Detect and respond effectively to threats in a remote work environment

Coronavirus hasn’t created entirely new security threats or trends – but it has massively increased the scale and pace of change in ways that were previously unimaginable.

Many businesses have had to make rapid shifts to the cloud and remote working without the time to fully consider the security implications. Occasionally, they’ve even had to loosen or remove security controls to help address capacity constraints that were brought on by the break-neck shift to remote working. 

Now that we’ve moved beyond the initial reaction to the pandemic, many organisations are looking for their longer-term security strategy. The reality is that the changes that were initially planned to cover a few months, may have to become permanent.

David Stark, Security Portfolio Director, BT and Anthony Aurigemma, Vice President Global Security Sales, IBM have been giving their perspectives on how these changes affect organisations.

BT provide security solutions to consumers, governments and businesses across 180 countries, using 3,000 security specialists and 16 security operations centres around the world. Our experience in protecting these customers, critical national infrastructure and our own networks against 4,000 cyber-attacks a day gives them a unique insight on security activity and trends. We’ve been working with customers across the globe to secure the huge changes they’ve had to make to their operations in 2020.

As organisations move beyond initial short-term fixes to fundamental long-term changes to their ways of work, BT is seeing a shift in attitudes, David remarked:
“We’ve increasingly seen that organisations are taking a more holistic view of their security issues, where the impact of Covid-19 needs to be considered one of many challenges for the future, rather than the sole, overriding priority. The impact of the virus has also definitely led to a shift in the way organisations are seeing the value of investing in security, and are focusing on the value and importance of protection over possible cost savings. The crisis has shown that those companies who had invested in comprehensive security strategies were able to more efficiently transition to remote working and are now at significantly lower risk than those companies currently trying to expensively add on security protections.”     

IBM is one of the largest enterprise security vendors in the world and according to Anthony:
“From early on, COVID-19 had a massive impact on how and where we worked. Like many other employers, IBM transitioned its employees to remote work, with nearly 95% of IBMers working remotely. This shift created a changing security risk for organisations as well. From March 11 until May 8, 2020, IBM X-Force observed a greater than 6,000% increase in coronavirus-themed spam^[1], as well as a corresponding increase COVID-19 related malicious domains. These changing threats, as well as the need for many organisations to scale up their use of VPNs and to add support for previously unmanaged devices, meant that security teams needed to look at how they were monitoring networks and endpoints for suspicious activity. Better use of user and device behavioural analytics has helped to offset some of these challenges and allowed organisations to continue to provide access to critical systems and data.

As security leaders shift to a longer-term view of the needs of the business, we are seeing huge interest in adopting a Zero Trust strategy. This approach no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access. The goal here is that this strategy will help organisations to better manage the risks in a distributed environment by providing users with the appropriate level of access to relevant services or data. Many organisations we work with are on their own Zero Trust journey and, by applying better context and data to decision making, security teams can establish clear rules around levels of access and entitlement which can then be scaled out across the business.”

Things to consider in a distributed security environment

Cloud adoption causes changes to how data is distributed and stored. David believes that businesses need to move away from enacting certain security measures because they’re expected to, or as they’ve done in the past:
“In the cloud, tech choices can’t be taken in isolation; it’s not just about solving one problem. Security strategies now need to explore where this tech will fit into the whole - what it will connect to and how – so that they can protect a hugely increased threat surface area.

Cloud security is now an absolutely fundamental part of protecting your business. An organisation that fails to consider how they’ll secure their cloud services, alongside how their employees are accessing data from a much greater range of locations and devices, is at huge risk. As more organisations make the move to the cloud, so do the criminals looking to exploit them too. Ultimately, the challenge is how do you holistically and accurately assess the risks, given the scale and size of the cloud? And then how do you give confidence to the rest of the business that your security is doing enough to protect your most critical assets, wherever they reside?”

Anthony agrees:
“Integrating cloud into your existing enterprise security program is not just adding a few more controls or point solutions. It requires an assessment of your resources and business needs to develop a fresh approach to your culture and cloud security strategy. To manage a cohesive hybrid, multi-cloud security program, you need to establish visibility and control. We always tell our customers to:

• define their future state
• build for and move to the cloud securely
• execute continuous threat management and resiliency.

IBM hybrid cloud software and services help you align your security strategy to your business, integrate solutions that protect your digital users, assets, and data; and deploy technology that can manage your defences against growing threats with AI, all within an open, multi-cloud environment. You can trust that your business is protected no matter what remote platform your employees use, whether it’s Zoom, Microsoft Teams, Slack or others.”

Detecting and responding to threats

BT and IBM work together to help both large and midmarket organisations detect and respond to threats. David and Anthony shared their thoughts on the benefits of the BT and IBM security relationship:

BT and IBM each bring their highly complementary elements to this relationship.

“At BT, we have a huge range of customers, from household consumers and small businesses, through to government entities and global multinationals. Security sits at the foundation of all the services that we provide, and as a result we gain a huge amount of expertise and data on security threats and trends,” said David.

“IBM is one of our most important partners in bolstering our insight and capabilities in security. We have developed a strong, collaborative relationship over a number of years, with IBM playing a big part in the development of our threat management and threat analytics solutions. In fact, we recently undertook a comprehensive review of our suppliers and the security ecosystem as whole, and designated IBM as one of our Strategic Partners. This recognises that IBM are one of the few companies with the portfolio, technology and reputation to support our ambitious growth plans for BT Security.”

BT and IBM are committed to building the right security strategy and strong collaborative relationship.

“BT’s security services provide managed security services incorporating set up, deployment, and in-house management, safeguarding large businesses from malicious attacks,” said Anthony.

“Additionally, BT’s global network of security operation centres monitor the network 24/7 to detect and mitigate cyber threats, and deliver the full management of platforms to include software updates, application patches and access to new products.

Bottom line, organisations need to look closely at their longer-term security strategy. They need to re-think the value in their security investment, and focus on protection, over possible cost savings. It’s never too late to focus on long-term security strategies, and BT and IBM have partnered to provide companies with comprehensive security services designed to help them achieve their goals.”

Learn more about IBM and BT and our security offerings.

• https://www.globalservices.bt.com/en/solutions/topics/make-security-integral-to-your-business
• https://www.ibm.com/security/why-choose-ibm-security
• https://www.globalservices.bt.com/en/solutions/products/managed-cloud-security
• https://www.ibm.com/security/cloud

[1] IBM Institute for Business Value. COVID-19 cyberwar: How to protect your business.