Interviews

Immunity to cyber threats

by Mark Rowe

The term R0 has been making headlines and infiltrating our everyday life due to the COVID-19 government briefings given in the United States, UK and across Europe, writes Salvatore Sinno, Chief Security Architect and Director of Cybersecurity Innovation at Unisys.

The reproduction number, or R value, is used by experts to help determine how contagious an infectious disease is and set up appropriate guidelines to impede its spread. However, the term exists not only in the context of tracking the scale of a pandemic. It can also be applied to cyber security – Digital R0 describes the likelihood of malicious or harmful activity resulting in a digital security breach of a corporate network.

Unsurprisingly, given the shockwaves COVID-19 sent throughout the world, businesses had to act swiftly and roll out systems which would enable employees to work from home immediately and as efficiently as possible. However, rapid change of circumstances and the need to quickly provide staff with remote working solutions meant that cybersecurity concerns took a backseat. Consequently, roughly 23 million workers in the UK were possibly sent home with ill-prepared or improperly configured devices that may allow a security breach to occur. Many people who were forced to become more reliant on digital channels may not have sufficient experience in and understanding of the best security practices. Although, many use some kind of security method, such as virtual private networks (VPNs), there are plenty of other threats that employees might fall victim to.

The issue is further exacerbated by the lack of interaction and help from other workers that would otherwise be available in an office environment. All these factors leave inexperienced employees vulnerable and unprotected. Cyber criminals are well aware of the issues that remote workers face and want to take advantage of the difficult circumstances. However, even though there has been an enormous rise in targeting employees, the concerns over cybercrime has dropped this year by 8% compared to 56pc in 2019.

Should a breach have occurred in such difficult circumstances, the digital R0 could have been in the hundreds. In many cases, the resulting infection or compromise rate would have been several hundred people for the one that was compromised, an exponential spread of an attack. To be secure, your digital R0 needs to be as low as possible, and this can only happen by having highly secure systems and devices for workers to use. Just like a pathogen, the digital liability of a hacker’s breach of a corporate network results in a high R0 if security is poor. A low digital R0 number can be achieved with state-of-the-art and robust security measures on the network, its access points and the devices that access it.

To be efficiently secure, an organisation’s digital R0 needs to be as low as possible, and this can only happen by having highly secure systems and devices for workers to use. Even if the rate is low, it may still pose a serious risk for organisations which service both the private and public sectors. Employees who work on sensitive or secret programmes, such as government contractors, are typically denied remote access to data due to confidentiality and/or intellectual property concerns. While this is generally a small fraction of the overall workforce, these employees become high value targets if able to access information remotely without the proper security in place. To enable these individuals and the essential organizations they serve to continue to work remotely, a zero-trust solution that ensures a digital R0 of zero is the only option.

Businesses need a way to achieve a digital R0 of zero and, therefore, secure their corporate assets. That can be found in a Software-Defined Perimeter (SDP), which controls access to resources based on user identity, thereby helping to deliver Zero-Trust security. This approach operates simply on the premise that the organisation should not trust anything inside or outside the perimeters. Current technologies that embrace the Zero-Trust and the SDP model can effectively create a cloaked, cryptographic peer-to-peer network between the endpoints and servers freeing up the pressure on the VPNs.

Safety first

Health safety measures such as lockdown and mass shift to working from home have improved chances of keeping the R value on a low level and hindering the spread of the disease. Unfortunately, this has not been the case for businesses – as companies continued to assemble solutions to facilitate virtual working, there has been a tendency to embrace speed over security and putting the networks at risk. Adopting a Zero-Trust approach powered by Software-Defined Perimeters and identity-based encrypted micro-segmentation can ensure that both the employees and digital assets remain secure and help companies become more resilient.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing