Rethinking security in the new normal

The pandemic has completely changed how we work. As millions of people log in from their homes and remote locations, the paradigm of 'normal' has completely changed. Today, working from home is the new normal. This has huge implications from a data and cybersecurity point of view, as cybercriminals are taking advantage of this and finding new sophisticated ways to target organizations, evading detection controls in place.

As most employees don’t have the same level of security infrastructure preparedness or awareness, there is a huge risk of data being stolen or corporate networks being infiltrated by hackers. Cybercriminals have been quick to exploit this vulnerability.

When the perimeter has been extended, more assets are needed to be secured, and this broadens the attack surface. In many ways, it’s become a huge challenge for organizations to keep themselves one step ahead of the attackers. In times like these, it’s high time for organizations to rethink their security approach and align their security needs with the current market and technology landscape.

Best practices 

We recommend the following key best practices to protect your organization:

1. Secure corporate applications access and end points

‘A verify first, trust later’ approach must be encouraged. Organizations must put in place a strategy to adopt a zero-trust framework and allow user access on ‘need to know’, ‘least privilege’ basis. User access to corporate applications must be provided by creating a system of checks and balances. Endpoints are the weak link in the security chain, but are most critical. So, organizations must deploy endpoint detection and response (EDR) solutions to combat advanced attacks.

2. Pay attention to databases too

We have not heard much on database security, which is a critical asset of any organization. In many places, this is managed by third-party administrators. Databases have critical information and in the current situation, most databases are open to access from outside the organization. Without database security, business tasks can be interrupted, and confidential information may be disclosed. There is therefore a need to prioritize database security to discover and classify files containing sensitive data. Organizations need to put controls in place to continuously monitor data access and protect sensitive data across the enterprise. This will help in preventing unauthorized or suspicious activities by privileged insiders and potential hackers.

3. Monitor user behavior

By now, most organizations have realised that the change in work culture and environment will last longer than expected. There is therefore a need to shift security priorities to meet current challenges. People are using different channels (i.e., corporate VPN, internet etc.) from home, not only to access corporate assets but also mediums such as social platforms, shopping sites, etc. This is translating to an increase in overall security incidents and even exposing employees to more threat vectors like targeted phishing attacks. To prevent these issues, continuous user behavior analytics are necessary.

4. Continuous security alert detection and monitoring

A SIEM solution to continuously monitor, alert and respond to alerts is required for every organization. This is not only for compliance, but it’s also an essential step in the journey towards becoming a secure enterprise