Regardless of whether COVID-19 has increased the attack surfaces of businesses or not, one cybersecurity approach rules, argues this expert.
One of the most important ways to stop COVID-19 from spreading is to simply reduce physical contact with others or even being close to others. Central to the success of stopping the spread is individual awareness—everyone has to play their part for the safety of the larger group. If certain individuals go against these common sense rules, they put the entire group at risk of infection.
Similarly, in cybersecurity, any cyber defence is only as strong as its weakest link. If users ignore common sense and click on suspicious links, they could open up their co-workers and business to cyberattacks. Fortunately, there are many vaccination-type defences such as anti-virus software, sandboxing solutions and so on. However, for these to be effective, all endpoints must be equipped with this protection.
Amid the current coronavirus crisis, businesses across the world are rethinking their remote-working policies. For many businesses that have recently dusted off their plans for business continuity, remote-working has to be an integral part of the playbook to tackle such a crisis. Many have turned to virtual private networking (VPN) to connect remote workers securely to their business apps and data to keep working. Some may even have scaled up their VPN deployments to allow more workers to get online.
In all instances, to ensure the solution to this crisis does not create new risk to business continuity in the long run, security has to be built in from the start. That means encrypting and verifying everything that passes through the network, irrespective of where is it passing through. In other words, nothing should be taken for granted.
Only the least amount of access should be granted for a user to perform his or her role. In case of a compromised endpoint or user credentials, the threat is at least contained within that user’s realm of the network. After all, you do not want more areas of your network to be affected if there has been an undetected intrusion. A user who wants to access certain resources, will always be challenged by the system to verify who they are. Access to more critical resources should require additional levels of authentication.
In other words, a Zero Trust approach should be applied to all users, regardless whether they attempt to access from within the network, or from outside the network. Zero Trust is based on the concept of continuous verification and authorization. It ensures that only authenticated users with compliant devices can connect to critical business resources, whether on-premises or in the cloud.
An abundance of caution limits the risk of known and unknown threats. Zero Trust network access is certainly improving modern hybrid IT businesses cybersecurity, which becomes painfully clear now that the largest sections of workers are remote.
Guidance on preventing the spread of COVID-19 may be a second nature to us by now—wash hands often, avoid touching your face and so on. This new normal of security awareness hopefully also applies to how we approach our connectivity: Zero Trust. When everyone does his or her part, the road to ending the pandemic can be shorter.
This is true in so many ways as businesses seek to return to normalcy despite the challenges facing them today.