Forcepoint’s own research found that unwanted emails using coronavirus-linked key words rose from negligible values in January 2020 to more than half a million per day by the end of March 2020, settling down to around 200,000 per day right through until the end of May. Surendra Singh, Country Manager- Forcepoint, shares his perspective on how the impact of the Covid situation on cybersecurity, and highlights best practices for enterprises to protect themselves in these vulnerable times
Some edited excerpts:
What’s your assessment of the Covid-19 crisis’ impact in the cybersecurity domain, and what are the major threats witnessed in the past few months?
The COVID situation has had two major effects on our industry. Firstly, as always with any major event, cybercriminals have taken advantage of people’s need for information and are using coronavirus-themed lures in their phishing and malware. Forcepoint’s own research found that unwanted emails using coronavirus-linked key words rose from negligible values in January 2020 to more than half a million per day by the end of March 2020, settling down to around 200,000 per day right through until the end of May.
However, this is business as usual – cybercriminals always adapt their techniques to try and trick people into clicking or downloading malware. Far more challenging and far-reaching has been the shift to almost universal remote working, and the speed at which we have had to do this. Digital transformation was already happening, but the requirement for the majority of the workforce to go remote has accelerated this transformation.
When an organization shifts to remote working, there is a risk that security gaps are created. Employees with minimal technical know-how were left to set up and configure home networks and devices, and IT teams rushed to scale up VPNs and move data into cloud applications. However, we may find in the coming months that external threat actors have accessed users’ identities (possibly via phishing) and are impersonating users on the network, with a goal of exfiltrating valuable data. Of course, organizations allow their employees full access to online assets, data, intellectual property, trade secrets, and other sensitive information to get their jobs done! However, if there is a threat actor on the inside, this data could beat risk.
In addition, there remains the more traditional threat of the “insider risk”. In times of turmoil, perhaps with jobs at risk or while working in a less regulated environment, insiders could obtain valuable data for sale or theft, and if these actions are not monitored, this could significantly compromise an organization.
How has been the shift in cybersecurity trends among customers (enterprises)?
As we lay out above, the major shift is in employees working from remote locations without the same level of perimeter security which used to be in the office. Organizations have had to change and improve their security architecture to protect their employees and data. In addition, customers have had to look more broadly and consider their supply chain including truly understanding how partners and customers are accessing their organization’s data. We’ve seen a huge shift in customers adopting more cloud-based security services.
For some of our customers, it will likely take more time to get to a cloud-powered future. That’s why our approach fits with a hybrid and evolving IT environment. The comprehensive Cloud Security Gateway (CSG) offering we recently introduced is a cloud-native solution that leverages a mix of Forcepoint physical assets (our own datacenter footprint) with the flexibility of public cloud environments—“best of both worlds” as I like to call it.
CSG is a step on the road towards the adoption of Gartner’s CARTA architecture(Continuous Adaptive Risk and Trust Assessment)and SASE (Secure Access Service Edge). CARTA is most relevant in today’s world where risk levels are increasing and security solutions have to adapt risk levels over time. Users are not static, and someone who continues to save data to a thumb drive week after week would need a higher risk level than someone who logs in once from a device that’s not registered with the organization, for example..
Organizations, therefore, need to put more risk-adaptive security policies in place, allowing automated actions to be taken based on user behavior. CARTA is a dynamic approach versus the perimeter security approach which is very static. SASE is all about convergence in the cloud, and unifies web, network and application security to eliminate security gaps and redundancies, and stop attackers from breaking into an enterprise from the winternet, web or cloud apps – consistently, no matter where people are working.
How has Forcepoint ensured seamless services for its customers even during the lockdown period?
Forcepoint has a robust remote-working infrastructure. Three years back, we developed cloud-based human-centric security solutions and these were adopted by Forcepoint internally as well. Therefore, even before COVID came, we had these solutions in place and were ready to help our customers through the difficult transitions as lockdown happened around the world. We helped our customers on their remote work journey as they implemented their business continuity plans and ensured their NGFW and VPN access was scalable, we took them through application access in their clouds, using a mixture of legacy and cloud apps. And then we helped them as they fine-tuned their security policies, thinking about data protection needs and further cloud scaling ready to face the future. As always our technical and functional
teams were available to the customers remotely, exactly as normal.
With remote working and cloud being part of the new normal, what are the best practices that enterprises should adopt?
Remote work has shifted the edge to the users. Today, we must protect this edge through comprehensive SaaS (security as a service) platforms. Forcepoint uses cloud-based security platforms that use behavior analytics to understand human behavior to proactively detect risk and secure data and IP. As mentioned, these incorporate both CARTA and SASE approaches as industry best practices.
SASE brings network and security to the cloud. This converged cloud security architecture brings data security, cloud access security, web security, network security, advanced threat protection, and Zero Trust networking – all under one platform. Organizations can adopt SASE architecture to secure all centrally important modules of the organization. CARTA uses the premise that users need to be continually monitored for risk, starting with Zero Trust as the edge. Forcepoint uses the CARTA risk adaptive approach to continuously detect and prevent insider threats.
Please elaborate on Forcepoint’s innovative solutions that would address security concerns in a post-Covid world?
As we’ve said, Forcepoint builds dynamic protection solutions, designed to adapt to risk in real-time, delivered through a converged security platform. These dynamic solutions protect the edge of the network, the data within it, and of course the users.
Our Dynamic Edge Protection (DEP) provides an all-in-one way for you to deliver advanced web, network, and application access security as a service from the cloud. It implements the SASE model, weaving together advanced capabilities such as firewalling, intrusion prevention, web content inspection, malware scanning, URL filtering, application access, and more. This converged approach eliminates gaps and redundancies to stop attackers consistently, no matter where your people are working.
Forcepoint is a leader in Dynamic Data Protection (DDP) where we have built-in CARTA for data protection.DDP builds on award-winning enterprise DLP and offers individualized adaptive data policies, delivering cloud-hosted behavioral analytics. Risk changes over time depending on behaviour, so the user acting in ways against set policies would receive a series of warnings before eventually finding highly risky behavior blocked and stopped.
Finally and most recently introduced we have Dynamic User Protection(DUP). This is the industry’s first cloud-native user activity and insider threat monitoring solution, offered as-a-service. xDUP uses indicators of behavior to mitigate risk at the earliest point of detection.
What are your key focus areas and roadmap for the near future?
In the next phase of cybersecurity, managing risk across cloud, network and endpoint will drive everything. Enterprises need to be able to automatically enforce security policy across all control points, and this is where we have invested in technologies and solutions. Forcepoint is a global leader for user and data protection in the modern cybersecurity landscape. Our success in this depends in part on a strong network of dedicated channel partners, and so our training and enablement for resellers and distributors is a major area of focus for 2021. The scene is set for us to provide our mutual customers with modern cybersecurity solutions, allowing them to see their businesses operate smoothly and securely.