Craig McDonald Jan 28, 2022 3:22:19 PM 9 MIN READ

Shifting Threat Tactics and Opportunities in the “New Business Normal”

shifting landscape - 1200x628-01

The move to fully remote and hybrid working environments, although unprecedented in timing, has been inevitable. A global pandemic, characterised by social restrictions, forced businesses across the world to make a rapid digital transition into online working to keep business operations functioning and staff employed. Like any teething phase, and like most periods of change, it’s meant copious amounts of learning, pivoting, and adjusting, across every business function to determine the best way to move forward.

The world is moving from a mobile and cloud era to an era of ubiquitous computing and ambient intelligence, and it will see more digitization in the next 10 years than in the last 40 years.” (Satya Nadella, Chairman and CEO, Microsoft).

Whether it’s the news, social media, or industry publications, the “new COVID normal” has paralleled an increase in cyber threats, competing for headlines. An increased reliance on technology, and in particular cloud-based technology and remote-access infrastructure has presented myriad new opportunities for cybercriminals, with an expanding attack surface forcing threat actors to pivot, and thus become more sophisticated, causing a rapid rise in the breadth and frequency of cyber threats. Threats have escalated, and organisations everywhere are trying to keep abreast of the adversaries and keep their businesses and data protected and secure with employees accessing sensitive data and systems from outside the office, through cloud and third-party services, and a multitude of company and BYOD devices.

Ransomware attacks, phishing and the use of remote access infrastructure and cloud-delivered services have increased in their intensity, with IT departments clambering to expediate the installation, expansion, or upgrades to RDA (remote desktop access) servers, VPN concentrators and remote access routers to meet billowing workforce demands.

The Importance of Cyber Resilient Strategies

A post-pandemic revelation, even though there is uncertainty in the future in many areas, the increase in cyber attacks is unfortunately not one of them. We are going to see more and more cyber risk as we progress along the remote and hybrid working path, and as our reliance on technology becomes even more entrenched. This means enterprises everywhere, of all sizes, need to develop and implement cyber resilient practices in order to combat the inevitable cyber threats.

“Every business process will be impacted by the move to hybrid, and every business function will need to transform. From product development and manufacturing, to marketing, sales, customer service, and facilities, HR, and IT, every business process will need to be adjusted. One area that is of paramount importance is security” (Satya Nadella, Chairman and CEO, Microsoft)

So, where do we start? It’s an evolving space, however there are both short-term and long-term strategies that we can implement in order to stay cyber resilience. From the outset, the zero-trust strategy, recommended by Microsoft and other Infosec industry experts, allows for a mindset that protects businesses from threat actors by assuming a breach.

“At Microsoft, we’ve moved away from a perimeter-based, VPN dependant approach to security and embraced a zero-trust model. This means we do not presume any identity or device is secure on any network – we verify it, and we do so while continuously monitoring network, data and application security in the office, at home and across devices”.

A long-term view looks at instilling cyber resilient strategies such as compulsory training and education, for employees at all levels to stay abreast of the latest cyber threats and trends. Cybersecurity needs to be a priority and cyber awareness, whether it be through password security best practices, or how to spot phishing emails and more in-depth risk management training, may just be a key factor in reducing attacks across the new threat landscape that has evolved over the last couple of years.

Importantly, it all starts at the top, from your Chairman & Board, through to the CEO and ELT, to your Senior & Mid-Management, and then into your frontline. The leadership of your company must make cybersecurity a priority, and they must resist the temptation to delegate and defer responsibilities to tech teams and security personnel. Of course, there must be a team of Infosec and technology experts who are responsible for day-to-day oversight and management, but the leadership must make clear to everyone that cybercrime is an existential threat, and therefore it is a key business priority. Risk committees, BCP, DRP & other tools and frameworks are vital to entrench cybersecurity as a key component of the company culture. As too are you, as trusted experts and partners, to help guide discussions and to help with decision making and execution. As we enter the new year, there’s never been a more important time to speak with businesses about cybersecurity.

My team has developed a free eBook with 6 Practical Solutions for Managing a Hybrid Workforce that can be shared with your teams, colleagues and customers for an in-depth, yet practical look at how we can start to make our workplaces more cyber secure. Download it here, or talk to your Account Manager about how we can work together to educate and support your customers.

Keeping businesses protected  

 

Prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid being hit by phishing, ransomware, BEC and other zero-day threats in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.  

 

No one vendor can stop all threats, so it’s crucial to remind customers that if they are using Microsoft 365 or G Suite, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard. 

 

Talk to us

MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us how we can serve you better. You can connect with us on social media or call us and speak to one of our consultants. 

Australian partners, please call us on 1300 30 65 10 

US partners call 1888 848 2822 

UK partners call 0 800 404 8993 

We’re on Facebook,Twitter and LinkedIn. 

Keep Informed with Weekly Updates