BT’s Dónal Munnelly believes 2021 could mark the end of the ‘castle walls’ approach when it comes to cybersecurity strategies.
The infosec world evolves every year. Security defences become more advanced all the time, but hackers are also finding more sophisticated ways to circumvent them.
However, nothing could have prepared the world for the sudden shift that occurred in the first quarter of this year, which sent much of the global workforce home and left infosec professionals scrambling to ensure that business infrastructures remained secure.
So, with all that 2020 has brought, what is changing about the world of cybersecurity as we move towards the new year?
Speaking to Siliconrepublic.com, BT Ireland’s security product marketing manager, Dónal Munnelly, identified the shift from the traditional ‘castle walls’ approach as one of the biggest changes, largely due to the move to remote working and away from secure offices.
“Security teams built up those walls as high as they could to prevent people getting in,” he said. “Now nobody’s in the castle but everybody needs to get the data and sometimes the data is now not even in the castle, so people are out in the wild and it’s really around having a zero-trust model about how we access that data and how we share data between the company and other people.”
The growth of ransomware attacks
Another change Covid-19 brought was a growth in cyberattacks. Cybercriminals all over the world exploited the opportunities of the pandemic, and attacks rose at an ‘alarming rate’.
Munnelly believes this growth is going to continue, more specifically in relation to ransomware attacks. “We’re already seeing standard ransomware attacks but we’re starting to see DDoS with ransom notes attached,” he said.
“This year it’s probably more prevalent because we have the home worker as well as the internet connection that supports the customers’ websites, so getting hit with a DDoS attack not only takes out your e-commerce site but it might also take out your home workers.”
Another major change, which has been heralded for a number of months, is the accelerated growth of cloud computing and the adoption of hybrid cloud tech. This feeds into Munnelly’s assertion that nobody’s in the castle any more, and he said he would caution businesses to think about the security implications of moving systems to the cloud.
“It’s all well and good to move to the cloud but you need to make sure there is appropriate security procedures in place for your staff to be able to access the right cloud services in the right place from the right device,” he said.
While businesses want to know what to expect in the infosec world next year, it’s vital that they also look inwards and assess their own capabilities and limitations.
Munnelly believes companies are not discussing how mature their businesses are when it comes to cybersecurity. “A lot of businesses talk about point solutions so we hear a lot about firewalls or DDoS protection or SIEM systems. But they’re just point solutions, they’re not really a holistic view of your organisation,” he said.
“Having that kind of holistic view of the big picture of the company really helps customers and companies move forward with their cyber assessment and see where they fit within that security model. They can also kind of baseline themselves against other companies to see what other companies are doing within their sector and where they fit.”