Cybersecurity trends emerging from nearly a year of remote working were highlighted by a panel of experts during a RSAC 365 Innovation Showcase webinar.
Robert Ackerman JR, founder and managing director, Allegis Cyber, described how the “virtualization” of organizations’ perimeters has significantly expanded the attack surface for cyber-criminals. He believes COVID-19 lockdown measures have accelerated this new perimeter by five years in the space of one, and encouragingly, there has been “a lot of innovation in that area as people realize their definition of a secure perimeter changed radically because the definition of the perimeter changed radically.”
Ackerman added that the huge increase in cloud adoption over this period has changed the cybersecurity environment, creating “entirely new security black holes.” He said: “One of the things we’ve seen over the last year open up as an entirely new area of innovation in cybersecurity is how you get visibility into your workloads in that hybrid environment.”
Merging security controls with good user experience is also going to be critical to defending distributed workforces against cyber-threats going forward, according to Mark Kraynal, founding partner, aCrew Capital. He noted that if home working security measures cause friction for staff in fulfilling their jobs, then they will find ways to get round them, thereby putting organizations at high risk. “What people have found out is that when you push out your centralized security controls to a distributed workforce at home, it doesn’t work that well for the users,” he explained.
Real innovation will be required to achieve these dual goals, with Kraynal acknowledging that “user experience and security is inherently difficult.”
Another cybersecurity trend being observed is a renewed focus on SaaS security. Yoav Leitersdorf, managing partner, YL Ventures, believes that prior to the COVID-19 pandemic, this had been put to one side, “but now in 2020/21, its really coming back and there are lots of solutions making SaaS more secure given there’s so much work from home, which is essentially people on browsers using SaaS.”
Another area that is growing in importance is the role of developers in security, according to Leitersdorf. “I think we’ve all realised that if we let developers just develop code without thinking too much about security and leave security to production and DevOps, we’re all in trouble, and we’ve seen that very clearly in the SolarWinds attack,” he commented.
With so many aspects of cybersecurity requiring new ways of thinking and types of solutions in the current environment, Kraynal believes there needs to be a greater emphasis on improving productivity in the industry. “We have to stop thinking about the skills gap and think about it as a productivity gap,” he outlined. “In almost every area, there’s a way to be more productive – to be more developer-orientated so developers take the load on app security, to mitigate vulnerabilities better as opposed to just sorting them out and telling you which is the worst one and to go back to basics on hygiene – so I think there’s a lot of opportunity to make security teams across all personas in security more productive.”