Zero-trust is up post-COVID-19, but you’d be wrong for thinking it will keep networks safe.

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

August 6, 2020

“Now a good chunk of your critical assets are behind the firewall, but all your employees are not.” 

That’s what NetMotion CEO Christopher Kenessey said recently. He was summarising the problem we’re all facing: All of a sudden, the working world has changed. How can we secure our networks in the new working world?

The rise of zero-trust

According to Dark Reading, many are turning to zero-trust security models Under the model, security pros treat everyone as potentially compromised at all times.  And they continuously check to see if that’s the case. It’s a smart ploy. Verifying rather than trusting helps detect threats sooner. But still, is it really enough?

No silver bullets

In security, there is no such thing as a silver bullet.  That’s why almost all of us take a layered approach to security. Almost all of us use multiple safeguards to protect the same thing. We use passphrases and app-based authentication. We install firewalls and antivirus software. We enlist spam filters and simulated attacks. So don’t get us wrong: in the post-COVID world, zero-trust is an extremely good thing. But zero-trust tasks a small handful of people (like the IT or security team) with spotting attacks.  Can we not enlist our people to help?

Recruiting our people

With borderless security awareness, our people help us spot and stop attacks.  Yes, people are increasingly “working from anywhere”.  And yes, things like security posters, seminars and e-learning have lost gravitas. But we must keep in mind that our people are still our greatest asset. Borderless security awareness recognises two things. It recognises that COVID-19 has erased more than just the border between homes and offices. COVID-19 has also erased borders curtailing protected networks, security policies, ambitions and mindsets. And it recognises that our people can be our greatest cyber defence. We’ve written about borderless in detail here. In short, borderless flips the traditional model for security awareness on its head. It grants people the information they need whenever they need it, wherever they are. That means real-time support.  Not a training seminar six months before an attack. Not an annual dose of compliance-based e-learning. Here’s how borderless looks in practice.

A borderless approach for a borderless world

Post-COVID, it’s clear we need a new approach to addressing the human aspect of security.  We need ingenuity. We need to rethink things.  As was the case pre-COVID, we need to verify rather than trust. We do need zero-trust models. But we also need a new approach to security awareness fit for the way we now work. Post-COVID, we need borderless security awareness.

Post-pandemic, CISOs are overlooking an important cyber defence

Post-pandemic, CISOs are overlooking an important cyber defence

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more
We thought we needed to secure remote workers. We were wrong.

We thought we needed to secure remote workers. We were wrong.

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more