Change is constant but it is not always wanted nor easily accepted. For the last two decades, the enterprise network has primarily consisted of appliances deployed in a controlled number of settings and locations. As such, security has typically been handled with intrusion detection (IDS) or intrusion prevention systems (IPS), firewalls, and other legacy tools. Those of us on the security team became familiar with the tools and managing them became very rote and process driven. We got very good at being comfortable because we knew we could see the traffic and activity that we needed to see and we could react very quickly because we knew what tools to use. After all, we had seen it all before.
Then along came COVID. COVID served as a catalyst for accelerating technological change, bringing an unprecedented shift in how businesses leverage technology, and propelling advancements that might have otherwise taken years to materialize. It forced us all out of familiar work and social routines and it forced businesses to make immediate changes to their infrastructures, accelerating the adoption of remote work technologies like video conferencing, cloud-based collaboration tools, and virtual private networks (VPNs). Gone were the neatly confined work stations at designated office locations managed by a centralized security operations center (SOC). Individual work stations where ever employees lived very quickly became the new normal.
These changes also opened a Pandora’s box of opportunity for attackers who now had a new landscape of devices that they could exploit and that spread far beyond the control of a traditional SOC. In fact, research found that previously unseen malware and other malicious activity jumped from 20%, prior to the pandemic, to 35% in just the first few months of the outbreak. The interconnected distributed network meant that the security measures we had once relied on, were no longer sufficient in keeping up with increasingly sophisticated cyber threats. We had to step out of our comfort zones and embrace a more proactive approach. The question became: how do we do this?
As with any change, there is always resistance and accepting that the “old” way of doing things is no longer sufficient can be challenging. However, we must adopt a mindset that acknowledges that the dynamic and dispersed nature of threats in a post-pandemic world means that we have to embrace new ways of staying up-to-date on the latest security trends, emerging vulnerabilities, and evolving attack vectors. This proactive approach will better allow for the swift adoption of new security measures and tools as well as the adaptation of existing protocols to effectively counter emerging threats.
Moreover, cultivating a culture of shared responsibility is essential. Often the assumption that network security is solely the responsibility of IT professionals can lead to a fragmented approach within organizations. We have to make sure that we do not undo all of the work we have done to break down the silos within our organization. We can do this by emphasizing that every team member is a stakeholder in ensuring network security and promoting a collective effort towards safeguarding sensitive data and assets. This inclusive mindset encourages employees to become more vigilant, practice good cyber hygiene, and promptly report any suspicious activities.
Additionally, embracing risk as an inherent aspect of innovation is crucial for fostering a security-oriented mindset. If we fear failure or resist these changes we can hinder the adoption of new technologies or security measures that could potentially mitigate vulnerabilities. We would do better to reframe these risks as opportunities for growth and innovation. We can proactively assess and manage risks while embracing new solutions that enhance network security without stifling progress and ultimately even save costs.
That said, the significance of anticipating and preparing for worst-case scenarios cannot be overstated. If we operate with a mindset that acknowledges the possibility of breaches or security incidents, we are empowered to develop robust incident response plans. By refining our response strategies, we minimize the impact of potential breaches, and we can swiftly mitigate the aftermath of security incidents.
Stepping outside the confines of our comfort zone and embracing a mindset that prioritizes adaptability, shared responsibility, risk-awareness, and preparedness for worst-case scenarios is indispensable in fortifying defenses in the modern distributed network. If we welcome this transformative mindset as a security team, we will not only enhance our security posture but also pave the way for more resilient and proactive approaches and ultimately prove that no matter how uncomfortable change can be, in the end we will be better – and more secure – for it.