For a long time, cybersecurity has been seen in terms of securing network perimeters and allowing only “trusted” devices to access corporate networks. In fact, the very term “firewall” invokes visions of securing the network perimeter against threats who shall not pass that threshold.
With the advent of laptops, cellphones, and other IoT devices, it has become increasingly apparent that security is an issue. The current pandemic has pushed this threshold even farther as employees are using personal computers, home WIFI, and non-work devices to access the company’s network and sensitive information. There is no perimeter. Users have now become the first line of cybersecurity.
In other words, employees have become the last defense between a company’s confidential information and the threats from those who want to use that data for nefarious purposes.
There is no defined perimeter, and no defendable wall. IT teams are scrambling to secure devices without visibility, and with no way of managing the threats that have increased during the pandemic. Matt Moynahan, CEO of Forcepoint, says he has seen “the volume of phishing scams skyrocket 700 times in the wake of COVID-19.1” With employees relying on their personal devices and knowledge of data security, company networks are more accessible than ever.
With many companies rushing their digital transformations in the wake of remote work, a patchwork of security and short-term measures were put in place to keep data safe. Moving forward, however, measures need to be taken to ensure the identity not just of the device or IP address accessing information but the human on the other end.
Anton Klippmark, product manager at BehavioSec says, “In the digital world, we’ve focused more on trusted devices and IP addresses than validating the actual person behind the screen…A new normal should be built more around granularity of our human nature instead of binary questions, like whether that particular device has been seen before or not.2“ Including this extra step will ensure the correct user is on the device, mitigating potential security issues and preventing scammers from accessing networks through solely the retrieval of information.
These issues have pushed user behavior analytics (UBA) to the forefront of security. If people are the edge, companies need to understand the ways users access platforms and applications and how these tools and data are utilized regularly. This way, behavior can be analyzed to detect possible malicious or suspicious activity.
Monitoring all of your data centers, cloud computing, and other network entry points for suspicious activity is a necessary, constant process. More than that, users’ devices and network entry points must be secured with multiple identity checks in order to ensure the safety of your information. A cohesive digital transformation, with sturdy infrastructure, and definable access points, need to be put in place to secure data as the new normal of remote work continues.
Sources: 1. https://www.forbes.com/sites/tonybradley/2020/10/21/the-user-is-the-edge-in-the-new-normal-of-remote-connectivity/?sh=9bc0ebb77a39 2. https://www.darkreading.com/theedge/what-will-cybersecuritys-new-normal-look-like/b/d-id/1338134