The Security Revolution?
Cybersecurity is something that has been on my radar, as I’m sure it has for many others as well, for quite some time now. However, it’s the so-called ‘security revolution’ that has really caught my interest. And yes, I promise that I have actually been following the news, and it’s not just my infatuation with Mr Robot. I first remember the exact phrase ‘security revolution’ gaining popularity after Cisco Live 2016 back in July, and since then I’ve seen it appear many more times in the news, which leads me to think its gaining traction.
In fact, it seems like every few weeks or so we hear about another cybersecurity scare in the news. The August iPhone security flaw, which allowed hackers to gain complete control over the infected phone, being among the most memorable incidents that’s happened recently. The nature of the attack reminded us that Trojan Horses and spyware still pose a threat, and yet their ability to raise eyebrows is slowly being overshadowed by the more brazen tactics employed by ransomware.
More specifically to the channel, bring your own device (BYOD) presents its own problems to network security. The possibility that people can introduce vulnerable or compromised phones, laptops, and even core infrastructure, to the network is a logistical nightmare. This might seem impossible to regulate at first. How can we have any form of control over completely autonomous users and devices? One answer, perhaps, lies in ‘access’.
What can be done and what is being done?
There is little reason for most networks to give the same level of access to every device and user connected to the network. We are already familiar with creating guest networks, and so we are already used to restricting access, but this can be taken a step further by installing network solutions that allow us to properly assign privileges and restrictions. Essentially, giving far fewer devices access to the heart of the network, which would make things easier to track and to monitor. After all, many attacks still rely on users slipping up and giving hackers access to their device, which the hackers can then leverage to gain access to the wider network.
Still, having systems in place that protect us from cyber-attacks both internally and externally are not necessarily enough on their own. To say that we should just accept that cyberattacks happen and do nothing about them is far from satisfactory. This is potentially why there seemed to be one idea emerging above all the others in the CRN special report, the idea of prevention. The most ideal way of carrying out security is to be proactive, and that means analysing and detecting threats and stopping them before they happen. As good as this sounds, we seem a long way off from a perfect world without security flaws, and so for the time being, it’s of the upmost importance that we don’t lower our guard.
The CRN’s report’s primary focus was in the commercial space, and whilst the survey suggested neutral feelings towards whether ‘anti-virus software is dead’, even on a personal level, I have noticed a reluctance to buy anti-virus software among my circle of friends. This also extends to a general lack of urgency to update their devices and protect themselves from the latest security flaws. This reluctance was captured in the feedback from the report, as many resellers indicated that there’s a stark contrast in up-take of cybersecurity measures depending on the size of the business. In short, it would seem that most would view the cost of their cyber security too high, and other costs take precedent.
What needs to be done?
There is a positive spin on this though, we all get round to updating our devices eventually, and I think we can all agree that we are far away from a time where we can feel comfortable foregoing anti-virus software altogether. It appears that on some level we do acknowledge the importance in protecting ourselves from cyber-attacks on at least a basic level. I think the analogy of closing the front door is an apt way of viewing things. In many ways, resellers and distributors now just need to focus on raising the bar of what the end-user views as basic protection.
Cybersecurity is looking like it will become ever more significant, and this will invariably help the cause of raising awareness. Lots of figures have been thrown in the air when it comes to the scale of the internet of things (IoT), but the estimate of 50 billion devices connected to the internet by 2020 doesn’t seem too farfetched (read the full Cisco whitepaper here). Alarm bells regarding security should be sounding whenever and wherever connecting things to the internet is mentioned. You might remember the search engine, Shodan, featured in the news over the pasts few years for its ability to find unsecured devices and gain access to them, and it’s quite surprising how many devices lack even a basic level of security.
The current cybersecurity environment is one of uncertainty, where defence is not as common practice as you might hope, and this means we do need to review where the weaknesses might lie on our networks, whether that’s at home or in the workplace. In any case, the best defence against cybersecurity is vigilance and knowledge, and there is an abundance of information and security measures available for those who seek it.