Security threats have evolved considerably over the years and Palo Alto Networks knows more than most that “protecting our way of life” also requires a digital approach in the modern world.
Historically, nations would protect their way of life by having the sharpest swords, the biggest guns, the sturdiest tanks, or the fastest planes. Nowadays, it’s as much – if not more – about who has the most secure networks and systems.
CloudTech spoke with Greg Day, VP & CSO EMEA at Palo Alto Networks, about protecting the world from modern threats.
CloudTech: On Palo Alto Networks’ website the company states its mission is “to protect our way of life in the digital age by preventing successful cyberattacks.” With the pandemic altering life for people around the world, to what extent do you think this altered the cybersecurity landscape?
Greg Day: One key aspect that altered the security landscape this year was of course the shift to so many people working from home, meaning the weak point became what else could act as a bridge to the secured business device.
Many homes now have between 20 and 50 things connecting to home Wi-Fi hubs, with an increase in smart home devices, including doorbells, TVs and digital assistants, as well as a plethora of family phones, tablets, wearables and computers, so we’re seeing more and more non-business devices coming onto networks and now needing to be secured alongside business IoT.
We’ve also seen security policies being relaxed with the need to allow staff to use their devices at home, for example, enabling USB ports to allow home screens and printers, or other requirements. All of this means the end device and those things around it become bigger risks of access into a business’ critical systems and information.
CT: What advice would you give to companies that are thinking of adopting cloud, or that have been struggling to do so in the past year?
GD: There’s been a big rush to the cloud, but security has often been left to play catch up.
Most companies in Europe had plans to move key business processes to the cloud over the next few years, but with the onset of the pandemic, this became the next few months. Rather than taking the time to recodify processes, an intermediary lift and shift step was added: the quick move. While the process may still be the same, the environment and security changes.
My advice to businesses earlier this year was to move quickly on to stage two – recodifying to gain the real advantages of agility from the cloud – but security teams were still left fixing the issues from the intermediary shift. This continuing migration at pace will have led to security gaps, and we’re likely to see more cloud security incidents until the shifts are completed and stability resumes, at least for a while.
CT: What other cybersecurity trends have you noticed developing?
GD: Ransomware is a growing trend that none of us can afford to ignore. The challenge is that ransomware operators are always on the move – improving, automating and becoming more effective at targeting larger organisations. And they’re getting a lot more money for their efforts. In the first half of 2021, the average ransomware payment has nearly tripled compared to the previous year to about $850,000, according to research by our Unit 42 team.
The challenge with ransomware is the time to impact is much shorter than more traditional attacks, so businesses must shift from detect and respond to being able to prevent; time to action is critical. Defending against ransomware attacks is similar to protecting against other malware. There are three main areas to think about:
- Preventing initial access – for example, by training employees to be able to spot malicious emails and report them, but also regularly patching systems and reviewing access privileges;
- Back up data, but also implement and rehearse recovery processes to minimise downtime & cost in the event of an attack;
- Having the security right controls in place will drastically reduce the risk of infection from common ransomware variants. These include technologies such as endpoint security, URL filtering, advanced threat prevention, and anti-phishing solutions deployed to all enterprise environments and devices.
CT: Are there any other things you think CISOs should be focusing on at the moment?
GD: A key issue every CISO is facing is a problem we call the cyber-time paradox: the workload on the security teams is increasing, businesses are becoming more dependent on digital processes, and the amount of downtime allowed has been shrinking – particularly during the pandemic. This has all meant there’s less time to act, but more work for any security team to complete. With this in mind, I think there are three key imperatives every CISO should be focusing on:
- Simplifying cybersecurity – Multiple CISOs utter the mantra ‘for every new solution, remove two legacy solutions’ but in terms of costs and scale, consolidation is king.
- Teams get more alerts than they can process – Being able to correlate, consolidate and, more importantly, convert alerts into actionable outcomes is critical. Otherwise, there is no means of extending capabilities.
- There needs to be real fidelity about the problem – Any incident typically has many follow-up procedures and automation is not just a big singular STOP/GO button, it is much more about the augmentation of human skills. Teams must first identify the highly repetitive steps in every process that can be automated to shorten the process timeline.
(Photo by Nik Shuliahin on Unsplash)
Palo Alto Networks will be sharing their invaluable insights during this year’s Cyber Security & Cloud Expo Global, which runs from 6-7 September 2021. Find out more and how to attend here.
