Getting a grip on security in a chaotic world
Steven van Gysel, Manager, Solutions Architect Northern Europe at Infoblox
It is no surprise that data breaches rank number one [info.infoblox.com] as the biggest concern of numerous organisations, given the lack of control of visibility into remote access on the corporate network. At the same time, there is an increasing reliance on cloud-based applications that carry increased risk if vendors fall short on security and/or fall victim to attacks themselves.
According to recent research by Infoblox [info.infoblox.com], there are especially many concerns among security professionals around the lack of transparency about what security tools remote employees and vendors with network access are using. Moreover, according to the research, it is currently far from certain that internal systems are resilient enough to recover from attacks by state actors. But that’s not all.
Working from home + poorly secured WiFi = a big problem
Internal threats (intentional or accidental) also remain a problem. Especially now, it sometimes seems just about impossible to control how employees handle corporate data. A consequence of the rapid and massive shift to working from home, combined with the proliferation of digital consumer services, is that the likelihood of data breaches has increased. One of the most successful attack methods remains phishing, but zero-day vulnerabilities are also the cause of many successful attacks.
A security breach can undermine confidence in internal knowledge and strain relationships with vendors, especially if the breach was facilitated through a third party. Consider, for example, the Kaseya attack [blogs.infoblox.com] in 2021. Still, scepticism doesn’t help. After all, it only becomes more difficult to maintain a good defence if the defenders lack confidence in their own abilities!
With visibility, you win the race
You can’t defend against what you can’t see. Especially in a world of decentralised networks, visibility is the key to sound defence. Boarding up is not realistic. As network edges are more porous, usage shifts to the cloud and mobile devices and attackers have better tools than ever, “defenders” must assume it is only a matter of time…