Man or machine? Cybersecurity in the new normal
The COVID-19 crisis, which prompted millions - if not billions - of people to participate in a worldwide experiment with remote work, has radically accelerated a process which, in many senses, was already well under way.
Looking at the growth in remote work over the decades preceding COVID-19, and where we are now, we can conservatively estimate that the rapid shift to working from home pushed the job market forward by between 10 to 20 years overnight. While that’s definitely an oversimplification of a very nuanced issue, the point remains: things have changed, probably forever, and progress has been made very, very fast.
The issue with things changing so quickly in a nuanced, interconnected environment, is that something that has a big impact on one area of the business landscape sends equally disruptive ripples across the surface of entire industries. Just look at data centre security, for example.
The remote work revolution
In a whitepaper titled The Future of Remote Work released last year, Upwork’s chief economist, Adam Ozimek, revealed some of his findings as the worldwide “unexpected and massive trial run” of a remote economy was rapidly thrown into high gear. He noted that, while remote work was undeniably on the rise during the two decades preceding the COVID-19 pandemic, remote workers still “comprised a relatively modest share of the labor force.” Only 2.3% of 1,500 hiring managers surveyed in Ozimek’s report were overseeing a wholly-remote workforce, and only about 13% of the total workforce was fully remote. Just a few months later, the pandemic raised that figure to around 50%. On the whole - as I’m sure many of us can attest - the worldwide experience with remote work has been a relatively positive one. Survey respondents told Ozimek that “the greatest perceived benefits of remote work include a lack of commute, fewer unnecessary meetings, and reduced distractions at the office,” and “as a result of their experiences during COVID-19, 61.9% of hiring managers say their workforce will be more remote going forward.”
“The data centre industry post-pandemic is certainly facing a few tough challenges,” says Ashley Buckland, a Managing Director at JB Associates. Buckland adds that, “with the new norm for many business sectors to work from home, we can expect to see an immediate strong demand to supply increased capacity,” which he foresees having several knock-on effects, from the rising cost of materials to an impending skill shortage and growing pressure to embrace more sustainable practice.
However, there’s another area of the industry that’s been just as significantly disrupted by the pandemic (and the resultant shift to remote work): security. The combination of higher demand, growth in the remote workforce, a massive proliferation in the number of devices belonging to the Internet of Things (IoT) connected to private networks, and the ever-increasing dollar-value of sensitive data means that cyber security in the data centre industry is facing more challenges than ever before.
Phil Sayer, a Senior Project Engineer at BCN Group, has witnessed the spike in cyber threat as a resume of mass remote work first hand over the past year. “During the height of the pandemic, criminals changed their approach to increase the use of phishing attacks due to the shift from office working to remote working. This meant staff members could no longer quickly check or validate the legitimacy of an email, which in turn opened up a new area of vulnerability for them to exploit,” he explains, adding that, with people working from home, where they would often be surrounded by family and children in particular, “we have seen a surge in social engineering attacks focusing on the children of target individuals. For example, attackers are sending messages to children where they offer to buy them certain items in games such as Fortnite in exchange for running a file on a parent’s computer.”
It’s a level of vulnerability that the data centre industry (and pretty much any other industry where enterprises host their information in the cloud) certainly hasn’t been 100% prepared to meet and, as a result, the breaches and successful cyber espionage campaigns have kept on coming.
“While the firewall actively mitigates threats, it is not immune to successful attacks from bad actors, and once hackers have navigated that protection layer, they can access sensitive corporate and customer data,” says Fredrik Forslund, VP of Cloud and Data Centre Erasure Solutions at Blancco. “Data privacy is a mega trend and high-profile data breaches have become a far too common occurrence.”
In the scramble to meet this newly evolved threat landscape, cyber security teams are leveraging new, more powerful tools - particularly those that leverage artificial intelligence (AI) - in order to neutralise more threats from more sources and manage an ever-expanding amount of data.
Man or machine?
In a recent report, Derek Manky, FortiGuard Lab’s Chief of Security Insights and Global Threat Alliances at FortiNet, highlighted the threats facing the data centre industry and the role he expects AI to have in identifying, containing and neutralising them. “2020 demonstrated the ability of cyber adversaries to leverage dramatic changes happening in our daily lives as new opportunities for attacks at an unprecedented scale,” he says. According to William Dixon, Head of Future Networks and Technology at the World Economic Forum, and Nicole Eagan, CEO at Darktrace, “The battleground of the future is digital, and AI is the undisputed weapon of choice,” both in the hands of cyber security professionals and the bad actors they seek to defeat.
While AI and machine learning are often hailed (by machine learning cyber security companies) as a silver bullet for handingly more and increasingly complex cyber risk, Sayer remains unconvinced. “Machine learning can leverage experience from all users of a particular system stack and/or software to compare known outcomes in all observed contexts, which can help data centre operators better manage their facilities,” he admits, pointing out examples of pattern recognition like “Every time we see pattern X of errors in a system like this, we soon see failure Y” or “Whenever we have periods of X type weather, we see Y changes to consumption patterns.” This technology certainly has value, but Sayer is quick to articulate that, “there is an argument for humans being the most competent when it comes to managing and mitigating risk, and managing facilities safely and efficiently.”
As an example, he holds up government security services, an area where “Over the past 20 years, intelligence agencies have collected staggering amounts of data and applied the most advanced machine learning, facial recognition, voice analysis, gate analysis, etc to this data.” He adds that, “all this has done is drown them in false positive threats and hidden the real ones.”
The answer, Sayer posits, is to recognise the power of the human mind as a threat detection tool. He holds up airport security as another example, particularly the difference between terminal security in both the US and Canada post-9/11 and Israel at the same time.
“Israelis, unlike Canadians and Americans, don't take s--- from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for - not for hours - but 30 or 40 minutes, all hell broke loose here,” said Rafi Sela, the president of AR Challenges, back in a 2009 interview with The Toronto Star. The solution, he went on to explain, was the “Israeli-fication” of airport security - a system which used well-trained humans rather than flashy tech in order to create what Cathal Kelly, a reporter for the Star called at the the time “a system that protects life and limb without annoying you to death.”
Sayer, who definitely possesses a distaste for mincing his words almost as strong as Sela’s, adds: “nearly all modern airport security is useless theatre and, in fact, the most secure airport in the world is also the one with the least technical systems and the most human countermeasures.”
He isn’t the only one with a healthy distrust of high-tech silver bullets. “Businesses can obsess over the software and security solutions they think they need to protect their organisation and its data all they want,” says Forslund. “But those solutions are not a panacea for data security. In fact, fostering a culture of good cyber hygiene through regular data sanitisation practices is just as necessary in data centre security as an organisation’s or cloud provider’s firewall.”
Forslund’s point is that, once the bad actors are past that firewall and inside a network, the damage is already done. He adds that, in an increasing number of cases, the capabilities of that shiny, machine-learning powered, AI-based security software aren’t all that relevant to whether or not a network, and the data inside it, are compromised. “Quite often, what we see is that these data breaches aren’t solely the result of security software vulnerabilities, but rather instances where IT assets like drives and devices have been lost or stolen – including via an internal attack,” he says. “When decommissioning equipment or a whole data centre, sanitising those assets should be top priority. Don’t let those redundant IT assets stockpile and become security risks.”