Redefining Security post-pandemic: Empowering change control in the new normal
Amid the COVID-19 pandemic, remote working has added a new dimension to the security, compliance, and digital transformation demand landscape. Now, more than ever, it is increasingly important for organizations to embed security solutions and processes that reduce complexity and massively increase the automation of killer manual tasks.
Last month, our team at New Net Technologies had the opportunity to host a virtual panel on securing digital transformation and what COVID-19 means for cybersecurity as we continue to navigate the growing remote workforce. The panel, which consisted of several security experts, focused on the topic of redefining security in a post-pandemic world. The session kicked off with the question, 'Have you noticed a more compliant workforce?'.
CIO of Waverton Investment Management, Mudassar Ulhaq, stated that, "The reality is, collaboration outside of your norm relies heavily on the employees’ willingness to adapt. Adaptation over the last 6 months has been a big driver behind successful organizations. We’ve used this time as an opportunity to provide a refresher around cyber awareness training and to run weekly town halls with all staff. The open communication from senior management and the regular reminders have really helped in asking staff to be compliant outside of the office."
Taking advantage of remote work as a time to re-engage employees’ cyber awareness is crucial in maintaining security, but remote work has also brought on unique difficulties in keeping organizations secure. NCSC-Certified Cyber Incident Planning and Response (CIPR) recommends that organizations build a trend using employee-reported data in order to maintain visibility across their networks. "The biggest challenge with protected monitoring is the sheer volume of information," said Angus Macrae, Head of Cybersecurity, King’s College London. "Organizations should be engaging with threat hunting specialists so that teams have eyes on their data 24/7."
As the workforce continues down the remote path, organizations need to focus on how they can gain visibility across their networks and data centers in order to detect unauthorized changes. Organizations are seeing a major push to open up connectivity to their networks at a rapid pace. As CEO of Cyber Management Alliance Amar Singh puts it, "If before you had five offices and 10,000 employees, with remote work you now have 10,000 offices on top of your five original offices." With the increased risk in attack surface, remote working can create shortcuts through all kinds of security layers, exposing critical business processes and related digital assets from the often less-protected home office. Organizations now need to pay even closer attention, as they are one slip away from exposing their data to the rest of the world.
So, what does it mean to detect unauthorized changes within your network, and where do you begin? The answer to this is change control, not to be confused with change management. Change control is defined as the process of understanding and monitoring the actual changes that occur, with a specific focus on spotting changes that may cause harm. Conversely, change management is the process required to request, review, approve and commission changes.
Change control seeks to examine all changes that 'actually' occur and reconcile these with what we expected, along with further analysis of the changes to ensure no hidden malware or zero-day infections exist. Simply put, organizations need change control to ensure the changes that are happening are not harmful. Organizations of all shapes and sizes need to automate configuration while using VPNs and Firewalls for remote working. This way, teams are provided with an audit trail of what was changed, what the implications are, and how to fix it.
Mark Kedgley has been the Chief Technology Officer at New Net Technologies since January 2009 and has approaching 30 years’ experience in the IT industry covering support, solution sales and business development.