By Mike Smart, Security Strategist, EMEA, Forcepoint
Digital transformation has caused a shift in the concept of a ‘perimeter’ in cybersecurity. Traditionally walls were built to limit access to the network, allowing security professionals to focus on specific threats from the outside in. However, walls no longer exist even in highly regulated sectors such as financial services. This is primarily because of two changes within the enterprise: the rise of the mobile employee and the wide-scale adoption of cloud services.
Remote working has enabled employees to work from different locations, accessing the network via various devices. It means they fall out-of-reach of the traditional, in-house network protection, making visibility and security enforcement difficult. Financial institutions can no longer rely on security systems designed only for the single fixed office network, particularly due to the highly sensitive data they manage and store.
The risks also extend to the movement of data. Gartner predicts that by 2021, 27% of corporate data traffic will bypass perimeter security, flowing directly from mobile and portable devices to the cloud. This is obviously a huge emerging problem for security teams – but due to the sheer volume of data that businesses hold, create and process, it is no longer possible to have full visibility of the entire network using traditional solutions. This leaves financial institutions open to a range of vulnerabilities and compliance violations.
A new philosophy
There are no longer any clear lines when it comes to security. As a result, the value of threat-centric security, where decisions are made based on static policies without context, is limited. IT teams are overwhelmed by noise and false leads, disguising genuine threats. The problem is compounded by many businesses having very small cybersecurity teams, as well as a wider industry skills shortage – particularly for cloud security –leaving fewer individuals able to handle attacks.
Addressing this challenge requires an evolution beyond current security practices, which looks at how people interact with data, rather than focusing on specific threats. It’s only by identifying changes in human behaviour that insights into enterprise risk can be assessed and acted on.
Beyond the password
For the continuously shifting threat landscape of today, a transformative view is needed. One way is in a ‘Zero-Trust’ approach, where the concept of trust is removed from an organisation’s network architecture. Rooted in the principle of “never trust, always verify,” Zero Trust is a security model that means no user is given immediate access, and unnecessary traffic is forbidden. Precise identity verification is required for every person or entity attempting to access network resources, whether they’re within the network perimeter or accessing remotely.
This makes it possible to immediately identify high-risk users accessing data, especially if monitoring is continuous. Attempting to extend the traditional, threat-centric approach by adding more layers or crunching more data doesn’t go far enough – only by placing human behaviour at the centre will cybersecurity be able to step up to what organisations are now demanding of it.
This can be used to assess cyber risk in real time and remain vigilant of data as it moves within, into, and out of the enterprise. For the sensitive data financial services organisations are handling every day, this is especially important. By understanding how data flows, who has access to it and why, the efficacy of security practices can be improved.
Additionally, behaviour-based cybersecurity is tailor-made for the era of mobility and cloud. With a clear understanding of user risk, security teams can take automated action to adapt security policies dynamically to reduce the impact of risk and better protect customers and critical data alike.
Looking towards a human-centric future
It should not be assumed that cybersecurity is a binary issue of the outside versus the inside. Breaches can be caused by accidental, compromised or malicious behaviour alike. It’s a tricky conversation to have, but insider threats are also a factor. However, until a behaviour-based vision of the future is realised, there are steps that financial organisations can take right now.
Integrating intelligent security solutions that can look at user behaviour into existing threat-centric programmes will bolster existing cybersecurity programmes, and can start to address the problem of constant noise and false positives. But it’s choosing solutions that prioritise human behaviour and its context that will enable security teams to get a much stronger grip on the threats facing their organisations.