Benoît PETIT
Industrial IT Project Manager
The health crisis has disrupted many habits and made companies more vulnerable to cyber attacks. The introduction of teleworking has been generalised, the management of updates for remote workstations remains problematic, new partially secure collaborative tools are being used, the list is long.
The Club des Experts de la Sécurité de l’Information et du Numérique (CESIN) has published a list of the six major lessons caused by COVID 19. In this article, we propose to come back to these topics in order to make the necessary changes and adopt its organisation accordingly.
You can also find CESIN’s news and publications on their official website.
1) 1) END OF THE FIXED PC AND PART OF THE PRINTERS
« The price difference between a fixed PC and a laptop should no longer be an obstacle to equipping employees who are all potentially mobile. » [CESIN]
Sales of desktop PCs had already fallen in recent years. Companies that had already equipped their employees with mobile hardware were more agile and adapted better during this crisis.
Teleworking employees also had to organise themselves to do without the traditional office printers. CESIN therefore anticipates a reduction in the number of printers on company premises and the gradual end of desktop PCs.
2) INCREASE IN DIRECT CONNECTIONS TO THE CLOUD AND DECREASE IN TRADITIONAL VPNS
« As long as there is a legacy, the traditional VPN will remain, but the meaning of the story is a direct connection to the cloud, which does not dispense with going through proxies and various layers of security, themselves in the cloud. » [CESIN]
The traditional use of the VPN had become established in recent years, but its massive use during confinement has caused problems: saturated bandwidth, insufficient user licences, equipment not correctly dimensioned.
During this health crisis, employees used their home internet connection more than the company’s VPN access. Cloud services today also allow secure access to the company network and more flexible and dynamic services.
The “sense of history” would therefore go towards a decrease in the use of traditional VPNs and an increase in the use of cloud services.
3) GENERALISATION OF STRONG AND MULTIPLE AUTHENTICATION
« The principle of zero trust is more topical than evere principe du zero trust est plus que jamais d’actualité »
« Of course, if mobile users are allowed to connect directly to cloud services without going through the corporate network, strong authentication will have to be widely used for all these services and not just to connect to the VPN. » [CESIN]
The association expresses the need to generalise multi-factor authentication for all services and not only for traditional VPN. Accounts associated with Cloud services are concerned but also personal accounts (Gmail, Facebook, Twitter, Onedrive, etc). Indeed, users have the bad habit of mixing business and personal accounts and also of storing the words of these different accounts in their web browser.
The principles of MFA (Multi Factor Authentication) and Zero Trust (never trust anything inside or outside the network) are more relevant than ever.
4) RETHINKING THE UPDATING OF REMOTE POSTS
PC updates (OS patches, software, etc.) are traditionally carried out when the computer is present on the company’s premises. Since this crisis, these workstations are mostly outside the company and also not permanently connected to its network. How can these tasks, which are essential for the company’s security, be processed and controlled? Traditional VPNs that are already saturated are unable to handle large volumes of updates.
CESIN invites the actors to look into this new issue and to assimilate company PCs to mobile terminals.
5) THINK ABOUT THE SECURITY OF COLLABORATIVE TOOLS
« The crisis has undoubtedly sounded the death knell for traditional central file servers »
« This has resulted in giving much more autonomy to the users, without making them responsible. Indeed, in the previous model, it was the IT team that set up the accesses centrally, whereas in the cloud model, users are delegated the task of organising the shared spaces and securing the accesses. But as simple as it is to share, it is difficult to master the subtleties of access to these shared spaces.. » [CESIN]
The use of collaborative tools, and in particular the use of online file sharing tools, has undergone a metamorphosis: Teams, Slack, TalkSpirit, G Suite, Office 365, eXo Platform, etc. A global and consolidated vision of these uses is necessary as well as the implementation of the necessary shields.
In particular, CESIN calls on companies to equip themselves with “supervision tools as well as complementary tools to search for information leaks on the Web in cases where prevention would not have been sufficient”.
6) THE PLOUGHSHARE (SECURITY OPERATIONS CENTRE) IS BECOMING ESSENTIAL
« Given the very high level of the threat and the fragilities that emerge in periods of transition, it would be dangerous to undermine cybersecurity budgets, which are more necessary than ever to protect business activity. »
« Whether in-house, outsourced or a combination of both, the Security Operation Center is now a key part of a cybersecurity system. »
« It is necessary to rely on a SOC to monitor with vigilance and reactivity what the new accesses and new delegations in the cloud allow, for all populations, administrators, architects, developers and generally speaking, all users. » [CESIN]
This was already established before the crisis. The increase and modernisation of cyber attacks is a major challenge for companies. The risk matrix of large groups now integrates the Cyber risk at the highest level.
With this crisis, with employees and data being scattered, the area of exposure to attacks has increased further. Companies are already heavily impacted economically and cannot afford production stoppages of several weeks as is common with Ransonware attacks.
In conclusion, CESIN calls for increased vigilance and sees a world ahead.
EKIUM has acquired through many years of experience on major projects, particularly for government players in sensitive areas, the expertise, specialists, project management and organisation required to meet the cybersecurity constraints of the industrial systems of vital importance operators (VIOs) and essential service operators (ESOs).
In 2017, EKIUM was a founding member of the first Cybersecurity Collective for Industrial and Urban Systems, ECC4iu, which aims to federate the players in this field. We have thus produced a case study and participated in the reference work “Cybersecurity – Maintenance of Industrial Installations”. The ECC4iU Cluster preceded GIMELEC’s Cyber OT Club, in which we are currently participating.
Our proximity and active participation with the players involved in Industrial Cybersecurity (Siemens, Schneider, Hirschmann, Fortinet, Stormshield, Sentryo, Nozomi, etc.) enables us to provide solutions adapted to the specific and sensitive environments of the industrial sector.
In order to anticipate this next world, as indicated in the CESIN report, it is necessary to put in place from now on an organisation and solutions adapted to these new threats and the new uses of this health crisis.
EKIUM supports you in this process and offers you solutions adapted to your needs. Contact us for more information : contact@ekium.eu
Access our documents : CSR Charter – EKIUM CV