FF Focus

High-profile cyberattacks, data breaches, and ransomware attacks have dominated the headlines over the past year or so, causing organizations all around the world to review their cybersecurity strategies. For organisations that do not regard cybersecurity as a business investment, the destructive effects of cyberattacks on a company's ability to operate will increase in the future.

The Gartner Security & Risk Management Summit, June 20-21 in Sydney, Australia, delivered sobering revelations about the future of cybersecurity — with the aim of helping security and risk management leaders succeed in the digital era.

Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president, of Gartner, highlighted important patterns in their opening keynote talk. One of these trends was the emerging relationship between Executives performance evaluations and the capacity to handle cyber risk.

Gartner’s experts noted that almost one-third of all nations will regulate ransomware response within the next three years; and security platform consolidation will help organisations thrive in hostile environments.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott told attendees. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”

Gartner recommends that cybersecurity leaders build several strategic planning assumptions into their security strategies for the next two years:

1. Consumer privacy rights will be extended

Privacy regulation continues to expand and the tech analyst predicts it will be extended to cover five billion people, and more than 70% of global GDP. It said organizations should track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

2. By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access

Garter said with the rise of hybrid work, vendors are offering integrated services across web and cloud-application security. The benefit here is tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.

3. Many organizations will embrace zero-trust, but fail to realize the benefits

The tech analyst predicts that by 2025, 60% of organizations will attempt to adopt zero-trust security, a concept that assumes there is no traditional 'perimeter' to the corporate network, so all devices and users have to be regularly re-authenticated. But it said more than half will fail to realize the benefits.

Replacing implicit trust with identity -- and context-based, risk-appropriate trust -- is extremely powerful, said Gartner, but requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits. And not all companies will be successful.

4. Cybersecurity will become key to choosing business partners

Gartner predicts that 60% of organizations will use cybersecurity risk as a "primary determinant" in conducting third-party transactions and business engagements by 2025. Only 23% of organisations monitor third parties in real time for cybersecurity exposure, according to Gartner. But as a result of pressure from customers and regulators, it believes organizations will start to insist on measuring cybersecurity risk, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

5. Ransomware payment legislation will rise

At the moment there is little legislation around when companies can -- and can't -- pay ransomware demands. That could be about to change; Gartner predicts one in three countries will introduce such laws soon. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident-response team as well as law enforcement and any regulatory body before negotiating.

6. Hackers will weaponize operational technology environments to cause human casualties

Attacks on OT -- hardware and software that monitors or controls equipment, assets and processes and is often the brains behind industrial systems in factories or power grids -- have become more common and more disruptive, Gartner said, warning that threat actors will have "weaponized" operational technology environments to cause human casualties by 2025. "In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft", according to the analyst firm.

7. Resilience will be about more than just cybersecurity

By 2025, 70% of CEOs will drive a culture of organizational resilience to deal with threats from cybercrime, but also from severe weather events, civil unrest and political instabilities, Gartner said: "With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative."

8. Cybersecurity will matter for the CEO's bonus

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts, Gartner said. As boards now increasingly regard cybersecurity as a business risk rather than just a technical problem, accountability for cyber risk will shift from the security leader to senior business leaders, it said.

DevOps culture and procedure are critical for enterprises to keep up with the pace of cloud-native software development, especially when code deployments happen multiple times per day. The capacity to construct, populate, and grow cloud apps and infrastructure in real time, frequently through code, offers for extraordinary agility and speed. Security, on the other hand, is frequently left in the dust when things move so swiftly.

The reality is that many businesses have yet to figure out how to effectively secure the cloud. A lack of cloud security knowledge, along with legacy security regulations that do not cover the cloud and a scarcity of cybersecurity expertise relevant to cloud systems, is a problem. And thieves are eager to exploit these flaws: according to a 2021 research, nearly half of the more than 2,500 publicly publicised cloud-related vulnerabilities were discovered in the recent 18 months.

Security must be integrated at every level of the DevOps life cycle, also known as DevSecOps, due to the flexible nature of cloud technology. Any firm that uses the cloud must adopt a DevSecOps approach, which necessitates new security guidelines, policies, procedures, and technologies.

There are two primary goals of DevSecOps-

1. Secure Code  

2. Speedy Delivery

Advances in IT like cloud computing, shared resources, and dynamic provisioning requires application security in every stage, and DevSecOps entails the same.

The Cloud is a Vulnerable Platform
Data breaches are one of the most pressing risks for any company today. The methods employed by attackers to enter cloud settings differ from those utilised in on-premises environments. Malware attacks are rare; typically, attackers take use of misconfigurations and other flaws.

Another important worry is that most firms employ multi-cloud, which might result in a lack of visibility. It can lead to cloud workloads and traffic not being properly monitored, allowing attackers to exploit security flaws. DevOps teams also have a habit of giving people considerably more privileges and permissions than they require to do their jobs, which increases the risk of identity-based attacks. According to studies, identity-based assaults were used in roughly 80% of cyberattacks to compromise legitimate credentials.

Installing cryptominers onto a company's system is another option for attackers to profit from cloud vulnerabilities. Cryptocurrency mining necessitates a significant amount of computational power. Threat actors will employ hacked cloud accounts to carry out this operation and make as much money as possible while draining the company's resources.

Security Shifting to the Left
Protecting the cloud entails safeguarding an ever-increasing attack surface that includes everything from cloud workloads to virtual servers and other cloud-related technology. Attackers are continuously on the lookout for weak points in systems, especially susceptible cloud applications. With more organisations turning to the cloud than ever before to fulfil the needs of a remote workforce, the number of cloud apps available has grown.

Traditionally, security is applied to code as the final step before it is released. When vulnerabilities are discovered, the release is either postponed or the development team is forced to hustle to fix each security flaw while the security team scrambles to review the updates. Shifting security left for DevOps teams guarantees that vulnerable code is found as it is built rather than during the testing phase, lowering costs and resulting in secure cloud apps.

Shift left security is a critical component of the software development life cycle, and getting it correctly should be a top concern. Organizations can accomplish DevSecOps and greatly reduce security issues surrounding cloud-native software and application development by incorporating security into the early phases of the development process.

Cloud security that is effective can enable DevSecOps

DevSecOps technologies and techniques can help companies develop a strong and secure cloud foundation. Cloud security requires a unified view of multi-cloud environments and constant intelligent monitoring of all cloud services. That unified visibility must be able to detect misconfigurations, vulnerabilities, and security threats while also giving developers and DevOps teams with actionable insights and automated remedies.

Additionally, it's critical to have the correct security policies in place that enforce cloud security standards throughout the entire infrastructure to satisfy (or exceed) industry and government regulations. This encompasses everything from multi-factor authentication to general security best practises for all employees, as well as a robust incident response system that guarantees the organisation is ready for an attack.

Up-to-date threat intelligence, on the other hand, should always be at the heart of any good cloud security strategy. Adversaries are continuously devising new techniques to attack the cloud and looking for flaws to exploit. It's critical to have the most up-to-date information about threat actors and their techniques, and then apply it to breach detection. Threat intelligence allows security teams to anticipate attacks and properly prioritise protection, mitigation, and repair in order to avoid them. DevSecOps provides enterprises with the prevention, detection, visibility, and reaction tools they need to defeat attackers by delivering all of this functionality from and for the cloud.

Following the European Council and Parliament's provisional agreement on networks and information systems, called NIS2, Europe has moved closer to new cybersecurity standards and reporting requirements. The new measures, first proposed by the European Commission at the end of 2020, look to boost the cyber resilience of entities across range of sectors deemed critical for the economy and society.

NIS2 will take the place of the present Directive on the Security of Networks and Information Systems, or NIS, which was adopted in 2016. The new directive establishes tighter criteria — as well as possible consequences, such as fines – for a broader range of industries that must adhere to computer security regulations.

It also aims to minimise "significant differences" in risk management and security reporting requirements among EU member states by adopting uniform criteria for assessing, reporting, and taking action to mitigate cyber risk.

The existing regulations on network and information system security (NIS Directive) were the first piece of EU-wide cybersecurity legislation, and they cleared the way for a dramatic shift in mindset, institutional, and legislative approaches to cybersecurity in many Member States. Despite their remarkable accomplishments and beneficial influence, they needed to be updated due to our society's expanding digitalisation and interconnection, as well as the increasing amount of cyber harmful operations on a global scale.

To address Europe's increased vulnerability to cyber threats, the NIS2 Directive now includes medium and large entities from a wider range of sectors that are critical to the economy and society, such as providers of public electronic communications services, digital services, wastewater and waste management, critical product manufacturing, postal and courier services, and public administration, both at the national and regional levels. Given the increased security threats that occurred during the COVID-19 pandemic, it also covers the healthcare sector more widely, for example by incorporating medical equipment manufacturers. The new standards' expanded reach will assist raise the level of cybersecurity in Europe in the medium and long term by effectively compelling more organisations and sectors to employ cybersecurity risk management procedures.

The NIS2 Directive also enhances the cybersecurity standards imposed on businesses, targets supply chain and supplier security, and holds top management accountable for non-compliance with cybersecurity duties. It intends to harmonise sanctions regimes across Member States by streamlining reporting responsibilities, introducing more tougher monitoring measures for national authorities, as well as stricter enforcement requirements. It will aid in the sharing of information and collaboration on cyber crisis management at the national and EU levels.

NIS2 also sets up a European cybercrisis liaison organization network, dubbed EU-CyCLONe, to help manage large-scale online attacks across Europe, and also to coordinate vulnerability disclosure and increase information sharing and cooperation between government and private sector organizations. Meanwhile, companies that don't comply with the new risk management and reporting rules face fines of up to €10 million or two percent of their global annual turnover, whichever is higher.

Once adopted by the Council and European Parliament, member states will have 21 months to incorporate NIS2 into their national laws.

European Commissioners, for their part, welcomed the agreement. 

"In today's cybersecurity landscape, cooperation and rapid information sharing are of paramount importance," said Thierry Breton, commissioner for the internal market, in a statement. "With the agreement of NIS2, we modernize rules to secure more critical services for society and economy. This is therefore a major step forward."

 

The increased reliance of business on their IT functions means that the cybersecurity sector is required to evolve and grow almost on a daily basis. From single phishing attacks to nation-state attacks used in the midst of the theatre of war, the versatility required from cyber professionals and organisations has never been so imperative, especially with the constant changes in threat landscapes and business operations.

Although not conventionally correlated, the global pandemic has directly influenced complexities in developing robust security architectures. The rise in remote working and the increased preference for cloud-based approaches have ensued major shifts in not just technical advancements, but also in operational.

How has COVID influenced operational arrangements?

The position of CISO has seen advancements in many aspects, from increased salary ranges to restructured hierarchies. With cybersecurity being viewed more as a business risk as opposed to a technological risk, the role of CISO has become fundamental to every business and therefore expanded to include business continuity decisions and liaising with board members for wider business decision making.

As the cybersecurity landscape continues to evolve the more prevalent the CISO is in the overall success of a business, especially considering the shift to more remote working. We have seen an increased requirement for senior cyber professionals to join organisations and begin maturing and building out their internal security functions.

What technological advancements are influencing the cybersecurity landscape?

The biggest driver of change has been the quick implementation of cloud-based services since the onset of the pandemic. This has meant that cybersecurity strategies have too required quick implementation of new and robust procedures and tools to remediate the increased variety in threats.

The increased aggregation of company data into cloud systems means an efficiency and practicality on terms of the client, however the provider becomes a prime target for data breaches and attacks. With the likes of IaaS and PaaS, the responsibility of securing data, user access, applications and operating systems falls under the remit of the organisations and at differing levels, requiring comprehensive plans and strategies to ensure robust security protocols. IAM and PAM requirements are prevalent in job specifications at the moment, simple access practises are no longer acceptable in environments with increase collaboration and remote access requirements.

What does the future of the cybersecurity landscape look like?

Ultimately, the cybersecurity landscape will continue to evolve and develop to coincide with the constant shifts in attack vectors. Organisations will continue to utilise the most up-to-date systems and platforms available and with this leaning more towards cloud-based computing, robust security strategies, functions and tools will become highly sought after.

There are increasing calls for more governmental regulated approaches to cybersecurity and defence, particularly due to recent events in which cyber attacks are being used in the theatre of war.

There is no doubt that cybersecurity will be at the top of corporate agendas in the post-COVID era, it will be interesting what innovations and transformations will come as a result of this.

Cyber security is one of the fastest expanding businesses in the UK and throughout the world, with no indications of slowing down. Cyber criminals are always inventing and adapting in order to find new ways to hack, attack, and steal information online. It's a rapidly growing sector with several opportunities for individuals interested in pursuing a career in it. Cybersecurity professions, like many other technologically focused sectors, are overwhelmingly dominated by males.

The gender gap in cyber security is one that is regularly talked about.

The gender imbalance in the cyber security sector is one of the most apparent irregularities. Women make up just 11% of the worldwide cyber workforce, according to a recent survey from the Women's Society of Cyberjutsu (WSC). Women are sorely underrepresented in cyber security and often don’t see the occupation as a viable option due to a number of factors such as a lack of female role models within the industry, stereotyping and pay gaps.

Many businesses are beginning to see the value of having a gender-balanced workforce, particularly in fast-paced areas like cybersecurity. There are numerous reasons why this is an excellent career choice for women.

We've compiled a list of reasons why women might consider pursuing a career in cybersecurity:

1. Job Diversification

Cybersecurity is not confined to a single type of employment; it comprises a wide variety of positions in many areas and industries. Each area of cyber demands a unique and specialised skill set, from forensics to incident response strategy to counselling large corporations.

Working in cyber is also highly varied in terms of day-to-day responsibilities; with the environment continuously evolving, no two days are same. Multitasking and a great aptitude for problem-solving are required to solve cyber security issues. It is, without a doubt, a fascinating industry to be a part of.

2. Flexibility

One of the greatest barriers women face in their professions is a lack of professional flexibility. Unfortunately, childcare is still primarily the responsibility of women, making strict work environments challenging for women who wish to strike a healthy work-life balance while simultaneously achieving success.

Because most of the work in cybersecurity is done online, many positions lend themselves to flexible working hours and remote work.

3. Financially Rewarding

The cyber security industry is an extremely rewarding career path, especially at the moment where this skillset is in demand. The average salary for a cyber security analyst is around £51,000, with a career in the industry leading to a salary upwards of £70,000.

4. Boost Innovation

It has been established that having a higher percentage of women in the workforce increases team productivity and creativity, both of which are critical in the cybersecurity sector. We can enhance the potential talent pool and build a more strong workforce to meet the rising cyber threat of the upcoming years if we have more women in cyber.

The importance of cybersecurity is increasing. Fundamentally, our society is more technologically reliant than it has ever been, and this tendency shows no signs of slowing. Technology's development and expansion have had a beneficial impact on human existence, but the ease has come at the cost of cyber-attacks. If you utilise a tech device for any reason, you're likely to be a victim of a cyber-attack.

You'll need to be secure, which is where cyber security comes into the equation. Whether you're a person, a small business, or a huge corporation, you rely on computer systems on a daily basis. When you combine this with the rise of cloud services, poor cloud service security, smartphones, and the Internet of Things (IoT), you have a slew of cybersecurity risks that didn't exist only a few decades ago.

The protection of electronic data and information is known as cyber security. It protects electronic systems on devices like as computers, phones, servers, and networks against harmful assaults. It is critical, regardless of who you are, to protect your data from unwanted access.

Cyber-security is at an all-time high, and we must all do our share to be protected. Everyone has a role to play. This does not imply that everyone should become a cybersecurity specialist; rather, we must raise awareness of the threats that your users encounter so that they are not caught off guard when they are attacked.

Here are some top, simple tips to kep yourself and your business protected against unwanted Cyber Attacks:

• Use a strong and unique password to protect your email

Many of your personal accounts may be accessed through your email, putting you exposed to identity theft.

• Update your software and apps to the most recent versions

Important security upgrades are included with software and app updates to help safeguard your devices from cyber criminals.

• Set up two-factor authentication for your email account

To ensure the security of your data, two-factor authentication is advised for email accounts.

• Password Managers may help you keep your passwords safe

Password managers can assist you in creating and remembering passwords.

• Secure smartphones and tablets with a screen lock

With a screen lock, you can keep your smartphone and tablet safe and add an added degree of protection to your devices.

• Always make a backup of your most essential information

Back up your most valuable material, such as photographs and essential papers, to an external hard drive or a cloud-based storage solution.

The shortage of cybersecurity professionals is nothing new. The unemployment rate in cybersecurity has been at 0% since 2011 – a fact unmatched by any other industry.  According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs worldwide by the end of the year, up from 1 million positions in 2014.

This issue has only been exacerbated by the pandemic. Businesses globally were forced to adopt a remote working model where employees were often working from personal PCs, laptops and phones with limited antivirus software. 

According to IBM, remote working increased the average cost of a data breach by $137,000. Despite these heightened security threats, many businesses are still cutting their cybersecurity budgets as we move through 2021. 

Even with the ever-growing threat of smarter and more advanced security breaches, the security industry is under-resourced to fight hackers. 

What can be done to address this issue? 

Upskill more people

Sounds simple, but giving people the skills needed to fill these roles is the single more effective way to close this talent gap. It’s clear that there isn’t enough talent to fill the roles needed, so businesses, organizations and educational programs need to take responsibility in training people in the skills needed. 

Organizations already have the wheels in motion for this. Massachusetts-based MassCyberCenter is partnering with businesses, academia and the public sector to train new cybersecurity workers to fill the more than 9,000 vacant cybersecurity jobs.

The NYC Economic Development Corporation has launched Cyber NYC, which aims to grow the city’s cybersecurity talent pool through training and education programs. 

The Cyber Innovation Center in BossierCity, Louisiana, plans to broaden its cyber skills preparation to 10 million students and 50,000 teachers in K-12 across the US – building a pipeline of young cybersecurity talent. 

Build a youth movement

Encouraging and nurturing young people to become future cybersecurity experts will ultimately solve the cyber skills shortage of the future. Instilling enthusiasm and excitement around cybersecurity and STEM from an early age will organically grow a new generation of talent. 

Various organizations are doing this already. Girls Scouts of the USA have joined forces with Palo Alto Networks to deliver the first-ever Girl Scout Cybersecurity badges for girls in K-12. 

The National Security Agency has been educating young people in cybersecurity through their GenCyber program since 2014. The NSA’s summer camp, Camp Cryptobot, runs annual cybersecurity camps to build the next generation of cybersecurity workers. 

Focusing on the impact that a cybersecurity professional can have on people, businesses and even nations can encourage young people to become invested in the industry. Framing cybersecurity as a career that helps people, does good and is morally right is something that young people in today’s world are keen to make time for.  

Diversity and Inclusion

Diversity and inclusion are particularly important in the fight against skills shortages. Untapped talent pools exist that often go unnoticed in the recruitment process.

How can the cybersecurity industry tap into neurodiverse talent pools, for example? Autism affects more than one in 100 people which means a huge amount of talent. However, only 16% of autistic adults are in full-time employment, and out of the ones that aren’t, 77% would like to be according to the national autistic society’s research.

The lack of awareness around neurodiversity often acts as a barrier of entry for neurodiverse professionals looking to enter the cybersecurity space. Educating decision-makers in unconscious bias is one way to create a more inclusive hiring process that can open doors for unnoticed talent. 

----

As recruiters in the cybersecurity space, we know too well the need for talented candidates in this space. Do you have a cybersecurity role that you’re struggling to fill? We have a pool of talent that could be the perfect fit for your role, so don’t be afraid to get in touch.  

 

October marks European Cyber Security Month (ECSM) – an annual EU campaign that promotes cybersecurity and provides accurate online security information by sharing good practices. Every year in October, hundreds of activities take place across Europe, such as conferences, workshops, training and webinars, to promote digital security.

Organisers of ECSM provide the knowledge and tools to promote the safer use of the internet for all EU citizens. Since 2012, the ECSM has reached its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.

ECSM 2020 launches with the motto of ‘Think Before U Click’. The month is split into two themes – the first two weeks focus on ‘cyber scams’ and the second on ‘digital skills’.

Kicking off the month with ‘cyber scams’, this theme provided insights on current and potential cyber threats to help businesses and individuals minimise risk. COVID-19 has led to an increase in e-commerce and online payments, which hackers have used to their advantage. The key message of this theme encourages users to have a heightened awareness of cyber scams when conducting online transactions.

The second theme, ‘digital skills’, presents educational activities that inform on internet security. COVID-19 has increased the digitalisation of everyday life, which requires people to be on top of digital trends to remain safe online. The theme covers e-privacy matters such as data protection, cyber bullying and cyber stalking.

For a full list of activities occurring in your region, please check the timetable here. 

 

written by Evangeline Hunt

Looking for a career in cybersecurity? Well you’re in demand - provided you get in there before the robots do.

Oliver Tattersall, head of the German cyber and information security team at Franklin Fitch, believes that the majority of small and medium-sized businesses are vastly underprepared for the threat of a cyberattack and are leaving themselves open to billions of pounds/euros of financial damage. Whether it’s a lack of funding or ignorance that it won’t happen to them, the need for skilled cybersecurity specialists has never been greater.

“There is a distinct lack of awareness of cybersecurity in SMEs,” says Oliver, adding that even if the awareness was there, there is the added complication of finding people with the right skills. “It’s a very candidate-short market at the moment, particularly in cybersecurity, and this is making it very hard to find the right people.”

The potential damage from an attack is huge

Failing to implement the right cybersecurity measures can have a devastating impact on a company that falls victim to an attack both financially and in terms of reputational damage. While allocating funds for appropriate security at a time when many companies are cutting spending is not ideal – the average mid-sized company spends tens or even hundreds of thousands on cybersecurity - the outlay is small by comparison to the damage that could be caused.

So, what cybersecurity-related skills are most in demand and how can potential specialists get the job they want and help these companies stave off an attack?

“Candidates need to be  able to communicate, get stakeholders on board, be hungry for knowledge and have good technical skills,” says Oliver.

Companies need to innovate to attract skilled workers

He is currently seeking to fill an array of cybersecurity roles in Germany, particularly in the areas of embedded security, defence analysts, cyber analysts and risk specialists. While he is quietly confident that eventually he will find the right person for each role, he also believes that German companies need to be prepared to be more flexible if they want to attract the best people. “There are many highly-skilled workers outside of Germany that could add great value to these companies,” he says, adding that now is the time to think outside the box when it comes to recruitment in order to attract the best talent. 

In addition, Oliver believes there is an increased tendency nowadays for skills to cross over. It is harder to draw a line between the infrastructure and software sides, meaning that people with a certain skillset might now be able to carry out other jobs too.

How can AI help?

In the future Oliver believes that some of the pressure on the sector may be relieved by Artificial Intelligence (AI). “AI not only removes the human element, which is itself open to risk and manual error, but it can help to identify data and pinpoint where there’s a possible threat,” he says. 

Already some cybersecurity companies are teaching AI systems to detect viruses and malware by using complex algorithms so AI can then run pattern recognition software. AI systems can also be used in situations of multi-factor authentication to provide access to their users. It is worth pointing out however that while AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insight or understanding of a problem.

In reality, the likelihood is that jobs will change and while some of us may indeed end up working alongside an automated colleague, we will still be needed, but for alternative functions.

Multi-context firewalls - what are they and what do they do? 

Just six weeks into the new year and reports of cyber-attacks are rife in the media. According to IT Governance, a provider of cyber risk and privacy management solutions, several major incidents occurred in January, boosting the total number of records breached to 1.5bn.

Just yesterday, ZDNet reported that the personal information of 10.6 million guests who stayed at MGM Resorts hotels was stolen and posted to a hacking forum this week. Already in February, the servers at the United Nations have been compromised and a quarter of the Iranian internet has been disrupted.

In addition, Christine Lagarde, the head of the European Central Bank, has expressed her concerns about the global implications of cyber-attacks, telling an audience in France that a well-organised cyber-attack on major financial institutions could lead to a financial crisis.

So, what should businesses be doing about this? Cyber security is one of our focus areas at Franklin Fitch and as a recruiter, I am frequently asked by service providers and large enterprises to find people with experience in multi-context firewalls. Quite often when I ask candidates if they have used them, the response is: “what is that? “or “I’ve never heard of it”.

For me personally, a lot of my technical knowledge is gained from in-depth conversations with my candidates about how they use a specific piece of hardware and what benefits it brings. So, if you, like me, are wondering what multi-context firewalls are, read on and find out more.

Cisco ASA supports multiple firewall contexts, also called firewall multimode or multi-context mode. Multi-context mode divides a single ASA into multiple virtual devices, also known as security contexts. Each context operates a single device, independently from other security contexts. In routers, this is similar to Virtual Routing and Forwarding (VRF).   

When would you use multiple security contexts? 

• A network that requires more than one ASA

• A service provider that needs to offer a different security context to each customer

• An enterprise that needs to provide distinct security policies for each individual department or users and require a different security context for each one

When wouldn’t you use multiple security contexts? 

• When VPN Services are required such as remote access or site-to-site VPN tunnels

• If dynamic routing protocols are required

• If QoS is needed

• If multicast routing needs to be supported

• If threat detection is required

Context configuration files  

In multi-context mode, there are three types of configuration files:

• The system configuration – a standard single-mode configuration where the network administrator adds and manages the security contexts

• The admin context – no restrictions and can be used as any other security context

• The context configurations/user context – for each individual security context. They contain the security policies and interface configurations specific only to that context 

ASA Packet Classification  

Packets are also classified differently in multi-context firewalls. In multimode configuration, it is possible for interfaces to be shared between contexts, therefore the ASA must distinguish which packets need to be sent to each context. 

The ASA categorises packets based on three criteria:

• Unique interfaces – 1:1 pairing with a physical link or sub-interfaces (VLAN tags)

• Unique MAC addresses – shared interfaces are assigned Unique Virtual Mac addresses per virtual context, in order to alleviate routing issues, which complicates firewall management

• NAT configuration – if the use of unique MAC addresses is disabled, then the ASA uses the mapped addresses in the NAT configuration to classify packets. This isn’t very common

In certain cases, you may need to assign a unique MAC address to a shared interface in order to alleviate routing issues, which complicates the firewall management.  

Active/active failover 

Multi context mode offers active/active fail-over per context. Primarily forwards for an individual context and secondary for another. The security contexts divide logically into failure groups, with a maximum of two failure groups. There will never be two active forwarding paths at the same time.  

Important to consider 

In order to change from single mode to multiple mode or back, the commands must be done from the command line (CLI) and not via the ADSM GUI interface. When changing from single to multimode, the ASA will convert the running configurations into two files, creating a new system configuration file and an admin context file. The original system configuration file is not saved.   

By default, all security contexts have unlimited access to the ASA resources. Depending on the environment, resource management may need to be configured to limit some contexts that may be starving other contexts. This is done by configuring resource classes when assigning to contexts.  

Final thoughts

Multimode offers advantages in certain situations particularly for service providers or an enterprise with multiple departments that require individual security policies. The requirements should be carefully considered before implementing the solution. However, there are also limitations and whilst the number of physical devices you manage may decrease, the complexity of those device configurations may increase.