Cybersecurity teams were in high demand during containment, but what can we learn from the health crisis? Are there new issues or simply an evolution of trends that were already at work before the crisis?
IT departments were in high demand during the containment, and cybersecurity was naturally a concern of the companies, even if the answers were not always up to par. In a post-containment communication, CESIN experts reviewed the main changes brought about by the crisis. Some are developments accelerated by containment, but others are somewhat more surprising, such as the disappearance of the so-called traditional VPN. Here are the first post-containment conclusions of CESIN.
Landline is dead
Companies with massive amounts of mobile equipment have been particularly agile, adapting to confinement almost overnight. The price difference between a desktop PC and a laptop should no longer be an obstacle to equipping employees who have all become potentially mobile.
The traditional VPN will disappear
As many services are available in the cloud, employees are naturally connected directly to these services, from the Internet access from home. Employees used this connection rather than going through the VPN to connect to the corporate network, and then went to the Internet to use these services. As long as there is legacy, the traditional VPN will remain, but the meaning of the story is a direct connection to the cloud, which does not exempt from going through proxies and various layers of security, themselves in the cloud.
MFA is no longer an option
Of course, if we allow mobile users to connect directly to cloud services without going through the corporate network, we will have to generalize the use of strong authentication for all these services and not just for connect to the VPN. The concept of MFA is likely to finally spread to reduce the risk of identity theft, which is inevitable when users are allowed to log in to cloud services with simple passwords. The zero trust principle is more relevant than ever.
Updating posts will have to be redesigned
One of the main challenges during the crisis was to keep business PCs at an optimum level of security. Security updates were often a challenge for many before the crisis, whether in OS patching or security updates. How then to guarantee an update of the stations when they are all outside the company and not permanently connected to the network of the company? In addition to this issue of “reachability” of the stations, the VPNs will not carry large volumes of updates and the evolution should again go through more live updates.
Goodbye office directories
The crisis has undoubtedly sounded the death knell for traditional central file servers. Collaborative tools, and in particular online file sharing tools, were considerably deployed during the crisis. This had the effect of giving users much more autonomy, but without making them responsible. Indeed, in the previous model, it was the IT team that configured access while in the cloud model, users are delegated to organize shared spaces and secure access. But if sharing is simplified, it is difficult to master the subtleties of access to these shares. Above all, it is difficult to have a consolidated global vision and very easy to make mistakes. Entrusting these sharing tools without giving users any visibility on what they share is a very big risk in terms of data protection. Businesses will need to equip themselves with monitoring tools as well as additional tools to find information leaks on the Web in cases where prevention has not been enough.
SOC is now a must
We saw it before the crisis, a lot of companies very affected by cyber attacks did not have SOC or they were in an embryonic state. Now with data scattered across multiple clouds, and equally dispersed users, the area of exposure to risk of attack becomes enormous. And we should not rely solely on the vigilance of the user. If the click too many triggers a crisis, the environment was vulnerable.
Whether internal, outsourced or mixed, whatever, SOC is now a centerpiece of a cybersecurity system. This trend was already there before the crisis, and it should progress rapidly. The capacity for surveillance, detection and response to incidents had become essential in addition to preventive measures. The crisis has accelerated the use of the cloud. We must rely on a SOC to vigilantly and reactively monitor what the new accesses and new delegations in the cloud allow, for all populations, administrators, architects, developers and in general, all users.
Reconsider your cyber roadmap
These examples are immediate technical or organizational consequences of the health crisis on cybersecurity, writes CESIN. “It is important to reconsider its cyber roadmap to ensure that the transformations resulting from the crisis are taken into account, but also to ensure that this roadmap is aligned with the strategic changes that the company will undertake in the coming months”, warns Alain Bouillé, General Delegate of CESIN.
But even if cybersecurity concerns do not change in nature, CESIN fears that they will become a little more complicated following the effects of the economic crisis on cybersecurity budgets. The caveat is clear: lower budgets may increase corporate exposure.
“Our businesses, which are strongly impacted economically, must
take care not to suffer cyber crises in the process, warns the article of CESIN. Considering the very high level of threat and the fragility that arises in transition periods, it would be dangerous to cut into cybersecurity budgets, which are more necessary than ever to protect business activity. “