Event Recording

Martin Kuppinger: Cybersecurity Trends in the Age of Work from Home

The way people are working has changed fundamentally. Cybersecurity is even more essential than before. Martin Kuppinger, Principal Analyst at KuppingerCole, will look at the factors that drive the relevance of cybersecurity, but also change the way cybersecurity is done right. He then will look at the trends in cybersecurity and how new technologies and methods help in mitigating cyber risks and improving cyber attack resilience. This includes looking at the impact of Work from Home, changing attack vectors, or the impact of AI on cybersecurity, and discussing what new technologies such as SOAR and Cyber Ranges can provide for getting better in cybersecurity. He also will look at the need for doing a thorough cybersecurity portfolio assessment, to optimize spending and getting a grip on the zoo of cybersecurity tools most businesses already have to pay for and to manage.

Welcome everyone to this company call event, the cybersecurity leadership summit and special already announced my opening keynote relatively short speech will be about cybersecurity trends in the age of work from home. And yes, work from home is very related to the current COVID crisis. I will talk about how work from home affects cyber security. And I also look a little bit at what else's hot in cyber security, but it's very clear. We, we are in a, in a challenging and to some respect also interesting time, and that is true for all of our life and it's true for cybersecurity. And so when we look at the cybersecurity challenges and trends, I'd like to start a little bit about talking or looking at why, why do we need to change the way cybersecurity is done? And here we have a couple of challenges. And the one we are aware for quite a while is there are more and more attacks.
The, the attackers become more professional. It's really an industry we're faced with. So cybersecurity challenges are here to stay. At the end of the day, we have the change to work from home and bring your own device. That was something which really sort of heavily affected what was happening over the past eight or nine months right now. So this immediate shift to work from home to a different work style, and also the needs very frequently to bring in your own devices. We have the other trend, which also affects cybersecurity, which is cloud first. So we had this, this challenge of, or have this challenge for quite a while, that, that we don't live in our structured on premise environment anymore, anymore, but it it's really changing. And, and last or least the way we, we construct applications also is fundamentally changing. So this is this DevOps or devs where we go for development, where we go for applications and where we really are need needing to do to work with different security paradigms, because it's totally different thing to protect the single application than to protect an, an actual environment which where, where sort of containers pop up and go down.
So a lot of changes. And on the other hand, we have different paradigms and technologies on hand to deal with cyber security. And first and foremost, there is this zero trust thing. So zero trust is not a technology. Zero trust is a concept. It's a paradigm which says, okay, we don't have that single entity like the firewall or whatever else anymore, which we can trust and everything behind that device or in front of the device is secure. And we don't need to care much about it. That's not the fact anymore in a world with cloud services with bring your own device devices, etcetera. There's not that single entity, that's single place we can trust. So we need to adjust, but there is a lot of good thinking behind that. We have AI, which helps us in many areas. I'll touch this a little later. We see a huge uptake of what is called.
So our security orchestration, automation and response, which goes beyond what we did for many years, trying to analyze all the locks and all the events and figure out where, where anomalies and outliers are towards really reacting on that. Automating the reaction, responding to challenges, so getting better. And I think it's important the more, and the more frequent attacks we have to fast, we must be in our reaction. And I see also a trend, which is going beyond the experts. So security, cybersecurity affects every one of us. And we all know that the user itself, as the most frequent point of attack. So fishing for getting access to a network is still the, the common way to, to start a attacks. And so we need to involve everyone. And I believe also we can benefit from involving everyone from broadening cybersecurity. So having said this, we are facing a, a couple of challenges in cybersecurity these days.
One, which I believe Mel touches again in a, in a minute is data security. At the end, we, I believe is still too much focused on network security on device security, but at the end, what do we already want to protect? What we want to protect is data is information. These are our ground rules for many organizations. That is what we want to protect. And so logically, we should put far more emphasis on data security, beyond traditional network security, et cetera. We have all these new services in the, and data go, maybe data security, maybe back to work from home. Also, the point is data started sprawling in the work from home world, new tools, new services, and again, these new services then. So everyone started using tools like zoom, like teams, like all the other collaboration tools from other vendors that also led to a situation where data resided in other places where people communicated differently, there different devices we're in.
So clearly a challenge, maybe the, and I dunno, it's hard to say, which is the biggest challenge, but a very big challenge is that we still do too much with passwords and have no MFA in place. And we are still horribly weak when it comes on average. So most of you probably listening already have done everything, but we need to get better on that. Multifactoral indication is really a very important measure. And we need to think about getting rid of passwords. When I talk with, with customers and discussion comes up on, on how can we improve the handling of passwords? My main comment is don't focus that much on improving that that might be necessary and it might be necessary for many years, but strategically seen your emphasis should be on password less, go pass. Not less at least go MFA. We have to bring your own device C I already touched it.
And we have these open networks. So it's communication starts in a probably RA insecure wifi at home, goes through the app, the internet, and it ends somewhere in your organization and assess services. Cetera. So it's less control. And that is also what comes in with zero trust. So work from home and zero trust are very tightly related when it comes to these suspects, we have less control. And when we look at this in a, in a very simple picture, we have to user who comes in using a device over a network to a application. So if it's SA we not even have the system below, we only see the application and their data. And where do we have, how much control we have control about the user, about the user identity. And that is also something we can solve. Why? Well, technology is here for the device.
It's more tricky because if it's the corporate own device, we might get some good crib on it. It's not than not. We have the network, which is how to control. We are lucky when we get, can get some information about the network to understand how secure or insecure it has been. But we probably better assume that this is not the secure part. Clearly we can encrypt on top of it, but that's it. And yes, we can use VPNs. We can use other types of, of cloud based sort of virtual networks, stuff like that question always is how well does it fit to the working reality of, of, of users. So passing from device at home, through your corporate network and out again to a SA service, we, and Y VPN might not be the most logically way. We get a CRI on the applications and we could get a CRI on the data.
We are not good here, but we could. So this is something we can do even while we are not yet here. When we then look at cybersecurity, there are, from my perspective, five very important premises and actions you need them to take. The first premise is you are a target. Yes, everyone is a target. And never assume that no one is interested tagging you. This attacks our widespread, they attack. They attack everything and there's no perfect security. So we need to take different measures and we need to prepare for being breached resilience. The ability to recover is central, go for zero trust. Don't trust a single device plan for diverse. I've already touched it at the end. As you preach as soon assume you are attacked and think about what does it mean and how can you react? And everything goes beyond tools. It is not trust tools and you know, tools, trust workshop we had yesterday.
I said, maybe it's a good idea that you retire one tool for every new tool in cybersecurity. You procure because more tools doesn't necessarily make things better. You need to understand how these align look at the portfolio, but also look at the processes, the organization, and the policies. So from that, what are key topics and a little bit, this is a little bit repetitive, but I'd like to sum it up. So the key topic today in the age of work from home in the age of really fundamentally changing approaches on, on, on dealing with cybersecurity, the number one thing is build on zero trust concept implement, look at what does it mean? What does it change? And go for work from home readiness. So you need a strategy and you need to be ready for that latest. Now you should go beyond seeing revisit your security operations center.
So where does your security operations center stand today? Is it really more traditional theme center, or is it something where you have well thought out use of, of managed services, where you use automation and then can respond where you orchestrate across different services, optimize your tools, landscape. I already touched this. So don't go for more tools and more tools and more tools think about which tools really help you in mitigating which risks, and then figure out where to spend your money. What does, what, what helps most educate your team? There's no way to avoid security awareness, strain, security awareness training needs to be lean and so better. Do a five minute training regularly with interesting content people understand than putting them all in a room for a full day. Doesn't make sense, do it in a way also, which starts with the everyday challenges of all of your employees.
So what they've. So they, they are threatened also their private life. That's the best starting point because that's what everyone easily understands. And at the end work I'm approach, I've already touched this, that keeps your business alive. And if I would have to name one thing we had to learn to start, and it would be that one M F a multifactor authentication. It's the number one thing to do because it really mitigates mitigates a significant part of the risk of fishing attacks. If you have more than one factor, standard fishing for passwords doesn't work that way anymore. There's still ways to do fishing, but they are far more complex. And so you really increase your security. And so if you haven't multifactor authentication turned on a, a standard do it. It's not rocket science anymore. It's built in so many solutions. There are so many vendors out here which deliver very strong MFA solutions.
You can get them from the cloud. You can get everything really quickly and go to the largest. Look at the sponsors. For instance, of this event, you will find a couple of them which really can support you here. Well, so go for multifactor authentication, start with standard capabilities that there are in, in, in the Microsoft solutions, in the Google solutions, add what you need. Look that you got this pH standard support, which allows to interact with the devices. Also biometric authentication, etcetera. And if you switch it on inform your users hat, because it changes things. And so you need to test it a little, you need to blend it a little, but it's really not super complex. You can turn it fast. And as I've said, you'll find everything today readily available on the market. It's not a rocket science. And so there's no reason that I've, I've heard numbers that MFA usage still is in the 15 to 20 person range of organizations.
And we should be at the 80 to 90 person range. So if you haven't switched on do it now, AI and ML might help, but it's really not the holy CRA, so need to be careful. And then you can really benefit from it. And you can do a lot of things. You can detect anomalies. You can get decision support. So identifying the right information, searching for, for information in a far more efficient way, solutions that even help you understanding text that identified as threats. So all threat intelligence today builds on AI technology, which can do user behavior analytics. So where are the outliers? Where are things happening you don't want, expect to happen? Analyzing threats, automated reaction, all that increasingly builds on what commonly called AI and ML. So have a look at these technologies. They can make you better, but also be a little bit careful regarding all the password bingo around it.
And when, when you then look at all these, these requirements, all these changes, again, it is that you need to think about what at the end of the day is what I really need. So out of these many, many different areas of cybersecurity, and it's a big piece to tame, you need to understand what really helps. I've touched this a couple of times already in my talk today. So what you really should do is understanding which of these areas help you best. You can't do everything at the same time. You probably will not even need everything, but you will need a lot of technologies and you need to understand their impact. So you can use technologies such as when we do this in our portfolio compass, in our approach for, for portfolio optimization, you can look at, for instance, comparing different technologies across dimensions, such as cost, risk mitigation, feasibility, time to production cetera, and then understand how sort of technologies that promise doing the same thing, mitigating the same risk help.
And you also then can compare technologies in metrics, for instance, risk mitigation, impact versus total cost of ownership. And so upper right edge, high impact, low cost, ideal, low left that doesn't help much but costs a lot. Doesn't make that much sense. And then you can optimize do these exercises. I don't go into detail in the rest of time here. What I wanna tell you today, or what I try to tell you today is we need to recent security, zero trust and work from home require new approaches for cybersecurity, and you need to adapt innovations help in doing so. And you need to understand what you really need out of all these things you could have. And that also means you need to regularly review your cybersecurity strategy and your tools landscape do it because the world is moving fast. And that's what I'd like to bring to you as a opening keynote. Thank you.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00