Gregg Smith, CEO of Attila Security, was interviewed for CISO MAG by Augustin Kurian. This is a summary of their conversation, which provides Gregg’s insights How CISOs are Securing Remote Workers During the Pandemic.
You can listen to the full interview here.
In many ways, the fully remote worker is an aspiration rather than a reality. This is because there are distinct and legitimate limitations to the types of employees who can work remotely. They are limited not only by their individual competence but by the tools available to secure their work environment.
Undeniably, the pandemic has upended business as usual. Gregg had direct connections to people inside a COVID-19 task force, whose mission it was to find remote work solutions. At that time, Attila shifted their messaging to address this issue. The results speak for themselves, in terms of increased sales and use of Attila’s products for remote teams.
COVID-19 and Remote Work: 2 Realities
There are two glaring realities about how the COVID-19 pandemic has changed the nature of daily work:
- People have been forced to work from home.
- People’s families and children are also at home.
The reason these two dynamics are front and center is because they represent a significant increase in the number of devices connected to a network. This increase has happened both for company devices connecting to company servers and other devices (such as laptops being used by children for virtual learning) connecting to home networks.
To cybersecurity experts, this is the threat landscape. Every local community has stories about this. In the first, frenzied days of working from home, many people experienced breaches. Finances were compromised, data was compromised and both corporate and home networks experienced loss. All of this occurred in a very accelerated timeline.
Future Challenges: 5G
While businesses have mostly worked hard to create patches or temporary stopgaps for breaches, the future looms large for the prevalence and pace of network activity. 5G is going to greatly enhance the speed of cellular networks, which will mean more devices are connected in a lot of different ways. This is going to explode the IoT and Industrial IoT landscape.
More devices = more threats = more opportunities for adversaries to present problems.
Remote Workers and National Security
No agency in any government or enterprise is immune to gaps that can be taken advantage of by bad actors. The COVID-19 scenario is no different than what happened with the Office of Personnel Management a few years ago. Network break-ins occur and represent global vulnerabilities. Legacy systems are vulnerable. Older systems are vulnerable. No one has upgraded sufficiently because there is an ever-evolving game in cybersecurity. Every built “wall” is countered by cybercriminals.
Highly sophisticated tasks are launched on organizations on a daily basis. There is a lot of industrial espionage taking place today. The good news is that a lot of research work is well-fortified by cybersecurity infrastructures. That said, no one is without vulnerabilities.
Whether the attack is from a malicious country looking for intellectual property or from competitive, state-sponsored organizations, defenses are essential.
Best Practices for Cybersecurity
The reality is grim but not dire. While vulnerabilities exist, there are clear and effective measures any business or government agency can take to mitigate risk. These include:
- Spend the money on cybersecurity
- Practice cyber hygiene (passwords, authentication, user behavior)
- Protocol for managing IT assets
All of these are essential to protect data and systems.
Why Traditional VPNs Aren’t Effective
VPNs are a traditional method of protecting networks. And yet, they are failing. There are two main reasons for this:
- Traditional VPNs are hard to set up, hard to use and lose connectivity. When they’re frustrated, employees will circumvent the VPN.
- In an accelerated timeline, or with personal devices, VPNs are either lacking or require IT personnel to install. This is too complex to do quickly with a large quantity of at-home employees.
These two facts have created a 66% non-VPN usage which precipitates cyber attacks.
Attila has clearly seen how much more vulnerable smaller suppliers are to attacks. It’s easy for a bad actor to get in through a small supplier and then move laterally, eventually accessing an agency network. The government has put some new, strong standards in place that are requiring vendors to align with security criteria before they are eligible to bid on projects. Only strong cybersecurity at every level of the supply chain will ensure the safety of intellectual property.
Cybersecurity standards may feel like a no-brainer but, ultimately, it’s something of an impossibility. Healthcare isn’t the same as government, which isn’t the same as finance. Creating standards across multiple industries and multiple geographies is an enormous challenge that would require some seismic shifts.
To reduce threat and make safe networks a reality, innovative solutions are required. Attila has spent the time to develop a government-approved hardware VPN to protect businesses or agencies of any size, with any number of workers.
GoSilent: Attila for Cybersecurity
Attila was started by cybersecurity experts. Their approved product set has been approved by the federal government for use at top level security clearances. This impressive milestone represents the value that government agencies are placing on sophisticated security. Attila provides plug and play options, like the GoSilent Cube. GoSilent is a hardware VPN that can provide both outside-in and inside-out security solutions. Contact Attila to learn more.