In an interview, Popp, whose employer is an offshoot of the giant American defence contractor Raytheon, told iTWire that CISOs were now realising that it was "no longer enough to secure a perimeter within four walls – it’s about people".
"People are the new, true perimeter in this new normal. And it is critical to have visibility into the behaviour of people and data, wherever they are," he added.
Popp oversees the global execution and evolution of Forcepoint’s human-centric cloud security platform, including leadership of all product development, management and innovation across Forcepoint products as well as Forcepoint X-Labs.
The holder of more than 30 patents, he has a master’s degree in Aeronautics and Astronautics from Stanford University, and a BA from France’s SUPAERO. He was interviewed by email.
iTWire: To what extent do you think the recently announced cyber security strategy will help Australian companies become safer online?
Nico Popp: The most significant part of the new Cybersecurity Strategy is the fact that boards will now become responsible for cyber security. For too long, cyber security has been an add-on, a commodity, or a tickbox exercise where regulation required it. If 2020 has shown us anything, it’s that the cyber security of businesses is fundamental to their very existence, as companies have pivoted to remote working.
I truly believe that good cyber security is an enabler for businesses: helping them in their innovation, development and economic growth. Cyber security is not only for the enterprise, so I am encouraged to see the Australian Cybersecurity Strategy including SMEs. As the program grows, the industry must work in concert with businesses to ensure the provision of relevant and appropriate cyber security offerings for smaller businesses – not forgetting it is often these businesses who make up critical supply chains for our largest companies.
By putting cyber security at the heart of every enterprise, in the boardroom, you’re actually protecting the economic and social well-being of Australia. This way, customers and supply chains are protected against data theft, employees are supported in their roles, and businesses’ growth plans are given a solid base from which to grow.
What do you mean by a human-centric approach to cyber security?
The old style of cyber security has been to build walls around our valuable data assets, and layer product upon product to strengthen them. As an industry, we’ve spent US$5 trillion over several decades following this strategy, but despite this, 95% of companies have been breached in some way.
Forcepoint believes we need to turn this paradigm on its head and examine the intersections between people, and data – this is what we mean by human-centric. Threats and technologies continually evolve, but people are the constant.
A human-centric approach looks at the cyber behaviours of all users to uncover any activity which deviates from the norm, and automatically raises the risk level of that individual entity. This has the double benefit of reducing the quantity of alerts that the security professional needs to deal with, as well as allowing the employee to get on with their day job without unnecessary alerts or blockers from the security software.
The approach can be applied to employees, customers and partners as they interact with data and systems, no matter where they are based or which device they are using.
By focusing on individual users’ interaction with data, security teams can better understand, organise, manage and mitigate risk as it occurs. The ultimate goal is to prevent the accidental or malicious use of organisations’ data, while combatting threats from phishing attacks, compromised credentials and other potential vulnerabilities.
Security concerns often keep IT pros awake at night. Courtesy Forcepoint
Why does one need to take this approach particularly during the pandemic and a period of increased working from home? Is it not necessary at all times?
Absolutely! To be honest, we’ve seen the pandemic as an external factor that’s significantly sped up the trends we were seeing anyway. Globalisation, digital transformation, the cloud and workforce mobility were already altering security, and the coronavirus pandemic has become a force factor in accelerating this trend.
Now we’re looking at the majority of enterprise employees working from home, the "edge" of a network is simply the individual. The “branch office of one”, if you like! Millions of workers globally are now remotely connecting not only to corporate networks, but also working with sensitive data in SaaS applications. This creates unlimited possibilities for bad actors to exploit new pathways onto enterprise networks.
For the first time in modern business, CISOs aren't working within templated security programs. They are realising that it is no longer enough to secure a perimeter within four walls – it’s about people. People are the new, true perimeter in this new normal. And it is critical to have visibility into the behaviour of people and data, wherever they are.
According to you, what are the main cyber security threats facing companies in Australia?
Australia has been no exception in the drive for digital transformation, and the Australian Government is consistently ranked among those nations leading the charge for digitisation. Enterprises in diverse industries — manufacturing, retail, hospitality, education, finance — are rapidly digitising their business. The coronavirus pandemic has amplified this digital shift as Australian workplaces quickly transitioned from office-based work to digitally enabled remote working.
However, when you put valuable content into the cloud, you attract attackers. Unfortunately, both nation-state and financially-motivated cyber criminals have been active in targeting Australian Government entities and enterprises, seeking data or valuable IP. A large number of organisations have suffered data breaches in 2020 including Australian universities, the Australian Department of Defence, Lion and Optus.
We know that cyber criminals are becoming more sophisticated, better resourced and more determined in their goals to obtain IP and data. One of the main shifts in thinking which could help Australian businesses is to ensure that light is also shone on internal threats: attackers don’t only come from outside.
A majority of modern breaches happen from the inside – whether these are accidental breaches, employees who have had their accounts compromised by hackers, or even malicious employees. Security teams need to go beyond external threats to look at user’s behaviour as they access data. Ask yourself – do you understand where the critical data is lying, who is accessing it, and what they are doing with it?
What are some of the emerging trends in cyber security both in Australia and globally?
As we’ve covered, digital transformation plus remote working equals an entirely new “edge”. People are the new perimeter. A key trend I expect to see is the adoption of cyber security solutions that can be deployed and managed from the cloud. Gartner’s Secure Access Service Edge is an architecture that aims to do just that, converging security capabilities onto a platform that is cloud-native.
Recognising that humans are the new network perimeter, companies should look to deploy SASE solutions that are capable of monitoring user behaviour. Behaviour is not fixed, and neither are systems, so security solutions will need to dynamically adapt. In this way, they can provide protection based on the context of data usage and the intent of users. This will help to better control user access, especially in dynamic and distributed systems.
At times, many heads need to come together to find a solution. Courtesy Forcepoint
Can you provide some details on your SASE solution?
We recently launched a new suite of cloud-native, data-centric SASE solutions as part of our Dynamic Edge Protection suite, which are designed to reduce security complexity and point product interoperability challenges. It also addresses enterprises’ most critical work-from-home security challenges. It’s a SASE architecture approach that is cloud-first, end-user aware and powered by a converged security platform with unified user policy.
The solution provides full visibility and control of on-premise, site, and remote work facilities. It gives organisations fine-grained control without exposing internal networks, and it frees remote users from having to work differently or suffer slower cloud performance. It also protects internal applications and networks against potentially compromised remote devices and networks while also preventing the loss of sensitive information or intellectual property.
How do you see the threat of ransomware playing out over the next year or so?
Ransomware hackers pivoted some time ago away from consumers to target enterprises, and organisations with large on-premises IT infrastructure, like critical industries, will continue to be targeted. According to the latest statistics report from the Office of the Australian Information Commissioner, the number of data breaches attributed to ransomware attacks increased by more than 150% in the first half of the year as compared to the previous six months.
The switch to remote working will likely increase ransomware attacks as attackers look for security vulnerabilities in remote devices and use social engineering tactics to trick employees working from home into downloading or clicking on malicious content.
It is concerning to see that organisations are paying ransoms which means that they have much to improve in how they store, manage and protect their sensitive data.
The traditional rules-based approach to security is far too reactive and slow to respond when it comes to threats like ransomware. Malicious actors are constantly searching for vulnerabilities and ways into networks, and it only takes one opportunity to give them a way in. A paradigm shift in security is needed towards user behaviour, rather than the threats themselves.
Do you see these ransomware gangs adopting any new tactics — they started using data breaches last year — to force organisations to pay up?
We are going to see data exfiltration and encryption become a standard practice for ransomware hackers. It allows them to further monetise their efforts by selling the stolen data to other cyber criminals and exploit it for future attacks as well. For organisations, ransomware linked data breaches are a worrying trend as mass data exfiltration can cause significant issues with not only with the customers impacted, but also with data protection regulators.
Human-centric cyber security is one approach organisations can adopt to make things like impersonation by threat actors much more difficult. Strong Web and email security solutions are a good first line of defence, but attackers are determined and, with time, will always eventually infiltrate them. By monitoring user activity and movement on an ongoing basis, irregular activity suddenly becomes much more obvious.