“Now a good chunk of your critical assets are behind the firewall, but all your employees are not.”
That’s what NetMotion CEO Christopher Kenessey said recently. He was summarising the problem we’re all facing: All of a sudden, the working world has changed. How can we secure our networks in the new working world?
The rise of zero-trust
According to Dark Reading, many are turning to zero-trust security models. Under the model, security pros treat everyone as potentially compromised at all times. And they continuously check to see if that’s the case. It’s a smart ploy. Verifying rather than trusting helps detect threats sooner. But still, is it really enough?
No silver bullets
In security, there is no such thing as a silver bullet. That’s why almost all of us take a layered approach to security. Almost all of us use multiple safeguards to protect the same thing. We use passphrases and app-based authentication. We install firewalls and antivirus software. We enlist spam filters and simulated attacks. So don’t get us wrong: in the post-COVID world, zero-trust is an extremely good thing. But zero-trust tasks a small handful of people (like the IT or security team) with spotting attacks. Can we not enlist our people to help?
Recruiting our people
With borderless security awareness, our people help us spot and stop attacks. Yes, people are increasingly “working from anywhere”. And yes, things like security posters, seminars and e-learning have lost gravitas. But we must keep in mind that our people are still our greatest asset. Borderless security awareness recognises two things. It recognises that COVID-19 has erased more than just the border between homes and offices. COVID-19 has also erased borders curtailing protected networks, security policies, ambitions and mindsets. And it recognises that our people can be our greatest cyber defence. We’ve written about borderless in detail here. In short, borderless flips the traditional model for security awareness on its head. It grants people the information they need whenever they need it, wherever they are. That means real-time support. Not a training seminar six months before an attack. Not an annual dose of compliance-based e-learning. Here’s how borderless looks in practice.
A borderless approach for a borderless world
Post-COVID, it’s clear we need a new approach to addressing the human aspect of security. We need ingenuity. We need to rethink things. As was the case pre-COVID, we need to verify rather than trust. We do need zero-trust models. But we also need a new approach to security awareness fit for the way we now work. Post-COVID, we need borderless security awareness.