In a connected world, IT Security should not work isolated

IT security has undergone tremendous changes recently, and COVID-19 has only accelerated this trend. Invitech has been a partner of Sophos for many years in this field, acknowledging the international expertise of the company. Collaboration is regular, not just in terms of services, but also in organizing webinars together. This time we asked Grzegorz Nocon, system engineer for Sophos, about the latest IT security trends in Central and Eastern Europe.

Sophos recently organized webinar series on exciting and actual professional topics such as malware, hacker attacks and corporate data security. Invitech made the professional event series available to customers.

How did the security management policies evolve in the CEE region in the last few years?

Connectivity is one of the defining characteristics of the 21st century, permeating every aspect of our lives. Connectivity is also fundamental to our IT infrastructure. We absolutely depend on it for both our business or personal lives. We build our networks to enable all the different elements of our lives to link up, to be part of a system rather than work in isolation. As technology continues to advance, so too does our dependence and use of connectivity.

Unfortunately, cybersecurity has struggled to see the wood from the trees when it comes to connectivity. Technology companies have focused on creating products that focus on one specific part of the problem, yet don’t connect with each other. For example, endpoint protection products connect a range of data points to identity if a file is malicious or benign. Firewalls connect multiple technologies – deep learning, IPS, sandboxing, etc. – to stop malicious traffic. Yet these two pillars of our cybersecurity defenses work in isolation, unconnected from each other. While this approach has resulted in strong individual solutions, it misses the bigger picture: as both technology and cyberthreats become ever more connected, point security products, no matter how good they are, can only ever have limited impact.

Organizations need a layered approach to security, one where products connect and share information. It’s time to embrace this new approach. Sophos innovates Synchronized Security in a Connected World. Synchronized Security is cybersecurity as a system. Security solutions connect with each other in real time via a Security Heartbeat™, working together to combat advanced threats. This automation enhances your defenses, responding automatically to events, so you can mitigate risk and slash the time and effort spent managing IT security. Only through connecting the big cybersecurity dots in this way can you create a system that transcends point challenges and enables you to create long-term security strategies that work for your business.

What are your experience now about how covid-19 situation has affected the IT Security focus in our region?

An unplanned and rapid shift to remote working is inadvertently forcing companies to relax cybersecurity controls. CIOs and CISOs must work quickly to counter the risks before the criminals capitalise on them. Cyberattackers are resourceful and opportunistic. They will move quickly to take advantage of a situation. COVID-19 is no different. There is a huge amount of global uncertainty and change right now which criminals are seeking to capitalize on. The risks are amplified by the immediate and unforeseen IT challenges that companies are having ensuring their staff can work from home. There are two areas which are most likely to result in a cybersecurity incident due to the ongoing crisis: remote access and phishing.

Regarding the feedbacks from the latest Sophos IT Security webinars: what are today's most important cybersecurity issues for CIOs at company level?

A recent survey revealed that IT managers can’t identify almost half (45%) of the traffic running through their network. As a result, they cannot block risky or malicious traffic – instead, it flows through the organization unchecked and unhindered. There would be a public outcry if an airport announced they could only security scan half their passengers, and so they allowed the other half through unchecked. Yet we allow this risky behavior on our networks every single day.

Synchronized Security is the simple, elegant solution to this problem. The endpoint always knows the true identity of an application – even if it tries to disguise itself from the firewall to avoid being blocked. By enabling the endpoint and firewall to share application identity information in real time, the firewall can identify all the network traffic and the IT team can take back control of their network. With the information to hand, they can enhance security by blocking malicious apps while speeding up business applications by de-prioritizing non-work traffic.

Finally, mobile devices are just as much a door to your organization’s data and systems as your desktops and laptops. Mobile devices travel with us everywhere, connecting to a wide variety of protected and unprotected networks, making their security state questionable. Allowing compromised devices to access the network increases your risk of attack. Yet on its own the wireless network cannot make any judgement as to the health of the devices connecting to it. Again, Synchronized Security, this time between the mobile and wireless solutions, provides the answer to the problem.

Sophos highlighted the latest hacking trends at Evolve 2020 event. Do you see that hacking is rapidly replacing 'spray-and-pray' malware attacks, regardless of the size of the companies affected?

Cybercriminals are evolving their methods and increasingly launching automated, active attacks that combine automation with human ingenuity to evade detection and move laterally. Once adversaries gain a foothold, there’s a lot of subterfuge and ‘living off the land’ that requires human eyes and a trained intelligence team to decipher, stop and remove a potential threat or active attack. IT managers might not be able to track every step or component, and Sophos MTR can augment an internal team with extra intelligence and around-the-clock coverage —including the second and third shifts that are notoriously difficult to staff. Not only are cybercriminals operating from global locations, but they could deliberately attack after business hours in an attempt to fly under the radar, as SophosLabs discovered with SamSam ransomware.”

In the 4-5 years ahead, where do you think organizations should focus their time and resources regarding managing security? What security solutions should companies manage by themselves and what to outsource?

We live in an interconnected world and, with almost half the planet now using the internet, we’re only going to get even more connected in the years to come. Burying our heads in the sand and continuing to focus on individual point security products is not the answer – not only does it leave us vulnerable to threats, it also increases the cost of IT security to the business. Rather than resisting connectivity, it’s time to actively take advantage of an integrated approach by moving to cybersecurity as a system. By working together, security solutions can detect, analyze, and respond automatically to incidents and infections. This slashes response time and enables IT security to switch from being a business cost to a business enabler.

As Réka Pölöskei, Invitech IT Security Product Manager mentioned, in Hungary companies generally use more than one system when it comes to IT security. According to a recent IDC study (2017), a domestic company uses on average 6 IT security systems simultaneously. Operating them and understanding the correlations requires a higher level of competence and resources on their part. Synergy-based protection solutions can increase a company's security level it is also important to have the right expertise to operate these systems. After all, just as hackers use automation combining with human ingenuity, so does protection.

Invitech's IT security engineering team offer solution in this specific topic to customers with many years of professional experience in Sophos products. Invitech experts provide assistance on survey and also installation including operation, which are all available on a monthly fee basis for Customers.