The move to fully remote and hybrid working environments, although unprecedented in timing, has been inevitable. A global pandemic, characterised by social restrictions, forced businesses across the world to make a rapid digital transition into online working to keep business operations functioning and staff employed. Like any teething phase, and like most periods of change, it’s meant copious amounts of learning, pivoting, and adjusting, across every business function to determine the best way to move forward.
“The world is moving from a mobile and cloud era to an era of ubiquitous computing and ambient intelligence, and it will see more digitization in the next 10 years than in the last 40 years.” (Satya Nadella, Chairman and CEO, Microsoft).
Whether it’s the news, social media, or industry publications, the “new COVID normal” has paralleled an increase in cyber threats, competing for headlines. An increased reliance on technology, and in particular cloud-based services and remote-access infrastructure has presented myriad new opportunities for cybercriminals, with an expanding attack surface forcing threat actors to pivot, and thus become more sophisticated, causing a rapid rise in the breadth and frequency of cyber threats. Threats have escalated, and organisations everywhere are trying to keep abreast of the adversaries and keep their businesses and data protected and secure with employees accessing sensitive data and systems from outside the office, through the cloud and third-party services, and on a multitude of company and BYOD devices.
Ransomware attacks, phishing and the use of remote access infrastructure and cloud-delivered services have increased in their intensity, with IT departments clambering to expedite the installation, expansion, or upgrades to RDA (remote desktop access) servers, VPN concentrators and remote access routers to meet billowing workforce demands.
The Importance of Cyber Resilient Strategies
A post-pandemic revelation, even though there is uncertainty in the future in many areas, the increase in cyber attacks is unfortunately not one of them. We are going to see more and more cyber risk as we progress along the remote and hybrid working path, and as our reliance on technology becomes even more entrenched. This means enterprises everywhere, of all sizes, need to develop and implement cyber resilient practices in order to combat the inevitable cyber threats.
“Every business process will be impacted by the move to hybrid, and every business function will need to transform. From product development and manufacturing, to marketing, sales, customer service, and facilities, HR, and IT, every business process will need to be adjusted. One area that is of paramount importance is security” (Satya Nadella, Chairman and CEO, Microsoft)
So, where do we start? It’s an evolving space, however there are both short-term and long-term strategies that we can implement in order to stay cyber resilience. From the outset, the zero-trust strategy, recommended by Microsoft and other Infosec industry experts, allows for a mindset that protects businesses from threat actors by assuming a breach.
“At Microsoft, we’ve moved away from a perimeter-based, VPN dependant approach to security and embraced a zero-trust model. This means we do not presume any identity or device is secure on any network – we verify it, and we do so while continuously monitoring network, data and application security in the office, at home and across devices”.
A long-term view looks at instilling cyber resilient strategies such as compulsory training and education, for employees at all levels to stay abreast of the latest cyber threats and trends. Cybersecurity needs to be a priority and cyber awareness, whether it be through password security best practices, or how to spot phishing emails and more in-depth risk management training, may just be a key factor in reducing attacks across the new threat landscape that has evolved over the last couple of years.
Importantly, it all starts at the top, from your Chairman & Board, through to the CEO and ELT, to your Senior & Mid-Management, and then into your frontline. The leadership of your company must make cybersecurity a priority, and they must resist the temptation to delegate and defer responsibilities to tech teams and security personnel. Of course, there must be a team of Infosec and technology experts who are responsible for day-to-day oversight and management, but the leadership must make clear to everyone that cybercrime is an existential threat, and therefore it is a key business priority. Risk committees, BCP, DRP & other tools and frameworks are vital to entrench cybersecurity as a key component of the company culture. As too are your trusted experts and partners outside of the organisation, bringing their own expertise and perspectives, to help guide discussions and to help with decision making and execution. As we enter this new year, there’s never been a more important time to consider your cyber readiness.
My team has developed a free eBook with 6 Practical Solutions for Managing a Hybrid Workforce that can be shared with your teams, colleagues and peers for an in-depth, yet practical look at how we can start to make our workplaces more cyber secure. Download it here.
Keeping businesses protected
Prevention is always better than a cure, and the best defence is to stay safe is to proactively boost your company’s cyber resilience levels to avoid being hit by phishing, ransomware, BEC and other zero-day threats in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all threats, so it’s crucial if your company is using Microsoft 365 or G Suite, to have a third-party email security specialist in place to mitigate the risk. For example, using a third-party cloud email solution like MailGuard.
For more information about how MailGuard can help defend your inboxes, reach out to my team at expert@mailguard.com.au.
What cybersecurity issues are you interested in knowing about? If you have any ideas, don’t hesitate to reach out.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.
