- Hybrid working between home and office has required a recalibration of how organizations provide secure, productive and digitally enabled environments for their employees.
- A recent study revealed that 78% of employees put data at risk inadvertently.
- What major cyber-security related changes and events can we expect in the cyber landscape over the next 12 months?
Covid-19 introduced a paradigm shift in working culture. The new era of the “hybrid employee” has required a recalibration of how organizations provide secure, productive and digitally enabled environments for their employees.
Security teams are also having to deal with escalating threats to their new cloud deployments, as hackers seek to take advantage of the pandemic’s disruption: 71% of security professionals reported an increase in cyber-threats since lockdowns started.
And this shouldn’t come as a surprise. Working from home under unusual circumstances, users become more distracted, prone to careless behaviour and don’t always comply with corporate security policies. A recent study revealed that 57% of employees insecurely save passwords in browsers on their corporate devices while 21% allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. All in all, it was found that 78% of employees put data at risk inadvertently.
This phenomena simply opens the door for more risk. Threat actors always seek to take advantage of major events or changes for their own gain. Looking to 2021, we should ask ourselves what are the major cyber-security related changes and events that we expect in the cyber landscape over the next 12 months?
Below are my 2021 predictions, and some guiding principles to prevent those potential cyber-attacks:
1. Securing the new normal: the ‘new normal’ is here to stay. A recent Check Point survey found that half of all respondents believed that their organizations will not return to pre-pandemic norms for at least the next two years.
Addressing the new normal means securing “hybrid employees” that work both from home and from office and require secure access from any location and any device, securing hyper-distributed enterprise applications that reside everywhere including traditional data centers and the cloud, and lastly, securing emerging IOT devices and networks.
This will require organizations to recalibrate their cybersecurity approach around three main elements: Securing their networks; cloud environments and applications; and lastly, securing employees – wherever they are. Automation, consolidation and prevention will top CISOs agendas to stop advanced attacks spreading rapidly across organizations, and exploiting weaknesses to breach sensitive data.
2. COVID-19 and Vaccine related phishing campaigns: Pfizer, Moderna, the Russian vaccine – all those announcements carry a huge promise to society. But a COVID-19 vaccine, will not stop hackers from utilizing vaccine developments in phishing campaigns. The pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
3. Mobile applications security threats: Many of us are not aware how much of our personal information is being used by apps and devices demanding broad access to our media files, contacts and more. Yes, even your smart speaker knows your music habits by now.
This problem has been magnified with patchy COVID-19 contact-tracing apps that have been rush-released with privacy problems, leaking data about individuals. With remote employees prone to careless behaviour, mobile malware targeting users’ banking credentials and committing click-fraud on adverts is still a significant and growing threat.
Recent research by IDC predicts that “Organizations must also be prepared to mitigate the additional cyber risks associated with workers remotely accessing enterprise resources over unmanaged networks (e.g., home networks, public hot spots) and from unmanaged devices.”
The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.
Platform activities focus on three main challenges:
Strengthening Global Cooperation for Digital Trust and Security – to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future – to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.
The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.
For more information, please contact us.
The new hybrid employee and the above predictions require us to recalibrate how we secure our work. To meet this new reality, below are 3 guidelines organizations should consider:
Complete, consolidated protection
Today’s enterprises are hyper distributed with applications residing everywhere and users connecting from anywhere. To deliver complete protection across datacenters, perimeters, cloud, mobile, endpoint and IOT, organizations frequently implement multiple cybersecurity solutions.
As a result, they are frequently left with a costly, patchwork security architecture. Adopting a consolidated security approach will help businesses realize complete, preemptive protection against the most advanced threats while achieving better operational efficiency.
Complete protection also means that your security solutions will have to address all potential attack vectors as cyber criminals become more and more sophisticated.
Real-time prevention is the key to protecting our organizations and employees from zero-day cyber-attacks. Organizations will have to deploy pre-emptive user protections to eliminate threats before they reach the users regardless of the user activity.
Employee awareness and education
The human factor may sometimes represent the weakest link even when all the technology stack is there. Organizations will have to invest in employee awareness and education. These measures should include testing employee skills in detecting phishing emails, training on how to avoid social engineering attacks and reiterating corporate data and security policies.