In response to the pandemic, organisations were quick to adopt new technology, such as cloud computing, to keep work flowing remotely. The problem is – when you adopt new technology, you also have to adopt new methods, solutions and techniques to secure it. In the urgency of the move to remote working and digital operations, many organisations lacked the time or resources to fully secure the new solutions.
While ultimately delivering significant business benefits, this rapid digital transformation can leave organisations exposed to attacks. Particularly as, According to VMware, ransomware attacks alone have increased by as much as 900% since the start of the pandemic. And our security operations centre (SOC) data shows a 63% increase in cyber attacks, in just the last quarter.
For CISOs, this presents a challenge – and an urgent one at that.
How can a single security team monitor all this information, at all times, no matter where in the world their users are?
The answer, of course, lies in technology – specifically a cloud-native security platform. Here are three ways the right cloud security platform can help you automate security and sleep easy.
1. Hacker vs. holiday: How to govern access for remote workers
The cloud lets employees log in from any device and location. So how do you tell the difference between a hacker in Barcelona, and Bob the HR manager checking emails on holiday in Majorca?
Assessing and authenticating users has always been a key part of security. But it was much easier when users logged into office-based computers that were wired up to a corporate server. Now, users can log on using unsecured devices from anywhere in the world. So, how can you protect yourself from hackers without stopping Bob from checking his emails on holiday?
The key is to tailor the security response to the situation, creating risk-based user authentication rules:
- If one’s logging into their office desktop as normal – then a simple password is sufficient.
- But if one is in Majorca, perhaps logging on out of hours – it makes more sense to ask for multi-factor authentication (MFA), or perhaps even biometric authentication to enter the corporate network.
- If someone is in fact a hacker from Barcelona, logging in from an unregistered device in a new location at a strange time – then perhaps CISO oversight is needed before access can be granted.
Organisations today have a wide range of authentication methods to choose from – not just passwords. The key to an effective and friction-free sign-in policy is to carefully tailor authentication, to the risk profile of each sign-in event.
With a cloud security platform like Security Information and Events Management (SIEM), CISOs can easily automate these rules. This gives end users a seamless sign-on experience wherever they are while taking pressure off the IT/security team to authenticate every sign-in.
2. The weakest link: Protecting your users from costly attacks
Since the pandemic, there has been a sharp spike in security attacks – specifically ransomware and phishing. Much of the time, the weakest link is hiding in plain sight: your users’ email inboxes. The truth is, human error is behind a shocking majority of security attacks and breaches: as much as 95%, according to IBM.
The problem is if a user accidentally responds to a phishing email and leaks sensitive information – there’s little a CISO can do to get it back. So how do you protect your organisation against your own users?
User training is obviously a good start – but the best training in the world can’t guarantee you’ll stay abreast of every ransomware, phishing and malware attack that hits your organisation. For that, you need technology. Ideally, technology that identifies phishing and ransomware attacks and stops them from entering your users’ inboxes in the first place.
A cloud security platform can achieve this by automatically detecting suspicious-looking emails, attachments and downloads, and quarantining them so users can’t access them. Then, a CISO can assess the suspect emails, and take appropriate action – either sending them on to the user if they are legitimate or keeping them quarantined.
3. Automate security and sleep easy
The cloud makes it easier for users to collaborate across different locations and time zones – independent of traditional office hours. But what happens when an employee in the US accidentally shares sensitive data at 10pm, after the UK-based CISO has gone to sleep?
Automation is the key to any effective security response here. Even if the CISO is online, they don’t have the time or resources to manually monitor every potential security alert – particularly in a large organisation.
So, an effective cloud security platform should identify and respond to threats such as ransomware and phishing – without input from the security team.
Cybersecurity is a top priority for business leaders everywhere and rightfully so. But with the right technology, it doesn’t have to be difficult.
Cloud security platforms like SIEM can automate monitoring, detection and threat prevention to keep your business data safe, whatever happens.
Stephen Crow is the Head of Security & Compliance at UKFast, the UK’s largest private cloud provider. He has a Masters in Cyber Security and is CISMP qualified, has been working in the security sector for 9 years. He works closely with both the private and public sector, providing services to clients such as the Ministry of Defence and the Ministry of Justice.