Security Lessons From the COVID-19 Pandemic
Limnetic Technologies
Delivering trustworthy and resilient network communications.
The Covid-19 pandemic will have long lasting repercussions on businesses. In many ways, it has transformed the way people work together, how they access their work environments, and even how they manage their time and commute. It also changed how we meet people, as well as our understanding of how viruses are spread. In a funny way, it also provided an interesting analogy for online threats, and how they behave.
In an earlier post we addressed how today’s cybersecurity solutions were designed to prevent ill-intentioned users from accessing your network, whereas they were often of little help once someone had made it inside undetected. That notion makes complete sense of course, as the best way of avoiding unwanted visitors is to make it as hard as possible for them to get in. But the bigger your business grows, the bigger the surface of attack becomes, and the likelier it becomes that a vulnerability will be discovered and exploited. What then?
Let’s look at our analogy.
Consider an office where 20, 50, 100 people work together in close quarters daily. When an outbreak occurs (such as the flu or, I don’t know… COVID-19), it can be very challenging to trace the point of entry reliably and rapidly. Doing so is essential to take swift action and protect the people who are not yet infected, and to limit further spread outside of the organization, but with that many people coming in and out, it’s hard to get a clear sequence of event, and you're left with a crippled workforce while trying to untangle thousands of possible interactions and contacts that could have happened.
Now consider a household of 2 to 5 people. If you, your partner, or your child were to contract COVID-19, sadly, it's very likely that it would spread to the other members of your family. It is, however, very easy to stop the spread by limiting contact with other people by simply staying put and isolating until the virus has gone. Furthermore, it's much easier to determine how the virus made its way there, as there are only a limited number of actors in play. Was it school? Was it work? Was it that trip to Vegas? (Spoiler: it was probably that trip to Vegas.) With small clusters of people, it's much easier to go into damage control and avoid further contamination, as well as identify the point of entry to prevent it from happening again.
Back to the office scenario.
The more people you have on site, the more challenging it becomes, as potential interactions are exponential. That is why remote work and isolation were so heavily encouraged at the onset of the COVID-19 pandemic: less interaction means less contact, and less opportunity for the virus to spread.
By now you probably made the connection with cybersecurity.
There’s a reason why computer viruses are named that way: they behave in a similar way. Funny enough, they can also be countered using similar tactics.
If putting all your staff in one office exposes them to the threat of a massive viral outbreak, putting all your servers and resources in the same network environment puts you at risk of losing them all at the same time. As we’ve discussed in prior publications about Zero Trust Network Access (ZTNA), a much better way of ensuring business continuity (and integrity) in the face of looming security breaches is to decentralize and separate your resources into distinct environments, whether local or in the cloud. It’s also important not to assume a user’s right to access data, but to instead verify their credentials with each new access. Limit contacts, and you'll also limit the points of entry.
领英推荐
Limnetic takes this to heart, and we have adopted a multi-cloud and multi-database approach for our products. Our products collect, organize, and interpret traffic data. To preserve the privacy and security of corporate end-users, traffic data and metadata are segregated and stored in distinct cloud environments.
The pseudonymized traffic data is used for all reporting and trend analysis purposes, whereas the metadata is encrypted and protected with a key that only the client’s administrator receives.
We were not satisfied with simply saying that your traffic data was safe: what we’re saying is that even in the event of a leak, the leaked data will be unusable, and no one will be able to trace it back to you or your end-users.
This should be implemented as one of the layers of your cyber resilience approach. Incidentally, this is another lesson from the COVID-19 pandemic: protective measures can only do so much on their own. Hand sanitizer, masks, social distancing, isolation, etc. Each of those had a limited impact overall, but collectively, they allowed us to slow down the spread. In parallel, the same can be said of IT security measures.
Firewalls, anti-malware, best user practices… an effective security setup relies on multiple defensive layers.
This is what is known as the Swiss cheese model of accident causation, a model which is applied in many fields, including epidemiology and cybersecurity, and is the underlying principle behind layered security. Any individual detection or response solution has blind spots. Layering multiple products and practices increases the probability that an intrusion or attack will be detected and contained.
Limnetic does not suggest replacing traditional cybersecurity practices; firewalls, for instance, serve an important purpose in protecting the network perimeter. Similarly, anti-malware and anti-virus software are deployed with a very specific role. Rather, our solutions should be deployed and used as part of a multi-layered defense to mitigate individual solution blind spots.
It’s a great addition to your cybersecurity mix, where Limnetic can play a key role in detecting unusual and potentially unlawful activity within your network.??