“As IT teams are looking for solutions to cope with the data deluge (a product of 5G rollouts around the world), automation is likely to play a significant role in network optimization moving forward,” says Adrian Rowley, Senior Director Sales Engineering EMEA at Gigamon, in an exclusive interview with ITSecurityWire.
ITSW Bureau: As enterprises rushed their digital transformation journey, most of them became vulnerable or victims of cyber-attacks. Can you elaborate on what were the prime security holes that left many enterprises vulnerable?
Adrian Rowley: In the past year, one of the weakest security links has been mobile devices following a rise in work from home (WFH) and the use of personal devices for professional activity. In fact, 91% of organizations admit to being affected by cyber-attacks targeting web and mobile applications and, as the IoT continues to expand exponentially, it brings with it increased risks of data breaches and malware attacks.
On a more industrial scale, prime security holes have also been identified in ICS and SCADA devices, as just like IoT devices, each has an operating system and application with potentially exploitable vulnerabilities. OT, ICS and IoT devices enable numerous industries to improve their services, increase productivity and reduce costs, yet without effective management and clear visibility into all traffic between these devices, falling victim to a security attack is inevitable. Therefore, it is essential organizations at the forefront of OT, IIoT and ICS implementation (primarily manufacturing and logistics) gain insights through enhanced visibility that can better protect their network of devices. This includes understanding the number and location of all connected assets, how often they are used and whether they have the latest patches or are vulnerable to current threats.
ITSW Bureau: What strategies can CISOs develop to seamlessly identify and close the security gaps in the network?
Adrian Rowley: The pandemic has fundamentally altered the expectations that executive leaders have about how and where they work. IT infrastructure is being stretched, changed and challenged whilst trying to support a hybrid workforce during growing levels of cyber-attacks, and for the first time, three quarters of security professionals believe a successful cyber-attack is imminent. While there is no playbook or guidelines for CISOs looking to support their teams as they embrace the security challenges of the new normal, there are certainly various strategies worth considering when closing network security gaps.
One approach is for businesses to adopt a Zero Trust architecture. This security framework eradicates implicit trust and scrutinizes asset behavior, providing authentication based on only this. With users working from home, many can be more relaxed or distracted, unknowingly browsing potentially malicious websites and clicking on doctored links. It is likely home workers will also be using less secure devices and applications connected to the corporate network and, once authorized, will be granted access to internal resources and the company server. The concern is that if a user’s device is compromised, a hacker can move laterally from the un-secure, remote asset into the ‘safe’ internal network, ultimately resulting in a fast-moving and dangerous breach. However, Zero Trust will enable organizations to overcome this risk and the framework can help disseminate a more security-conscious message across the whole company.
ITSW Bureau: With the rise of hybrid cloud environments, how can enterprises ensure to strengthen their security posture?
Adrian Rowley: 81% of organizations view cloud security as a challenge and the hybrid cloud model further complicates a security posture. Enterprises therefore must create a reliable hybrid cloud security strategy and implement the right cloud security tools capable of providing detailed, real-time analytics, reliable threat intelligence, and full visibility into all activity.
Limited visibility is one of the most common problems associated with cloud security, as many tools developed pre-pandemic are either cloud-native without a substantial view into the underlying network, or designed only for use on the network and have no clear sight into the cloud environment.
A hybrid cloud ‘visibility gap’ inevitably means that a business is more vulnerable to cyber-attacks, as threat detection is obscured. To strengthen their security posture, prioritising a clear view into all data is key. Enterprises should ensure visibility into the entire IT infrastructure, including east-west traffic, containers and unmanaged devices, while cutting corners with observability will only create further vulnerabilities that hackers can quickly detect and exploit. Without this view into the environment, cyber-attacks may go unnoticed, while network performance can also decrease and create numerous issues from a negative customer experience to rising maintenance costs.
ITSW Bureau: As enterprises continue to accelerate their digital transformation journey and initiatives, what trends do you expect to see in the cybersecurity landscape?
Adrian Rowley: As IT teams are looking for solutions to cope with the data deluge (a product of 5G rollouts around the world), automation is likely to play a significant role in network optimization moving forward. Already, 97% of IT leaders agree that process automation is an essential part of digital transformation, yet it can still seem like a daunting and complex solution to put in place. It is in fact far simpler than many assume, and automated data analysis will be central for SecOps teams to gain a better understanding of the attack surface and where their vulnerabilities lie.
We will also continue to see a steep rise in attacks. Cyberattacks increased 400% compared to pre-COVID days, implying threat actors have been making the most of expanded attack service and do not plan on giving it up. Most worrying, financial losses due to cybercrime and fraud tripled in the first half of 2021 compared to the same timeframe in 2020, highlighting the detrimental, real-world impact that attacks are having on businesses. Going forward, it seems probable that cybercrime will continue to rise in sophistication and hackers will increasingly target the cloud environment specifically, demonstrating the ever-increasing importance of prioritizing full visibility and security for any and all digital transformation projects.
Adrian is a Senior Director Sales Engineering EMEA at Gigamon and has over 15 years of experience in the industry. He joined the Gigamon team in 2017 and has since been a prominent thought leader discussing the importance of network visibility, and more recently the challenges of successful cloud migration.