Let’s face it, your network perimeter has changed for the foreseeable future and maybe forever. Remote workforce has become the new normal. What is worse is remote workers are working out of poorly secured network environments, and they are sharing these environments with vulnerable devices like unpatched routers, mobile devices, and Smart TVs. “There is no more chaotic time on the internet than right now,” said a security researcher during the Kaspersky Security Analyst Summit. Attackers, like the invisible coronavirus, thrive on chaos. They love to sneak in under the cover of darkness to kick us when we are down and stressed out. Uncertainty and confidence don’t make the best bedfellows.
By David Hillman, Senior Security Consultant, Securicon
Criticality of Cyber Resilience for Remote Workforce
According to a March 2020 Gartner’s pandemic preparedness study, many organizations and their leaders are unsure whether their risk mitigation strategy is sufficient. One area of particular concern is operational resilience. Many security leaders are getting even less sleep because they are thinking of the potential fallout if a critical piece of network or VPN technology fails and their people are cut off from the resources they require to do their jobs remotely. Not being able to access the systems which keep an eye on security could spell disaster.
COVID-19 is now amusingly being referred to as the greatest change agent in the history of the internet. It is the straw that breaks the camel’s back for those that are unprepared.
In a recent survey conducted by industry group YL Ventures, VPNs and DDoS mitigation have come up as issues that CISOs are very concerned about. This is a justifiable concern because the shift to work from home (or anywhere) has now placed many enterprises in the unenviable position of being service providers to their own workforce. DDoS vulnerabilities that would have impacted business continuity are now being proactively looked at. Non-critical network activities are now being cut off. The business continuity concern is so great that organizations such as the Department of Defense (DoD) have had to block YouTube and other social media activities from their networks. COVID-19 is now amusingly being referred to as the greatest change agent in the history of the internet. It is the straw that breaks the camel’s back for those that are unprepared. Change is hard, but inaction can be deadly, both from a network resiliency and a health standpoint. So, what should organizations focus their energies and investments on?
Integrative Problem Solving is the New Norm
How about a better response system based on a combination of best practices and training? Until a few years ago, only backups and disaster recovery were considered as integral parts of the response system that would help the business maintain or recover normal business operations. COVID-19 has added an extra dimension to this problem. However, this should come as no surprise because according to the Center for Financial Professionals (CeFPro), the operational risk landscape has changed tremendously over the last ten years.
Collaboration is in and silos are out.
Smart organizations that are reporting no significant impact during the coronavirus pandemic have already shifted to more holistic risk management practices and are paying closer attention to emerging trends. Collaboration is in and silos are out. Infrastructure groups are now encouraged to learn from software development groups. Integrative problem solving is the new norm. Terms like automation and DevOps are being whispered in boardrooms. Even regulatory bodies are placing more focus on enhanced standards for operational resilience through better network intelligence, problem identification, and mitigation.
How to Improve Operational Resiliency
Some organizational leaders have expressed concern there is not enough guidance from the regulatory bodies on how to deal with resiliency from an operations perspective. In that case, an approach that could work is to create an action plan which consists of taking high-level best practices from something like the NIST Cyber Security Framework and combining them with vendor-provided recommendations to create a hybrid organizational framework for dealing with the problem of operational resiliency. Vendors such as Cisco have published their Service Provider Infrastructure Security whitepaper. Utilizing a six-phase approach to service provider security, the whitepaper talks about a framework for deploying edge security systems in a resilient way. These six phases are:
Designed specifically to counter DDoS attacks in service provider type networks, the framework provides a “good overall approach to securing service provider environments.” Despite being geared towards Cisco edge equipment, these recommendations can be adapted to vendors such as Palo Alto Networks and Juniper Networks. Some surveys suggest that organizations are only utilizing 20% of the total capabilities of their network equipment when it comes to guarding against DDoS attacks. Most of this is due to the lack of training and unfamiliarity with these features. That must change if critical networks are to become more resilient.
Q’s to Ask for Becoming a Hero in Operational Resiliency
When the features are already available, even a modest increase in spending on training and awareness can result in huge gains – sometimes up to 30% – in operational resiliency.
Going from zero to operational resiliency hero does not have to involve ripping out what is already in place to replace it with something bigger. It just takes security leaders to ask the right questions, such as:
- Does our current equipment have features such as Packet Buffer Protection to guard against DDoS attacks?
- What would it take to enable those features?
- What are the risks involved if we do enable the extra protection features?
- Why haven’t those features been enabled before?
Nine out of ten times, security leaders will find these advanced features not been enabled because their operations people either are not aware of them or have not been properly trained on how to make use of those features. In the same 2020 Gartner study, it was mentioned security leaders are putting training on the back burner to focus on network availability and VPN connectivity instead. This will not work in the new era of holistic, integrative network security, and cyber resiliency – continuous training and skills development must be part of the prescription.
About the Author
David Hillman, who is currently working as a Senior Security Consultant with Securicon, has more than five years of experience in designing, testing, and deploying network security solutions. Mr. Hillman has led and/or participated in the development of security architecture and policy framework solutions for many complex projects. That includes experience in implementing information technology (IT) solutions to ensure compliance with audit requirements, deployment of Supervisory Control and Data Acquisition (SCADA) firewalls for segmentation, and he has also built, tested, and installed large-scale packet capture solutions.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and our publication does not assume any responsibility or liability for the same.