In the first volume of the Spiderman Comics, the shy normal Peter Parker is bitten by a spider and mutates into a superhero with spider powers. Then he is constantly confronted with new challenges and archenemies such as the green goblin or Venom. In real life, too, security experts lurk considerable dangers, as described in the following article by Imbit.
Through various twists and turns of fate, be it corona or a massive cyber attack, everything can change suddenly for a company or an entire society. Peter Parker accepts his challenge and becomes Spiderman. Admins can learn a lot from him about modern work and IT security.
Everyone who has an office workplace has noticed it by now: workplaces are changing. This has not only been the case since Corona, but the pandemic has accelerated this development. A change has also taken place among manufacturers and brands: It is less important which technology is used physically and locally.
Much more important today is the software solution that enables the requirements described above. There is movement in the manufacturer’s market. If the hardware loses importance and the software wins, the market, which only a few manufacturers dominate, also shrinks. We are increasingly replacing locally installed programs with apps and services that can be used regardless of location and device. We are moving our data and processes to the cloud. Everything follows the motto: simpler, more automated, digitized. So far so good.
Cyber security challenge
But while everyone disappeared into the home office, the rapid increase in home and mobile work led to a completely new and heterogeneous IT infrastructure configuration. This includes everything: home internet, personal mobile devices and tools. IT departments all over the world were faced with a challenge of unprecedented proportions: They had to guarantee the highest level of security for this decentralized and partly new cloud IT infrastructure.
The office desk becomes a cloud workstation. The “cloud ecosystem” means expanded and new requirements for IT security. And with it the security for the company. Its sensitive data must always be protected. IT departments have to find new ways to master this balancing act: security for the company with simultaneous decentralized availability of the data for all authorized persons. If that doesn’t work, everyone has a problem.
Cybercrime is a problem for all of society
The German economy suffers a total loss of 223 billion euros every year. Cyber crime alone. This means that criminal attacks, be it theft, espionage or sabotage, set a new record. In 2020/2021, nine out of ten companies (88 percent) were affected by cyber attacks. In particular, cases of extortion have increased massively – combined with the sabotage of IT and production systems and the disruption of operational processes. The name for this type of attack: ransomware attack.
In order to take the changed security risks into account, companies have to adapt and introduce their security concepts to the challenges of the “new normal state”, ie heterogeneous IT infrastructures, remote access management, ineffective physical perimeter security and secure information transfer as well as collaboration in the cloud.
“Never trust and always verify”
The challenges of digitization are hardly technical anymore. Apart from the connection to fiber optics. Because the technical solutions are available. Now it is much more a matter of developing new strategies and integrating them sustainably. Companies have to involve their employees in these change processes, take them with them and go along with them on the new path. In this way they recognize the responsibility that each individual bears, understand the necessity and the advantages and accept the new solutions. The Mindchange is a fundamental change: the principle “My desk, my filing system, my local desktop” no longer applies. This is where collaborative work comes in on a shared, digital platform.
And the following applies: Zero Trust – do not trust any end device across the board, only your login data. This is a powerful first approach to cybersecurity that helps organizations protect the integrity and security of their data and assets outside the perimeter across a range of devices.
The five Spiderman lessons
# 1 Finding allies
And now Spiderman comes into play. The first lesson we can learn from our superhero is: find allies and harness your power. The downside of the collaborative approach is that companies can put everything on a single card with one tool or one service. You must therefore rethink the subject of security. Here, too, the company must educate and sensitize its workforce. This works best with security awareness training courses that are designed to be sustainable and carried out at regular intervals. The result: every team member is on the move with sharpened senses and is therefore part of the company’s human line of defense. IT security is no longer a task solely for IT departments. It is an overall task and therefore the responsibility of each individual. So everyone uses his “superpowers” for the benefit of the community and protects it from great disaster.
# 2 Spider a safety net
A digital office always depends on a stable internet connection. If there are problems with the provider, the speed or the bandwidth, the productivity of a company is reduced. Even in the new normal state of decentralized cloud-based work, the following applies: “No back-up, no pity”. To secure company and project data, companies have to create redundancies. And that brings us to the second lesson we learn from Spiderman: Spider a safety net to catch you if you have problems. So nothing is lost and a complete restoration of the data is possible at any time.
The shift in awareness among the workforce also includes IT employees. Because here too the level of responsibility is growing. Where there were previously role-based admins, i.e. it was clearly defined who is responsible for which areas and at which points the responsibility ends, the administration of the new systems is much more global. A single person thus has many more rights in all areas. Where each individual bears more responsibility, the question of true identity arises.
# 3 Protect your true identity
Identity management has not been a high priority so far. Up to now, corporate solutions were only geared towards access on site and within the company. And “within the company” until recently still meant “in the company building”. And thus in a local network. But this premise is no longer valid. In the post-COVID-19 world, we work from everywhere. We dissolve the physical boundaries between inside and outside the company – and open the door to cyber villains. A study by Gartner has shown that a third of security attacks on corporate cloud infrastructure can be traced back to inadequate role-based access control.
Trustworthy access is now gaining in importance. This is the hour of identity management, the admins’ stepchild. Protect your true identity, therefore, is our third lesson. Because a simple username and a secure password with numbers, letters and special characters are no longer enough – the powers of cyber archenemies are too great. On the other hand, a superpower in IT that has so far been neglected helps: two-factor authentication.
# 4 Sew your own costume
Quick solutions are tempting, but out-of-the-box deliveries make fast, productive work possible. For corporate IT, however, it means always critically reviewing solutions itself. And not to accept the default settings unchecked. A comparison always has to take place here: What requirements, for example in compliance or security, are there in the company? Which configurations have to be made for this? Spiderman doesn’t order a costume either. He makes his own, individual one.
With the change in the workplace and its requirements, i.e. the decoupling of permanent workplaces to virtual work environments, the tasks of IT employees and consultants have also changed and continue to change. Consultants are increasingly acting as “trusted advisers”. Where it used to be a question of which physical work device is the fastest and most effective, it is now a matter of creating a safe environment for the new requirements. And above all to define security guidelines for cloud use, individually tailored to the specific needs of a company. The crux of the matter is the access rights. At the same time, the new security concept must be adapted to the now distributed and different environments and include endpoint, web and e-mail security as well as network access control. However, in order to achieve a higher level of IT security and to increase the maturity of the IT environment, it is important to first create a basis. There is a great need for action, especially in the area of SMEs, in order not to become the target of cyberattacks. And to create a safe, modern, digital work environment together with your workforce. The first step there is: How Spiderman accept the new challenge in order to then grow on it and become a superhero.
# 5 Be aware of your responsibility
The last and most important lesson we learn from Spiderman is this: Great power comes great responsibility. Therefore, always be aware of your responsibility. Because all these measures alone are not enough to stand up to virtual evil. The greatest and most important force lies in each one of us: Responsible behavior as a whole and by each individual is necessary. Everyone is required to handle their login data responsibly, to know and respect the security guidelines of their organization.
When Peter Parker tries to win a wrestling competition with his newly acquired superpowers, he lets a thief run on the way to the arena – because that is none of his business. Far too late he realizes that it was his responsibility to stop him. And to prevent bad things. Each and every one of us can prevent worse things from happening. Provided that the companies create awareness and responsibility for their own actions within the workforce.