Post COVID-19: What will the world look like from a security perspective?
Remote working has suddenly become the norm for the foreseeable future, with estimates that up to half of the UK’s work force will adopt a work from home posture in the coming months. Whilst some may relish the opportunity of having lunch with their family or flexible working hours and advocates of remote working promote the increase in productivity, the reality is that this will put a significant strain on networks everywhere.
With very short notice organisations have had to rapidly introduce Virtual Private Network (VPN) access and enforce staff to adhere to company access policies for remote working, or in some cases even establishing these processes from scratch. This is a huge challenge for network administrators that will take some refinement over the coming months and one that will likely shape workforces in the future.
But more disparate working creates a much wider digital estate for organisations to maintain visibility over and an increase in network data, which has already been seen across the globe, offers more opportunity for threat actors to hide amongst an ever-growing threat landscape.
Extending network perimeter and threat landscape
As individuals start to configure their home working environments one of the first things each of us will do is connect our work computer to our home network. The majority of home users are unlikely to have changed their default admin router credentials from the time they bought it, creating a potential avenue of attack for a threat actor to gain access on to the work computer and then into the organisations network.
Additionally, in every household there are on average 11 smart devices connected to the internet, many of which have inherent security issues and are vulnerable. This increases the avenue of approach significantly, providing threat actors a potential route into a home network, enabling them to discover the assets on the network before moving laterally on to the targeted system, creating a wider threat landscape.
This opens up the organisations’ network perimeter considerably and the larger a perimeter becomes, the more challenging it is to ensure there are no vulnerabilities or points of access for nefarious actors.
For the aforementioned reasons, it is not unreasonable to suggest that COVID-19 has changed the threat landscape significantly more than any event we have seen before it. Whilst previous high profile threats such as WannaCry and NotPetya highlighted apparent weaknesses in infrastructure, this was mainly focussed towards a particular industry and could therefore be contained. The scenario we are seeing now is both industry agnostic and global, creating opportunities for threat actors to access networks everywhere.
Increased network scale
The move to remote working has both increased the volume of data flows and widened the number of endpoints in the network. While this may relapse for a period when COVID-19 is behind us, we can expect this direction of travel to continue in the future with more people being digitally active for longer using a greater number of devices. As a result of this expansion the Global Datasphere is forecast to hit 175 ZB by 2025.
Over the coming years we can also expect 5G to bring lower latency, faster speeds and support much richer data. This will be particularly important for connecting multiple devices together to enable the adoption of Internet-of-Things technology at scale.
6G, while still a concept, is predicted by 2030 to bring even faster speeds and effectively zero-latency. These future trends will lead to a world that is increasingly digitally connected and will require networks that can cope with the Tbps demands that these data and interconnectivity will impose upon them. The performance and security of networks will rely on infrastructure and hardware that can handle these high rate data flows.
More data and more services
Organisations will need to take further steps to increase the efficiency of their Security Operations (SecOps) – this means more dense, consolidated security infrastructure and offloading specialist security tasks in the form of professional and managed services. Both of these enable organisations to maintain the strength of their security posture as data rates and the complexity of security operations increases. Another area of SecOps where this will happen is in threat intelligence.
Currently organisations spend a great deal of money in the acquisition of threat intelligence and turning it into something usable. We expect to see the growth of Threat Intelligence Gateways – platforms which find, take in and normalise multiple sources of threat intelligence so that they can be used across the security infrastructure. These platforms enable organisations to reduce the huge amount of time and financial outlay on building actionable tactical intelligence. This can be combined with the wider threat intelligence services for operational threat intelligence (periodic written reports for SOC analysts and managers) and strategic threat intelligence for the C-suite. These, again, are specialist security services available that can be leveraged to reduce short and long term costs whilst maintaining and increasing the strength of an organisations security posture.
Globally interconnected future
The crisis has temporarily resulted in countries closing their borders and restricting movement of people. In this crisis governments have tended to act on their own using guidance from their own advisors and international bodies such as the World Health Organisation. When this is behind us we can expect there to be focus on what lessons have been learned from the pandemic and an assessment of how future global crisis should be managed. One can expect that a key learning will be creating a mechanism for nations to cooperate globally and rapidly on issues that transcend borders so that once a pandemic is identified, coordinated action is taken globally to save lives.
However, the reflection that the world needs to act in unison against threats is true for issues beyond health. Indeed there are similarities between a virus propagating through a computer network and a virus spreading through a human population. Beyond this crisis networks will continue to grow larger in scale and the threat landscape will continue to grow. Fostering greater cooperation and transparency between governments, organisations and people would be a significant help in the fight against cybercrime.
It is for this reason that cyber security solutions should be at the forefront of network protection now more than ever. The growing and ever more disparate digital estate will inevitably introduce new challenges for organisations and security teams, whilst the growth of network data provides more opportunity for threat actors to hide amongst the noise. This highlights the importance of total network visibility as well as collaborative work and threat intelligence sharing across multiple communities and industries in order to resolve any issues at the earliest opportunity and providing a safer internet for all.