Cyberattacks continue to hit the headlines with alarming regularity. Last year, 30bn data records were stolen – more than the previous 15-years combined. But are we really locked in a cyberwar?
Cybercriminals are only as good as the opportunity in front of them. During the pandemic, organizations were so busy fire-fighting, it pushed security down their list of priorities. And while the office was once a safe space, increased remote working has left many SecOps teams blind to what’s happening in their infrastructure. It presented the perfect opportunity for cybercriminals to invade.
Dwell time is a rising threat
With our heads turned, rather than use brute force to snatch and grab, the bad actors could sneak in, set up camp, and wait for the perfect moment to strike. The average dwell time for a ransomware attack is 43-days, increasing to an incredible 869-days for riskware. And the longer they wait, the worse the attack becomes because the bad actors harvest more information.
To think someone may be sat in your network right now without your knowledge is a truly terrifying thought, and changes the way we need to look at cyberattacks.
Organizations need cyber resilience
Rather than bolt-on another security product and hope for the best, organizations need to build cyber resilience to ingrain protection throughout their operations and into the core. This requires three things:
1). Visibility and context
When I speak to customers, often the first question is “How do we prevent this from happening?” I encourage them to look at it from another angle because we all know cyberattacks are no longer a case of ‘if’ but ‘when’. Adding five new locks to the front door isn’t going to stop a bad guy from entering through the back window.
Instead, the priority needs to be, “How do we recover quickly?”
To build this resiliency, CISOs need to ask important questions, such as:
- Where did they enter? So they know how to continuously improve.
- What could they access? So they can see how the attacker moved while inside.
- What did they take? So they can identify what can’t be replaced.
With context and visibility, recovery is fast because the organization can rewind the tape and know exactly what happened.
2). Strategy and tools
A big cause of several headlines over the last year, is supply chain risk. VMware does well in the security space, because it’s strategically positioned with intrinsic security across the major control points. Security should no longer be bolted-on as an afterthought, it should be built-in to the infrastructure from day one. We see this with Carbon Black. Its intelligence powers Workspace ONE and automates actions to shut threats down quicker.
I recently worked with a customer where IT and security were locked in a constant battle. Through VMware, they gained a secure infrastructure, which broke down the siloed working mentality, integrated technologies, and enabled the teams to react to threats faster.
Why is the office seen as a safe space?
Pre-pandemic, employees would scan their ID tag upon entry to show they could be trusted. Post-pandemic, ‘work from anywhere’ is the new order, which means I could be on a customer’s site, at home, in an airport lounge – or even in the office. But when you can work from anywhere, it becomes a lot harder to keep somewhere safe.
Take a zero-trust approach and lead with the mentality that you always verify, never trust.
When we treat every environment the same, we never automatically trust that one place is inherently safe – we always stop to check who wants to access our infrastructure. It’s this verification that allows people to work from anywhere because endpoints, users, apps and workloads remain protected at all times.
Reimagine security and resiliency
Cyberattacks surged during the pandemic because our heads were turned. But imagine that one year ago you had a security posture that supported work from anywhere strategy. No matter what was happening on the outside, inside you’d be safe in the knowledge you could always recover quickly.