It’s has been just over a month since our family, social, business and societal worlds changed to an unrecognisable degree and in a manner that may never return to its previous state. This isn’t the time to describe or discuss the broader implications of the outbreak, but it is the right forum to highlight the role of Information technology and the impact on everything we previously knew plus the greatly increased importance of IT in the “new normal”
There were no instant answers for the questions posed to both society and business when news of the crisis broke. Business disaster planning and continuity systems and processes previously effective in testing were initial challenged based on a new area of concern of an unexpected kind. Businesses stalling on mass and societies in turmoil was not an option but prompt action from corporates, government and society as a whole, working in a quickly amassed concert stabilised proceedings and signposted “the new normal”.
The societal and business road to full recovery is set to be a long one. However, one thing is certain, information technology has not only proved its worth to date, it continues to be a shining light through this crisis
Observations to date have highlight a number of waves.
- The first wave was for both families and organisations to ensure people remained calm and safe. It was more about human well-being, increasing levels of understanding and taking steps to protect people in the midst of unprecedented change. With cashless monetary ideals increasing, pervasive financial services organisations underpinned by IT platforms continued to function and deliver payments. Supplementary payments for income and the stability of financial systems helped instil confidence. Continuation of communication via any means necessary was imperative with the global IT networks delivering well under the strain of increased demand for home media, voice, instant messenger, voice and video engagement.
- The second wave was critical to success and drove the corporate agenda to ensure end user, client devices were available to employees at home in the shortest possible time frame. This delivered a layer of “known” by allowing work related activities to continue but from a different location – HOME. Local Wi-Fi network connectivity, performance, reliability underpinned the success of this wave with the broad consensus corporate networking and security teams plus carrier WANs, fared well at the start of a previously unthinkable event. Many lessons were learned from a device deployment and user on-boarding perspective, with knowledge continuing to evolve that may drive new architectures for user access and security in the future.
- The third wave that is easy to call the “collaboration wave” was the overnight acceptance of digital, visual collaboration tools as the new conversational engagement normal. It has surprised many the speed and validation across the board of video conferencing as a digital face-to-face engagement mode on par with human face to face or person to person face-to-face. This has been helped greatly by the vastly improved local broadband and Wi-FI network connectivity available in many homes (speaking about the UK) previously used for home media and social activities but now ideally positioned for “home working” connectivity.
- The fourth wave was to continue and where possible, increase the flow of validated information for all, available in any format where the population may choose to consume it. Daily TV briefings (at least in the UK), mobile devices, social media platforms, broad-line media outlets on the internet and paper based newsprint have continued to circulate up to the moment updates to communicate and increase understanding. Technology has helped to create and transport the continued stream of information and news to help everyone remain informed thus helping to reduce fear, deliver social and health guidance and to ensure the population remains safe.
- The fifth wave, potentially the current state and but definitely not the final wave, has been the increased importance of intentionally securing user and business outcomes for now and next. This statement doesn’t infer security was not inherent in the previous four waves but with the sheer speed required to shift people, organisations and social systems to a remote working at times a minimum layer of security was implemented to accelerate time to user benefit. Now is the time to evolve user and organisational information security to learn from the current normal and rethink the security for the new age.
Information Technology stood up to the plate and delivered at a time when humanity required a positive intervention of the magnitude far greater than anything previously considered. End to end IT platforms from user & client devices, through Wi-Fi & LANs, WANs, satellite networks¸ cloud computing to deliver on demand processing of workloads and storage for the mass of information created daily continue to deliver “country & world” impacting services every minute of every day. And we can’t forget information security is the mandatory thread running through every IT activity and outcome ensuring everything “remains “intentionally secure”.
There have been a number of IT solutions that have flipped the script, real game changing products and services that have delivered so well that they have reset any previous perceptions of value. The importance and resonance of client and end user devices, whether smartphones, tablets, laptops, internet enabled TVs cannot be overstated. Video conferencing isn’t only a norm for now, it is set to underpin a fundamental shift from work as an activity based on location to work as an “output” possible anywhere (within reason). The importance of the network as the digital umbilical cord for all cannot be higher with connectivity key to the success of the recent home working initiatives. Cloud platform and application delivery has come of age with organisations capitalising on the speed of access to “as a service” applications with the ability to deliver cloud resource based operational environments in vastly reduced timeframes. This is set to continue and grow.
End user security awareness most notably email hygiene and phishing services are proving their worth daily as the volume of cyber attacks targeted at home working personas spirals upwards. The new wave of cyber-attacks is driving a rethink of cyber breach remediation services in a remote user dominated world. Network visibility and assurance services with the capability to determine state, manage and affect connectivity in remote, WAN and datacenter situations may be next on the operational IT deployment list if the current dynamic working mode is set to continue indefinitely. And lastly UEBA (user entity behavioural analysis) may rise from the ashes as a must have security control set as organisations try to understand security anomalies and user behavioural unknowns across a remote user landscape as early indicators of attack or compromise.
We are in the midst of a state of global and societal flux of the scale few of us ever believed we would experience in our lifetimes. The loss of life is truly heart-breaking and sadly is set to continue. Information Technology has shifted from a passive role to an assertively active agent of positive change at a time of unprecedented crisis for humanity. With a lifetime career in IT to date it has been highly rewarding to see this amazing technology industry play such an important role at a time of global need with business, humanitarian and societal impacts at time that are truly humbling to witness.
Until next time.
Be safe, stay safe.
Business Line CTO Networking and Security – Computacenter UK
Computacenter Blogs (note the views within are my own and cannot be deemed a Computacenter view or perspective): https://computacenterblogs.com/author/colinwilliamscc/
The RSA security event was hosted last week in San Francisco. Circa 40000 people converged together at the immense Moscone Centre to understand information security challenges & solutions old, new and very very new that may help to protect and defend us all in an increasingly complex digital world.
The core thread of this year’s event, the “Human Element” is the most important aspect of the IT security world. Human behaviour guided by a proactive security persona can deliver positive defence against all but the most focussed and complex attacks. However, humans are equally the ideal vector targeted for compromise to ensure attacks are successful.
The recent virus outbreak of Covid-19 (Coronavirus) did affect the RSA event in numerous ways. For the first time a number (not many) of large segments of floor space remained empty based on the last minute withdrawal of a handful of security vendors. The normal on stand giveaways contained a “must have” in various forms and packages – “hand sanitizer” (thankfully something finally got rid of stress balls). The fear of virus transmission via handshakes was highly evident with a ” will they, won’t they” shake hands mental dance undertaken by many even with hand sanitizer available to minimize the spread of the virus. I fear the fist and elbow bumping used by many continue through the year (please “no”).
With so many vendors, activities, people sensory overload quickly overtook physical tiredness. The “Human Element” remained the key theme for the event but wasn’t alone as the main story. All attendees will summarise their own event messaging take aways based on their own rationale for attendance but the following resonated from my personal perspective.
- The “Human Element” of course
- Security automation
- The impact of threat intelligence (fundamental)
- Next generation security operations
- The growing importance of the Mitre framework
- Device, connection and person security visibility
- Cloud & application development secure outcomes
- The benefits of a platform approach to security architecture
There were many many more topics than the eight above, but I noticed they were most prominent from my perspective in the underpinning storyboards of many vendors.
It was pleasing to see increased numbers of vendors reinforcing optimum security is not about prevention or detection but instead both with accelerated remediation to a known good state the ultimate security operational goal. It is impossible to prevent all inbound attacks especially when “the Human Element” remains the most important and accessible part of the digital engagement chain. Simplification, enhanced visibility, a dynamic platform plus a single page view integrating all vendors must be the essential goal for any vendor aiming for mastery.
I have mentioned a few times on these pages the benefits to all of “brilliant basics”. It’s time for us to strive for operational simplicity always (automation can help) to make a secure outcome, the default outcome for the system or application user whether it is a person or a “thing”. The user should not need to consider “switching on security” for a particular task or outcome, it must be inherent, automatically appear (ideally invisibly) and protect the user activity by design. We can do this today in both application development and security operational delivery environments but in too many cases allow culture and traditional ways of working to stall our progress towards a secure by default digital world. Synergy is the way forward to ensure a win win for all.
In summary the RSA security event remains a “must attend” event for anyone in enterprise information technology and security operations. The focus by attackers using the “Human Element” as the most effective control stack to breach should highlight to all that simplicity, knowledge and potentially automation of security controls to empower those same humans will ensure they become the first & best line of defence. We must be on our guard. Be aware on this same note, large scale email phishing campaigns with information updates about Covid-19 are circulating in the wild and starting to have an impact as increased numbers of curious users engage to gain more information. Turn up your defences, warn and educate yourself and your users.
The “Human Element” is without doubt the most important element in the security chain – working together we can also make it the strongest one.
Until next time.
Business Line CTO Computacenter UK (Networking and Security)
Email inboxes around the globe are filled though January with a flurry of IT market and technology predictions. I’ve been guilty of writing them in the past but chose not to this year. However, a few people have nudged me and requested at least a summary or a few ideas on a few significant IT security areas to consider through 2020 (not predictions). One thing I can convey with certainty, is that fact we actually don’t know what will happen in the security arena moving forward, we can assume and theorise but don’t really know. The business and technology landscape has never been more uncertain, with well skilled and financed attackers (at times more so than the defenders) due to the potential for immense rewards. To that end organisations need to be aware, pragmatic, agile with effective security controls and actionable remediation strategies to help them deliver “Secure IT”.
So, what might happen
The “Windows 7” platform will be a highly targeted attack vector (whether embedded, full function or other). Whilst many users remain emotionally and operationally wedded to the now reliable and robust legacy operating system, the end of operating system support and patches for Windows 7 software platforms means enterprises as a minimum must evolve away from Windows 7 to Windows 10 or to another secure and supported operating environment. If a move from Windows 7 cannot be undertaken in a timely manner, compensatory controls for example the use of virtual patching may add a layer of defence but that will very short lived. A move from the Windows 7 operating platform is the only outcome to maximise user and system security.
Next up, “connected things”. IOT is the collective term frequently used to describe connected devices, often without an interface for human input but “connected things” collect, process, transmit and sometimes store data. The sheer volume of connected things increases the security challenge with defenders requiring real time visibility, always on controls as they seek to minimise or eliminate the potential for attack. To make matters worse, many of the “things” become invisible to the human eye hidden in ceilings, behind walls or embedded in other devices. But they remain highly visible to attackers are easily located with simplistic scanning tools and can be used to launch highly damaging attacks (or as a beachhead to enter a networked environment). Visibility visibility visibility is everything – you can’t secure things you cannot digitally see. Connected device visibility platforms or advanced NAC systems help to determine the type, status, behaviour of all connected devices. This allows them to determine posture, grant and revoke access, supply data inputs to asset and CMDB databases but more importantly to help organisations to create and maintain a baseline of “normal or known good security”.
And last but not least, “the human vector” remains a key consideration in 2020. Un-informed users have the potential to become the weakest link in the security chain, but informed, engaged, security conscious users become one of the most significant elements of optimum security. Users have the power to make intellectual and dynamic decisions, interpreting situations in a way technology based controls cannot. With users as educated, security advocates and technical security controls working together in harmony, end to end optimum security becomes a reality not a dream.
As a recap, to maintain a security by design and by default in 2020 for users, business & consumers, three areas will be high on my list:
- Acceleration of the move from Windows 7 (or to secondary compensatory security deployed if a platform move is not possible)
- Optimum visibility of connected things (traditional connected devices and IOT) to ensure they can be located, patched, secured.
- Inspirational education of “the human” to intentionally become the strongest security link in the digital chain.
Through 2020 we must strive to make intentional security simple to consume, manage, operate and EFFECTIVE. This will help users, organisations and the industry to shift the current mindset and position security positively as the essential enabler of the digital world. Its time to start now, start today.
Until Next time.
Business Line CTO Networking and Security – Computacenter UK
Everyone loves a sequel – just look at how well the latest Toy Story instalment is performing at the box offices. But there’s one sequel that we could all do without: Ransomware 2. It’s back, and like the best horror movie villains, it’s nastier and bolder than ever before.
Ransomware 2 has already claimed a number of high-profile victims. At the end of June, two US cities paid around $500,000 each to get files and data unlocked following successful attacks. The bill for Norsk Hydro, a global aluminium producer, was even higher. It didn’t pay the ransom, but it still paid the price.
The entire workforce had to resort to pen and paper when ransomware took hold across 22,000 computers in 40 different countries – Norsk Hydro is still recovering nearly three months later. On average, a ransomware attack results in seven days of downtime.
Although the Norsk Hydro’s tough stance has boosted its reputation; it’s also damaged its bottom line – the cost of the attack has already topped £45 million. The company is not the first to end up with a multi-million dollar bill: the Baltimore City government was hit with a massive ransomware attack that left it crippled for over a month, with a loss value of more than $18 million.
The resurgence of ransomware is not surprising – it’s a proven business model and a repeatable one. It works not only at an enterprise level but a personal level too. Individuals can be just as willing to pay a ransom to unlock personal data, such as family photos and financial files, if they are the targeted by an attack.
So how do you avoid joining the ransomware ranks? Although ransomware is powered by malicious software, it still needs human interaction to succeed. Just one click on a spam email or an infected ad is all it needs for a ransomware attack to be initiated. Even a visit to a legitimate website can land you in trouble, if the site is infected with code installed to redirect users to a malicious website.
Better user education can help prevent ransomware being unleashed – whether it’s on a home device or a business computer – but it will never completely eliminate the risk. So organisations need to be ready to fight back when the ransomware ball starts rolling, which means they need robust protection from the DNS layer to the email and the endpoint.
Blocking spam and phishing emails along with malicious attachments and URLs is an important first step. But the need to balance employee flexibility with IT security means the net can never be fully closed.
Even if someone clicks on a malicious link or file, organisations can still supress an attack. If ransomware can’t connect back to the mothership, it can’t be activated.
With thousands of DNS requests being initiated across an enterprise every day, detecting which ones are genuine and which are malicious requires highly sophisticated technology. Instead of proxying all web traffic, intelligent ransomware defence solutions will route requests to risky domains for deeper URL and file inspection. They will also be able to draw on contextual security to identify unusual and potentially unsafe requests from individual endpoints.
These insights enable IT teams to make quick risk judgements that block threats without blocking genuine business activity. With new risks emerging all the time, ransomware defence solutions need to receive constant updates on the latest sources of malicious content.
If the call back to a command and control server is successful, there are still ways to contain a ransomware attack before it proliferates across an entire organisation. For example, dynamic segmentation can prevent ransomware from travelling across the network – helping to avoid a full-scale outage as experienced by Norsk Hydro.
By taking a layered approach to security, organisations and individuals can mount multiple defences against ransomware whether it’s launched via the web or email. And they will need every one of these defences because Ransomware 2 looks like it’s going to be a blockbuster. Ransomware damages are predicted to reach $11.5 billion in 2019.
Stay safe until next time.
Business Line CTO Computacenter UK – Networking and Security