director at Cribl.
By Stuart Green, Cloud Security Architect at Check Point Software Technologies.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Damien Brophy, Vice President EMEA at ThoughtSpot.