M+E Daily

Dr. Eric Haseltine, chairman of the board for the U.S. Technology Leadership Council, former head of research and development for Walt Disney Imagineering, and former director of research at the National Security Agency (NSA), has taken cybersecurity lessons from all corners of his experience.

And yet he’s never seen the challenges in the past that are present today with securing work-from-home environments.

A follow-up to his 2019 Content Protection Summit keynote address, Haseltine offered a new keynote — “An Update on the Human Dimension of Security” — this time focusing on the unique security challenges of working from home, at the Dec. 8 virtual Content Protection Summit.

In the context of cybersecurity, for those defending against attacks, change, complexity, human nature, all are enemies against keeping attackers at bay, Haseltine said. “It’s always important to get in the head of your adversary, to see how they look at the world,” he added. “Any time you create a new system, you create problems you didn’t have before. Bad guys are the first to spot opportunities with change.”

These issues have come front and centre the last nine months, as work-from-home has become a mainstay for all corners of business, and on the surface, the biggest problems have become very evident: home LANs are not enterprise LANs, with home users less disciplined against threats like phishing, who downloads what, whether or not endpoints are patched, and less-secure routers, mobile and IoT devices.

One of the easiest fixes: supply your staff with work-only hardware, and use self-protecting data systems, Haseltine said.

“If you imagine all the workers in your enterprise working from home, and you imagine … looking at it from a bad guy’s point of view … the good news is attacking everyone working from home doesn’t scale very well,” he added. “The way bad guys are going to look at this is to choose their targets carefully. That means going after the high-value targets, like your CFO or CEO or your systems administrators.”

One problem extending into the home security space is that COVID-19 fatigue has extended into lax cybersecurity practices. People are exhausted from everything today, and that creates problems for home network security, Haseltine said. “If people don’t care about their own life or death, do you really think about cybersecurity?” he said. “People don’t care.” Add on that employees and their families will be negligent and sometimes actively circumvent surface solutions to security that have been employed, and the problem becomes even more clear, he added.

It’s a perfect storm for problems, Haseltine concludes, because CFOs in today’s environment don’t believe it’s a problem worth investing money into, especially considering the fiscal impacts that have occurred thanks to the pandemic, Haseltine said. “This is typically how CFOs look at the world, as a cost to be avoided and minimised,” he said. “And they’re very rarely tech savvy. The last thing they want to hear is give me more money to make home networks secure.”

The solutions: measure and monitor home behaviour with fast feedback, make security tech work hard, so workers don’t have to, involve workers and their familied in identifying problems, and spend your money and time invested in the high-value targets, Haseltine concluded.

Presented by Microsoft Azure, the Content Protection Summit was sponsored by SHIFT, Genpact, Akamai, Convergent Risks, Friend MTS, GeoGuard, PacketFabric, Palo Alto Networks, Richey May Technology Solutions, Splunk, Zixi, EIDR, Cyberhaven and Xcapism Learning.

The event was produced by MESA, CDSA, the Hollywood IT Society (HITS) and Women in Technology Hollywood (WiTH), under the direction of the CDSA Board of Directors and content advisors representing Amazon Studios, Adobe, Paramount, BBC Studios, NBCUniversal, Lionsgate, WarnerMedia, Amblin Entertainment, Legendary Pictures, and Lego Group.