Every third Thursday of each quarter, ‘Know Your Customer’ Day is held. The day transcends all industries, aimed at businesses and designed to serve as a reminder of how important it is to take the time to understand your customer.
In the cybersecurity industry, it is equally important. When it comes to knowing the ‘customers’, it is predominantly the users of the network, or the need to support customer and user activities. Information Security Buzz spoke to a variety of technology professionals to gauge exactly what ‘Know Your Customer’ Day means to them and their business, and how it impacts cybersecurity.
Knowing your customers
Rupert Spiegelberg, CEO of IDnow argued that as companies do more online, knowing your customers has become more important than ever before, particularly in the banking sector. “Digital IDs are becoming the new currency, so companies need an easy, trusted and compliant way of finding out who their customers really are,” he explained. “But with diverse, international customer bases, growing regulation and a whole host of other challenges to contend with, doing that is much easier said than done. Online identity verification is a growth market because, from a consumer perspective, it enables customers to ID themselves in a fast, convenient manner on the same device they will use to transact with a particular supplier and from a supplier perspective, it can satisfy local regulation requirements that the potential customer is who they say they are, as well as onboard new customers with ease and speed. In short, knowing your customer technology is building consumer trust and helping make the connected world a safer place.”
Customers in the workplace
Anurag Kahol, CTO at Bitglass cited mobility, flexibility and accessibility as some of the most important words that underpin the requirements of today’s workforce. He continued, “Failure to provide a working environment that supports these requirements can mean the difference between attracting and retaining staff – or being left on the proverbial shelf. The mobile security challenges have been exacerbated in recent years by the rapid uptake of BYOD. These unmanaged or employee-owned devices require access to corporate data, but this increases the risk of sensitive data being leaked, especially if a device is lost or stolen. A further vulnerability is that BYOD devices represent a potential entry point for introducing viruses and malware to the rest of a corporate network.”
When it comes to knowing customers – in other words, employer’s workforce – IT teams must address a real dilemma – how to strike a balance between the security needs of corporate data and how employees want to use corporate data. Kahol continued, “Developments in cloud-based security tools have given rise to a new set of mobile security solutions that means encryption of sensitive data can be extended to whichever popular cloud apps their customers are using – be that G Suite, Office 365, Slack or Salesforce, which means that data is secure regardless of what application a user is accessing via their personal device.”
“The cloud has brought analytics back into the hands of business users, particularly in HR,” stated Liam Butler, AVP at SumTotal, a Skillsoft company. “In the ‘old days’, business analytics tools were shrouded in secrecy and owned by IT and MIS as part of the on-premise ERP system. Analytics are now part of our daily life, being used to enable insightful decision-making and to predict business outcomes. For example, the linking of workforce management data with training data allows manufacturers to predict workforce capacity planning issues in advance of a product launch, train employees prior to manufacturing demand or move shift patterns to meet demand.”
Securing the network
Living in an increasingly networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks. Jan van Vliet, VP and GM EMEA at Digital Guardian discussed that for security analysts, spotting security incidents arising from within their company, which is arguably their own customer base, is particularly tricky because the attacker may have legitimate access. “If the credentials being inputted are valid, the same alarms are not raised as when an unauthorised user attempts entry from the outside,” he explained. “Deploying data-aware cyber security solutions removes the risks around the insider threat because even if an adversary has legitimate access to data, they are prevented from copying, moving or deleting it. What’s important when it comes to insiders, in whatever guise, is to be able to detect malicious or suspicious activity and produce real-time, priority alerts that analysts know must be addressed immediately.”
Todd Kelly, CSO at Cradlepoint agreed, “In order for industries to do more with their business and grow naturally, they have to embrace the cloud. Even with sensitive information on their applications and networks, enterprises can use the cloud without a great deal of risk. By utilising a cloud manager, businesses will be able to monitor and configure capabilities so that one person can manage the SD-WAN, IoT and 5G connectivity and keep users secure while using the network.”
Securing the network is fundamental to protecting the business, and a variety of tools exist to understand traffic flow over a network and to analyse security impacts from that flow. However, despite the capabilities of these tools, attacks and breaches continue to happen. It is time to expand the definition of network profiling to include the riskiest asset on the network: the user.
Nir Polak, CEO at Exabeam emphasised, “Advances in data science, combined with computing power and applied to data already collected within most organisations, can connect the dots and provide a useful profile of network user activity. While data science – i.e. machine learning –has become an overused buzzword, in practice it can provide very useful answers in certain applications. For example, machine learning can discover the connections between seemingly unrelated bits of identities, to create a map of all of a user’s activities, even when the identity components are not explicitly linked.
“Other techniques can create baselines of normal behaviour for every user on the network, making it easier to understand whether each user is acting normally or not. Still other techniques can build better asset models, including which machines are likely “executive assets” and at higher risk of attack. Profiling individual users enables an organisation to understand in great depth and with deep context exactly who is on the network; what they are doing; whether they should be doing it; and what it means to an organisation’s risk and security posture.”
Garry McCracken, VP Technology at WinMagic expanded on this, describing that in a world where IT environments are becoming increasingly virtualised and hyper-converged, the attack surface is significantly expanding. “This means securing the data itself has become a top priority. Enterprises need to take appropriate steps to ensure that sensitive data never appears in the public domain,” he reasoned. “The solution is to ensure protection resides within the data by utilising in-guest encryption with keys that remain under the control of the virtual machine (VM) owner – the enterprise itself. VM-level encryption not only protects workloads wherever they may be within the enterprise infrastructure and beyond. It also delivers a significant number of additional advantages, including making it easy for IT departments to control all aspects of data security. It ensures that data can only be accessed by authorised users, even in the event that a cloud system is breached.”
As the threat landscape continues to expand, it is becoming more important for businesses to know their customers –to help implement the right technologies and embrace new offerings to improve organisations’ security postures.