See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/351788866

Cybersecurity Mesh

Article · May 2021

CITATIONS READS
0 671

1 author:

Mohammad Ekmal bin Osman

University Malaysia Sarawak
1 PUBLICATION   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Cybersecurity Mesh View project

All content following this page was uploaded by Mohammad Ekmal bin Osman on 23 May 2021.

The user has requested enhancement of the downloaded file.

TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

Cyber Risk Management is to look at what could go wrong - and then decide on the best ways to

prevent or minimize these potential problems. Nowadays, it is becoming an increasingly important

activity within private and government sectors and organizations to be free from any threat and,

more specific, Cybersecurity in today's age. Every day we face risk when we step out of our home,

but how we meet the wager determines the risk. And how we handle or solve the trouble is a crucial

step, and we need a guide on overcoming the issue. We all carry out informal risk management

numerous times in a day without even realizing it for Cybersecurity. Before discussing

Cybersecurity, let us clear the misconception on Cybersecurity or cyber threats and confuse cyber

risk. What is the difference between these concepts and what defines an organization's cyber risk

posture, internal security posture, and the exploitability of threats in the context of organizational

risk? What defines cyber risk? Cyber risk comprises many factors, including compliance posture,

threats, vulnerabilities, reachability, and business criticality. Cyber risk risks financial loss,

disruption, or damage to an organization's reputation from some failure of its information

technology systems in layman's terms.

On 19 October 2020, Gartner released a document titled "Gartner Top Strategic Technology

Trends for 2021". This document mentions the top strategic technology trends for this year, and

there will be nine new trends mention by Gartner and one them is Cybersecurity Mesh. The trend

started due to the COVID-109 pandemic. This has increased the need to work from home. This

situation has created a haven for the cyber attacker and a nightmare to the organization, especially

to the network manager and security manager. Before the pandemic hit us at the end of 2019, we

perceive Cybersecurity by securing or building a parameter around the organization infrastructure,

the office building, the server room, or the data centre. Using this solution, we are heavily

dependent on the hardware side of Cybersecurity to secure the back end of the data centre, like

1
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

using a firewall to secure and monitor the network. And using software also like monitoring

network activity and antivirus to monitor the server, desktop, and laptop from virus attacks. But

when the laptop, mobile devices and Internet of Things (IOT) start to be used in an organization,

there is little change in the policies and how Cybersecurity is checked or monitor in an organization

as the user will be coming back to the office to do the work. The pandemic hit, and the organization

need the staff of work from home, which has brought new challenges and problems.

All over the world, the pandemic has impacted how we do work today. Working from a remote

location or home is the new norm. Laptop users and using mobile devices on the go, all the rules

of engagement need to be updated to accommodate this. Policy-based security needs to be

extended to assets outside the organization. Then we need to check the organization's view on the

employee using the personal laptop to access the system and servers. Bring your device or (BYOD)

policies also need to look at as these assets are not the organization's own, and we do not know the

hardware and if malicious software already infects the machines. When this happens, it makes a

new opportunity for the hackers to gain sensitive data from an organization. As we are moving

forward to this new norm, Cybersecurity has evolved to that mention by Gartner called

"Cybersecurity Mesh". But what is Cybersecurity Mesh?

Cybersecurity Mesh is an approach to help an organization meet with the digital age where the

pandemic has caused a shift to how we work in an organization. With remote working is using

laptops and mobile devices to help the organization still be able to do their business has accelerated

the digitalization of work. Hence security needs to keep with the pace and current time with these

rapid changes. Cybersecurity mesh combines and utilizes the distributed architectural approach to

scalable, flexible, and reliable cybersecurity control. As assets and devices are now at a remote

location or outside the traditional site, we need to have a control mechanism to secure the user

2
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

access using the system and the sensitive data. This will enable the person or anything to securely

access the data remotely while still providing the necessary security and will give peace of mind

to the stakeholder. (Posts & Network, 2021) In America and Europe, working remotely is already

a regular working style. Still, at some point, staff will come back to the office to finish up work

and submit the report or find physical information and meet with stakeholders.

For this research on cybersecurity mesh, we will focus on some journal and article on

Cybersecurity. This research will explain thematically from the start of the COVID-19 pandemic

were working remotely just started to the impact of COVID-19 on the cybersecurity field and

creating the trend of Cybersecurity Mesh. This trend started because of the need to work in a

remote location. And organizations need to push to do the digital transformation in their

organization so the working in a remote area can do work. It sounds easy, but organizations need

to have a platform or method for this. Businesses or organization must adapt how they operate

daily in which working from a remote location or home. Most organizations often neglect the

seriousness of the matter. The reputational, operational, legal, and compliance implications could

increase the cybersecurity risks to the organization. An example of a Cyberattack during a

pandemic is a Flow control Attack, Injection Attack, Information leakage Attack and Denial of

Services (DoS) attack. In traditional Cybersecurity, all of these can be avoided as the user and the

assets are all in a specific parameter, as mention earlier in this paper. But working remotely the

employee or user is in the open to the Working from Home Malicious Cyberthreat. There is a

significant issue to these that is the network used by the user. Using a home network, this network

is an unsecured home network. There is a network that only has the essential security feature

installed by the Service Provider. Is the user antivirus software installed and updated regularly? Is

there a firewall installed in this home or location? All these questions need to be addressed to have

3
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

the overview information to determine the risk need to face when implementing a working from

home or remote location.

The first paper is title Security vs Flexibility: Striking a Balance in the Pandemic Era. This paper

will describe the cybersecurity threats and challenges faced by employee and employer during the

Pandemic lockdown. The COVID-19 pandemic has changed how we do our work. This, in turn,

forces the digital transformation mechanism by the organization so that the business is not affected.

These digital transformations have brought new problems and have increase cybersecurity threats

to the organization. We also must understand the balance needed to have the flexibility of working

offside while having the security to avoid threats. (Soni, 2021)

With the digital transformation, the business's aim was that the company still can continue, and

the staff's productivity would not be affected. The problem is that some mechanism was put in

place without the security in focus in the development. Most employees are not training to

understand the cybersecurity landscape. The limited resource on the employee side to work

remotely will make the employee forget the need to have security as part of the work, to safeguard

the organization's information.

Employees must make do with what they must continue the work at home. Most of the staff do not

have the technical skill to navigate the internet to avoid any risk. With no skill and with the sudden

change of working policies employee was underprepared with the knowledge and tool to start

working remotely. Some of the tools are mechanism set in place by the organization example is

Virtual private network or VPN some employee was forced to use their laptop to install the VPN

in it. One of the most important things that the employee lacks is awareness of Cybersecurity and

how to manage threats in the cyber world.

4
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

Companies also face challenges as the top management must scramble to develop a new policy to

enable the employee to work from home. This creates some issues to organizations that are still

very traditional, especially in government, where the staff needs to be physical in the office to

access the systems. The organization's Cybersecurity only caters the within the parameter of the

company office an intranet-based network to access the system will result in unable to access the

system from home and remote location. These can be solved using VPN. But organizations would

require Cybersecurity Experts to test this method to see the risk, but it was overlooked due to the

urgency of the matter. Risk involves dependency on third-party tools, and using BYOD devices

has high risk as the experts from the organizations do not check these devices. Zoom, a video

conference application widely used during the pandemic to conduct meetings, was targeted by

hackers. These are some of the threats faced in work remotely.

When the global shutdown happens during the pandemic, it has caused a disturbance to the world

economy, affecting the cybersecurity infrastructure. As we observe that it affects the staff and

organization as neither of them, we prepare in this situation. This the perfect environment for the

hackers to attack as the world is still in a panic, and business and government struggle to provide

the necessity. The authors highlight the issues where many organizations fail to see that during the

pandemic we do not prepare to work remotely and the technology we have currently does not

support the flexibility required to the situation. Many fake websites prop up to users looking to

find the information during the lockdown and install a malicious application onto the user machine.

It has been hit during pandemic they are spam emails, malware hidden inside interactive maps,

phishing attack and the most popular is the ransomware attack. Most of these attacks are directed

to the home users meaning that they attacked the employee during their work. They attack home

5
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

uses because they do not have the proper cybersecurity countermeasure at home compared to what

they have at the office.

In the research, the research has used information gathering from the current situation of the

pandemic and the survey conduction to the organization and the staff themselves. The researcher

also suggests new mechanisms that organizations can use to be prepared for the latest anticipated

cybersecurity risks. These are the Phishing Detection Engine and AI-assisted tool to manage and

detect user from entering phishing. It is done by building a database of the website and block in a

tool install in the machine BYOD or machine provided by the organizations to the staff. Of course,

having a Resilient Cybersecurity Framework will help in this situation. This will have the

document on how they manage the threats, the organization's appetite level, and how to mitigate

the threats. And finally, a tool for the staff to report on an incident a Proper Incident Reporting

Tools. This will help to escalate the issues to the cybersecurity team to act on them.

The paper's objective is to show we need to change how Cybersecurity is managed during the

pandemic. This is because the traditional way we are current during that is to secure the parameter

of the organizations is not sufficient. To cope with the global demand for both the employee and

employer side. In this paper, the author shows how unprepared the employee and employer during

the lockdown. With no policies and bare minimum hardware for employees to do their work

accessible to the information is hard is most of the information physical copy bull in the

organization servers. An employee with no technical knowledge and lack of cybersecurity experts

has led to increasing attack dependently because we lack knowledge on Cybersecurity.

The authors frequently mention the importance of Cybersecurity. The stakeholder needs to

acknowledge it, set up a secure network, and gather the experts to manage it. For BOYD devices,

it needs to be configured before able to access the network or system. A standard and approved

6
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

remote access solutions need to be used across the users. The system needs to have multifactor

authentication mechanisms to enable access to the network or application. Time-out sessions need

to be set to prevent unauthorized access. VPN can be used to establish a network to the organization

network to access information. The threats that have been occurred during the pandemic have will

still linger around after the lockdown. The paper also mentions some techniques that can assist

organizations in managing Cybersecurity to find the balance and flexibility of working remotely.

Adaptability is the key during this troubled time. Cybersecurity needs to adapt to the situation and

try for foreseen coming issues. The employee needs to self-aware of their action will compromise

the organization if they are not careful in the cyberworld. The paper mentions that success in

Cybersecurity is not eradicating cyber threats or the coronavirus. Still, it is about making sure that

life can go on despite the challenges posed by the cyber threats or the virus. With the collaboration

between the employees and employers, they must safeguard the flexible work arrangements. This

paper shows the start of the lockdown where the work remotely or work from home and where the

problem starts as the organizations and staff were caught unprepared with the pandemic. It paves

a way to a new trend in Cybersecurity that is the main title of the research, Cybersecurity Mesh.

The second document is an article called The Impact of COVID-19 on Cybersecurity. The first

paper is more of an introduction to the problem where the organization and staff need to find the

balance to work remotely. The second paper shows the impact of COVID-19 on the digital working

environment and the Cybersecurity affected by the digital transformation. The pandemic has

forced the government to imposed restrictions on travel requesting the business to allow their staff

to work from home and increase our depended-on technology. The article states that the increase

in cybersecurity cases is double during the pandemic from 100-150 incident to 350 incident happen

7
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

in Switzerland. This due to working at home that does not have the same security level and

protection from the working environment. (Cyber, 2021.)

Hackers additionally use credential stuffing strategies to access the employees' credentials, and the

stolen information is then bought to different cybersecurity criminals on the dark web. One of the

effects is a severe disruption to an organization that depends on video conferencing platforms like

small businesses and high-volume meeting organizations. Credential stuffing is a type of cyber-

attack where the hackers use formerly stolen credentials of username and password to get

admission to different accounts.

This article explains the problem of COVID-19 on Cybersecurity, as most of the solution, post-

pandemic, is parameter based. And most of these threats have intensified because of the

opportunities that have arisen during the COVID-19 outbreak. The threat landscape is diverse.

Some attack is a high-level nation-funded cyber-attack to cybercriminals trying their luck to during

the chaos of poor security and losing policies to hacktivists fuelling their agenda and new hacker

or script kiddies testing out a cyberattack. The main reason for does spike of attack is the lax

security and policy taken during the pandemic. Mainly because of the BYOD policy where the

staff's laptops or devices are not secure to work remotely. This contrasts with corporate-owned

personally enabled (COPE) devices where these devices have been already being checked by the

security expert machine that had been check by the secret experts are less likely to be hacked.

As mentioned earlier in the first paper and including this article working from home does not

guarantee the same level of cybersecurity environment staff exposed to cybersecurity threats

compared to when they are at the office or the organization headquarters. This causes one of the

significant issues to Cybersecurity is the human factor; humans tend to make mistakes that can

lead to dire consequences. The staff or employees are not to be blamed for all the mistakes the

8
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

business organization needs to be prepared for the cybersecurity risk before working from home.

Working remotely needs proper tools devices that are in place approved by the cybersecurity

experts before organizations implement working remotely. Unfortunately, in an organization,

Cybersecurity has been taking the back seat all over the world. Cybersecurity was not always a

key priority in the fast deployment of remote working capabilities. For example, some companies

do not check the employee devices for standard security protection examples: firewalls, antivirus,

and VPN. This is the objective of the paper to recognize the threat that faces by the employee and

employer. In this article, the author provides an example of how companies and employee can

increase their security. Employees working from home using their personal computers or using the

approved corporate owned, personally enabled or COPE devices should implement essential

cybersecurity hygiene practices. This practice includes having antivirus protection on the device

employees need to have been trained on cybersecurity awareness organization systems to have an

anti-phishing system. In awareness, program employees need to be advised to provide a strong

password for their home Wi-Fi to their email account and system account. Businesses and

organizations need to offer a reliable VPN and only allow VPN access through their system.

Cybersecurity experts or IT experts need to regularly check the back end, meaning the server to

identify weak spots in the server patch periodically and view the logs for suspicious logins. The

company should periodically evaluate cybersecurity risk exposure and determine whether existing

controls are robust enough regular checks for the reviews need to be done. The cybersecurity

frameworks and business continuity and plan need to be updated to consider cyber-attacks in any

scenario.

One of the methods is the zero-trust policy. This article mentions that a zero-trust approach is a

security model where only authenticated and authorized users and devices permitted access to the

9
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

applications and data (Security, 2021). This chapter challenges the concept of access granted by

default, meaning that only a selected staff can access sensitive data. This will reduce information

leaks in an organization. The zero-trust model is because no one or nothing is to be trusted. This

is the approach of the research. For the zero-trust model, history ensures that our equipment system

and any devices connected to its organization network securely access regardless of location. What

is excellent about the zero-trust model is it adopts the least privileges access model strategy and

enforces strict access control into the organization's network and system. The zero-trust approach

is very significant to increase Cybersecurity and reduce the impact. In this way, the paper's

suggested approach prevents access to information that the staff should not have and checks the

identity if hackers have compromised it before giving access to any data. Next is to inspect and

record everything the system needs to register and log any incoming information and any outgoing

information; the log must be reviewed regularly.

The third paper that will be reviewed is called Cyber Security Mesh: What it is and how it can be

used in IT Development? This article defines cybersecurity mesh as a border concept that involves

a broader network of nodes. It consists of designing and implementing and its security

infrastructure that does not focus on building a single perimeter in an organization's office or data

centre but around all the devices or nodes of an IT network but instead establishes a smaller

individual parameter. Ideally, a cybersecurity mesh can be viewed as a centralized ICT security

policy with a distribution on the policy enforcing it. It can be more robust, flexible, and modelled

on network security by safeguarding each node. Network managers and allow only the right person

to login into the system, and the network manager can better maintain and keep a differential level

of access to different parts of a given network to prevent hackers from exploiting a weakness in

10
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

the network. By having this cybersecurity mesh, hackers are unable to infect the other nodes link

in the networks. (Mesh, 2021)

The problem is that the traditional way of Cybersecurity was implemented more on a parameter

base where you try to secure the organization network and the data centre. The system was also

secure in the traditional manner were using a username and passwords to provide access to the

employees. By implementing cybersecurity approaches, we need to reconfigure or change how we

perceive cybersecurity infrastructure ultimately. To solve the issues, it can be developed during

the planning stage of the network and system. It is essential to include the development team to

integrate cybersecurity mesh in their architectural design of the network and the application. The

objective is to establish cybersecurity mesh to be more flexible, robust and modular approach to

network security. This method is to ensure each node to have its parameter meaning the devices

need to be checked by the cybersecurity expert to install the necessary tools like antivirus,

firewalls, and VPN. Zero trust model also benefit in this environment. This is to allow the IT staffs,

network manager to monitor the network and differentiated levels of access through the different

parts of the given network. This is to prevent the hackers from exploiting a given note's weaknesses

to access the border network. If a hacker managed to access a node, it is bound only to that node

and cannot affect the other nodes. This is the significance of Cybersecurity Mesh, where it is ideal

in this environment in working remotely. In traditional Cybersecurity, if the attack manages to

infiltrate the network, the whole network will be affected, but for Cybersecurity Mesh on the

individual is involved in a more isolated incident and manageable by the security team to manage.

Summary

As mentioned by Gartner in their document top tech trends of 2021, it notes that cybersecurity

mesh is one of them. It is indeed a new trend in Cybersecurity as the traditional way of securing

11
TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

one's organization is by putting a very secure perimeter around the organization network or data

centre. This method cannot protect the new norm of working remotely. In today's world, we cannot

secure in that manner anymore, most of the staff work in a remote location or at home. An

organization needs first to acknowledge the need to work from a remote location. By accepting

this, the organization stakeholder sees the importance of this new way of working and address it

by providing the appropriate policies. To find the balance between working remotely and still

having the required protection for outside threats need to be included in the guidelines.

Cybersecurity expert advice needs to be considered for this situation as the impact of not listening

to the direction will cause more harm to the organization operation. Previously the organization

provided all the necessary equipment devices for the staff to access the systems to do the work.

Still, because of the COVID-19 pandemic, as advised by WHO, it is necessary to work from home

with a shortage of hardware. The impact COVID-19 pandemic has changed how to navigate the

Cybersecurity environment. From the traditional way for protecting the organization network and

data centre to protect each node or staff connected to the organization network. This has given rise

to implement the Cybersecurity Mesh where it uses a Zero-Trust model. This need to be adopted

as this model where only authenticated and authorized users and devices permitted access to the

applications and data. This method will increase the security of the nodes as only the right person

can access the sensitive information. The cybersecurity framework needs to include the

cybersecurity mesh into it as it is more flexible and robust to safeguard each of the nodes. But what

are the benefits of Cybersecurity Mesh implement to an organization? It raises the manage security

service providers, focusing on delivering solutions with an integrated approach to the problem. As

working remotely will require the user to access from home, it is hard to differentiate the attacker

from the user. Cybersecurity mesh will implement a new way to identify the user using tools to

12
 TMF6044 – ICT Infrastructure Mohammad Ekmal Bin Osman 20030490

address common weaknesses identifying the user or attacker. This may include using AI to see the

user pattern to determine their identity. All BYOD and COPE devices need to undergo regular

checks by the security team to prevent any malicious application installed in the machines. The

employee also needs to raise awareness of cybersecurity threats as the human factor is the weakest

link in the security chain. With proper tools and infrastructure and enabling policies, cybersecurity

mesh will help to increase the cybersecurity effectiveness and be standard in all cybersecurity

framework.

Youtube Link on Video Presentation: https://youtu.be/V-j5KJVWyTM

References
Cyber, N. (2021). Impact of COVID-19 on Cybersecurity. 1–7.
Mesh, C. (2021). Cybersecurity Mesh : What is it and how can it be used in IT Development ?
Cybersecurity Mesh : Definition. 4–6.
Posts, R., & Network, N. (2021). What is Cybersecurity Mesh ? What is Cybersecurity. 1–10.
Security, Z. T. (2021). a What is the Zero Trust Security model ? How to implement this strategy
with SealPath ? What is the Zero Trust model ? 1–17.
Soni, V. (2021). Security vs. Flexibility : Striking a Balance in the Pandemic Era.
https://doi.org/10.1109/ANTS50601.2020.9342779
Strategy, S., Architecture, S., Recovery, D., Response, I., & Security, I. (2020). Cyber Risk ,
Cyber Threats , and Cyber Security : Synonyms or Oxymorons ? 2–3.

13

View publication stats