Intelligent CIO Europe Issue 38 | Page 36

EDITOR ’ S QUESTION
TIM MACKEY , PRINCIPAL SECURITY STRATEGIST
AT THE SYNOPSYS CYRC ( CYBERSECURITY
RESEARCH CENTRE )
If an attacker attempts to use compromised credentials from within the network perimeter while the employee is remote , that ’ s just as problematic as any unexpected access attempt from a remote location .

Business leaders should be prepared for a

post-COVID world where a portion of their staff will prefer to work remotely and will use their COVID experiences as evidence of effective work models .
This means that a hybrid data security model is going to be required moving forward .
With any hybrid model comes risks that data leakage occurs , not through explicit intent , but through gaps in protections .
Exploiting weaknesses in processes is precisely the playbook of a cyber-attacker .
For example , if a remote worker normally has the ability to access any customer record , does that then mean they have the ability to access all attributes of a customer record or all records ? Does that access also allow for them to potentially modify fields within the record ?
While their normal daily job responsibilities might not involve wholesale access or data modification , any approach that relies upon the good behaviour of an employee is part of the potential attack surface .
If there isn ’ t a ready way to distinguish between normal access patterns for an employee versus those of an attacker , detecting the early stages of an attack is made that much harder .
Tying things back to a hybrid data security model , any behavioural monitoring needs to incorporate an understanding of where the employee is located in order to ensure any access attempts are legitimate .
After all , if an attacker attempts to use compromised credentials from within the network perimeter while the employee is remote , that ’ s just as problematic as any unexpected access attempt from a remote location .
Countering this playbook requires an understanding of where the distributed attack surface exists and from there , creating a threat model focused on data access and not simply application or network boundaries .
Focusing on data access helps evaluate the real impact to the business of any remote worker soft target or opportunistic attack .
A hybrid data security model is going to be required moving forward .
36 INTELLIGENTCIO EUROPE www . intelligentcio . com