Artificial intelligence technology could provide a solution to the growing challenge of securing access for remote office workers, without creating unreasonable hurdles to them working effectively and productively.
With the surge in remote working resulting from the global pandemic, organisations are struggling to maintain security of remote access without placing too many impediments in front of staff and ensuring that measures are not circumvented by workers who just want to get on with their jobs.
CyberArk’s Australia/New Zealand solutions engineering manager Andrew Slavkovic said the company was looking at how to enable a remote workforce to work efficiently and securely by restricting access privileges to only those needed.
“That’s a difficult endeavour,” Mr Slavkovic said. “We want to review the ways that we can use something like AI to determine what level of privilege a user will need and then automatically predicting it, so the employee is not in any way hampered in regard to their performance.”
Further, he suggested AI could be used to help prevent security breaches. “We want to use AI more in our product set to determine, based on our past experience, a sequence of actions that could result in a malicious or suspicious sequence of activities, and automatically take action to prevent that from escalating.”
He said a technique for increasing remote access security was to provide users with the minimum level of access privileges required for them to fulfil their role and adjust this in real time.
“We’re talking about providing ‘just-in-time’ privilege as a mechanism and escalating that privilege access as and when required, then stripping it back to the minimum level when it’s no longer needed.
“This can be a quite powerful tool, because if that individual account is compromised, what an attacker can do is very limited. They’ll have to discover another account or another identity that is more important to be able to move laterally within the network to obtain whatever target they want.”
Mr Slavkovic said remote access security had also been boosted through the control framework set out in the Federal Government’s Information Security Manual (ISM). “The ISM control framework has a whole section around remote access. So, in theory, an organisation should have confidence that if they follow the framework, they will have a level of assurance that they’re going to be secure.”
Mr Slavkovic spoke with InnovationAus’ James Riley, with Matt Tett, chairman and managing director of Enex TestLab, as part of the series, Bridging the Cyber Divide.
Mr Tett said the government was changing its approach to ensuring security in government organisations – through audits and certification – to ensure organisations had sufficient policies and procedures in place to be secure. However, many breaches occurred because these policies and procedures were not adhered to.
“Unfortunately, a lot of the incidents that we see occur are because people have circumvented the protocols or the procedures which have been put in in place.
“If security gets in the way, people will generally find a way of circumventing it; and it’s no different whether you’re working in an organisation, whether you’re in a home environment, or whether you’re in a government department.”
Mr Tett said the government had shifted the focus from certifying individual products to certifying organisations. The Australian Signals Directorate has recently revamped its Information Security Registered Assessors Program (IRAP) under which it endorses cyber security professionals to help secure industry and government information systems.
“Having independent IRAP assessors able to go out to agencies and work with the security teams on implementing procedures and policies and standards is very good,” Mr Tett said. “They’re performing due diligence, or an audit, on an organisation to ensure they have sufficient policies, procedures and practices in place.”
However, Mr Tett said the policies, regulations and standards needed to be measurable if they were to be effective. “You can have standards, you can have regulation, but you really need to make sure they’re measurable and actually working effectively. That’s a critical thing.
“You want to measure before and after – measure the benefit of implementing policies and procedures, draw a baseline somewhere, and once you have that baseline, you can measure the maturity of those departments’ and agencies’ security models, rather than just measuring them by the number of incidents that they’ve actually had. It’s better to measure the prevention rather than the cure.”
The Bridging the Cyber Divide podcast series is produced as a partnership between InnovationAus and CyberArk.