Contrary to what some professionals might think, working remotely can help improve an organization’s network security strategy.
When most organizations have been forced to work from home model due to COVID-19 pandemic, C-suite and IT managers have had to assess their organizations’ network security policies and remote access technologies. According to author Aditya Mukherjee, this change may have looked like a rush at first, but it also helped IT teams recognize tools they already had that they hadn’t used to their full potential. . Organizations that make the most of their existing tools can reap significant benefits and save money.
In Mukherjee’s book, Network security policies, IT teams can learn about the best ways to secure their networks against threats and major attacks, as well as tips for improving their organization’s network security policies.
Editor’s Note: The following interview has been edited for length and clarity.
What do organizations need for an effective network security strategy?
Aditya Mukherjee: When it comes to network security, I don’t think it’s given any importance outside of normal devices and policies in place by default.
This is why we see a lot of attacks where attackers are able to infiltrate a system and then stay … Persistent in the environment for 80 or 90 days, depending on detection capabilities. So for most businesses – who don’t focus on information security [infosec] specifically – their network responsibilities fall to the network administrator or network engineer, who primarily focuses on the functioning of the network rather than its security.
One of the best ways to approach network security for any organization is to go through security audits or penetration testing to understand the gaps they have in mitigation, detection and response in order to that they can… build a more secure network. The business impact of a network breach or data loss is not just from an operational standpoint, but from a financial standpoint. [or] reputation point of view – the impact is huge.
Most organizations don’t understand how vulnerable they are or what is at risk [until they] receive a ransom note from an attacker.
What common mistakes do IT teams make with their network security policies?
Mukherjee: A major flaw is that every now and then they don’t do security reviews or security audits to understand how particular users, who persist in the environment for a longer period of time, actually accumulate a lot access. And, once these accounts are exposed or accessed by an external threat actor, they have a lot [more] privileges than they traditionally should, which is authorization creep.
Basically, make sure any new incoming device is secure. Is it expanding your threat landscape? All of these things are basic things that a lot of organizations don’t focus on.
When did network security start to become as critical as it is today?
Mukherjee: Over time, it has become more complex because now the borders are transparent. Previously, we knew some devices that we had and the partners [and] other suppliers we have worked with.
Today, with BYOD, the cloud [and] Shadow IT, the the boundaries of a company are very transparent, and this also has an intrinsic impact on the network. Know where your data is, how it is processed [and] who deals with it is very important. The different complexities have increased the need for a good secure network, which is not only operationally stable, but resilient in the event of cyber or DDoS. [distributed denial-of-service] attack.
In the past, what we have often seen is that when attackers try to infiltrate a network, they often launch a DDoS attack or try to get the attention of the security team with a fake attack. It’s important that these are addressed from day one so that you can adequately focus on everything you’re getting at the same time, instead of just focusing on an attack vector.
As the boundaries become more transparent, how does this affect network security?
Mukherjee: Right now pretty much every organization uses a work-from-home model, and that has been great from a security perspective, as many organizations have been mandated by their leaders or boards to take a long and careful look at how their employees [and] clients would be secured from remote locations entering this network. It was a huge paradigm shift for businesses, employees, and security professionals.
People started to focus on how remote connections were made, how they deal with those connections, focusing on the VPN [and] load balancing because a lot of companies … had to schedule employees to come at certain times and other shifts to come at certain times because their VPN was not able to handle this load in one times. He increased attention towards [infosec] and the overall interconnectivity between companies and employees, and this has been good for the market, as well as for [putting] safer and better policies in place.
It won’t be anytime soon that we will be returning to our workplaces and, even if we do, with the mindset that people have been in for eight to nine months – remote access and working from home will be part of the culture for every possible team.
The importance will only increase with more complex and sophisticated services to authenticate [and] empower users and how they blend with the amalgamation of different networking devices and services that we provide to clients. This will continue for the foreseeable future.
What common questions do you ask yourself about network security?
Mukherjee: One of the most frequently asked questions from CISOs is, “Are we safe? And the clear answer is either “We are secure to a considerable level” or “We are not very secure” because, as everyone knows, there is no 100% security. We must gauge the appetite for risk organisation. What is the available budget? What fixes can you put in place to mitigate the threats? Infosec has always been a cat and mouse game.
The second comes from CISOs, CEOs, Security Officers and Directors. When they come out of a security conference or chat, they hear about flashy new technologies, such as threat hunting, [user behavior analytics], zero trust, and their immediate idea would be: “How to implement this? “
One thing security professionals need to help them understand is that they don’t need to put all the technologies available in their environments to secure them. Whatever you have, first use it 100% and get the optimum return from it. And if there is a real business case for a new solution, which mitigates or further addresses an existing risk, then only then should you consider it.
Various companies have 70 security products in their arsenal, and they are barely using five to seven of them to their full potential. It is a waste of monetary value and it creates an additional burden on resources. Make sure whatever you have you are using it to the best of your ability [of its ability], then search for something new.