Fran Howarth, Practice Leader Security, Bloor Research December 2021
The traditional perimeter is dead, creating a never-expanding attack surface. Midmarket organisations are being targeted by cyber attackers and must be increasingly vigilant in such an environment. To protect themselves, they must understand in real time what constitutes normal activity (A) and behaviour (B) for each of their users. These factors provide the vital context (C) that can flag anything seemingly unusual that could be cause for alarm so that defensive action can be taken.
A is for Activity
Technology is the driver of how we interact in today’s world. It provides better access to information and much greater ease of communication. In short, its use has impacted the way that we perform activities both in our private lives and in our jobs. But it has also brought with it dangers in terms of loss of privacy and cybersecurity attacks.
C is for Context
In understanding what constitutes risky behaviour, context is of vital importance. Context takes into account the circumstances in which an activity takes place. It can include information such as where a user is located, the time of day, the type of device they are using and what information they are trying to access, along with any number of other criteria associated with normal activity and behaviour. Someone accessing a database containing sensitive information at midnight from an unusual location would likely raise red flags, prompting further investigation of such activity since it is outside of normal, expected behaviour. It may be benign, but itis better to be safe than sorry.
The eroding perimeter
There was a time, not so long ago, when organisations had defined perimeters that could be protected. Applications and information were housed within the confines of an organisation, with users having to be in the office to accessit. Dial-up connections introduced in the 1990senabled users to connect to what they needed remotely, but it was the rise of internet-connected mobile devices and cloud-based services that made access much more readily available for all and removed applications and resources from the shackles of on-premises deployment.
But it was 2020 that really saw the death knell for the perimeter. The pandemic led to governments worldwide mandating that people work from home wherever possible. Organisations scrambled to accommodate such a mandate, but not all were suitably set up to enable employees to work remotely in a secure manner. Where employees had not been issued with laptops by their organisation, many were forced to use their own equipment, not all of which had robust security controls enabled and much of which could be shared with other family members.
With so much more out of the control of the organisation, context becomes ever more vital in ensuring that resources are not misused, and workers are not indulging in risky behaviour that leaves the organisation open to attack. And itis important that any potential attack surface is covered, including email, web and cloud since these are becoming ever more vital for getting work done.
The midmarket is not immune
There is a myth that is still being perpetuated that only large enterprises are viable targets for attackers since they generally have extremely valuable information on their networks, including intellectual property. But midmarket firms also have targets on their backs. Almost everyone of them processes sensitive information, especially personal data related to employees and customers, and many are seen as effective conduits into larger enterprises owing to the business relationships that they maintain.
A preferred method of attack is the use of social engineering exploits. Recent research from Helpnet Security found that 70% of midmarket organisations reported attacks looking to manipulate employees in 2020, an increase of 7% over the previous year. In addition, the human factor is a rising problem in such organisations, with 64% reporting that unauthorised users are expected to attempt to access data or systems in 2021, which is a significant increased from the 55% reported in both 2019 and 2020. The onus is on organisations, including those in the midmarket, to tighten up their defences.
Help is at hand
Many midmarket organisations struggle to implement and maintain effective security controls owing to issues regarding tight budgets and lack of qualified personnel. Frequently, just one person has responsibility for security – and that is often in addition to their regular day job of keeping technology systems running.
What such organisations need is modular and integrated security suites that are simple to use since they are accessed via and managed in the cloud by a technology provider with the required expertise and that are specifically tailored to the needs of smaller organisations.
Censornet is a prime example of such a technology provider. Its autonomous integrated cloud security platform covers Email and Web Security, Multifactor Authentication and Cloud Application Security (CASB). The platform gives organisations peace of mind by autonomously shielding them from spam, phishing, malware and ransomware attacks at any time of day, throughout the year. Organisations can choose whether to take the services offered as they are, or to create their own rules that take their particular environment and needs into account.
How it works
Organisations that subscribe to the services offered can download agents for managed devices/endpoints, or organisations can deploy gateways to protect fixed desktop populations. Where agents are to be used, these can be pushed out using Microsoft Group Policy or other software deployment platforms. Any manner of devices can be brought ‘in scope’, including mobile devices. The protection that is afforded matches what would be available in traditional systems where everything was on premises, protected by a firewall, but without the implementation and management hassle, and at a lower cost.
The platform is predicated on the identity of users to control their activity and hence behaviour through the use of context related to what they are trying to do. It is built on powerful and flexible condition and context rich rules and policies that can support zero trust initiatives. Context, including identity, go hand in hand to provide trust – trust that users are who they say they are, that they have permission to undertake certain activities and that their behaviour is as expected. Only users with permission to access Salesforce, for example, may do so and permissions can be set at a granular level so that entitlements that are granted cannot be exceeded. Underlying all is a shared identity store across all components of the service to ensure that all are in synch, with full integration with on premises and/or cloud-based (Azure) instances of Active Directory.
Where an activity or behaviour is deemed risky according to the context in which it is undertaken, Multi-Factor Authentication (MFA) can be added as an extra layer of assurance. This not only curtails risky behaviour on the part of users but prevents stolen credentials – a favoured method of access for attackers – from being used to gain access to sensitive resources.
The autonomous and simple nature of the platform, including implementation and management, make it ideal for the needs of the midmarket, providing them with the benefits that have long been enjoyed by their larger counterparts.
In a social setting, managing your Ps and Qs –often taken as meaning to “mind your manners” –is expected behaviour. Where security is concerned, behaviour baselines must often be set as they are not as well established with regard to technology as they are in a societal setting. Getting your ABCs right is the key to stopping attacks and unwanted behaviours in their tracks.
Find out more about Censornet here.