In the past year, the threat landscape has changed dramatically and as organizations move towards the ‘new normal’, so should their approach to cyber security. In many cases, businesses are moving back from remote working to a more hybrid set-up. One of the threats we expect to be particularly rampant in this new scenario is the risk of insider threats – those originating within the organization’s network. They may be the product of malicious behavior or unintentional human error by anyone from a current or former employee to a consultant or third party.
One factor in this high risk is that sometimes actors are not even aware that they are doing it. For example, a breach could be brought about as innocent by someone using an infected device or document to work remotely in the office or sharing sensitive information with their personal, yet vulnerable, accounts.
How can businesses effectively change their cyber security strategy to adapt to the ‘new normal’?
A hybrid workforce means that many employees will continue to work remotely to some degree, and in many ways, increases the cybersecurity risk for businesses. For example, in this new normal we can expect to see increasingly blurred lines between online activity on corporate and personal devices, with employees accommodating to work remotely and in the office. Therefore, it is important that businesses are making every effort to provide employees with a secure and efficient way to access internal apps in the public cloud or data center – wherever they are. Essentially, they need to establish and enable secure ‘work from anywhere’ practices.
It is also important to educate the workforce to maintain a safe environment for employees and keep cyber attackers away. Employees need to be educated on best practices when it comes to cyber hygiene and adopting a zero trust mindset. As simple as questioning a link that looks suspicious and reporting activity they’re unsure of, it could mean that a malicious actor may or may not be able to access an enterprise’s network. difference between
Organizations should also consider deploying expanded detection and response (XDR) security capabilities that include risk intelligence. This would give them the ability to prioritize threats, predict which malware campaigns to launch against them and pre-emptively improve their defensive countermeasures. Given the massive increase in cyber threats over the past year – at the end of last year our researchers detected 648 threats per minute, a figure that is only set to increase – it is essential to take these pre-emptive measures.
Why is a zero trust mindset important as businesses enter this new phase of working?
Considering the growth in cloud usage we’ve seen over the past year or so, a zero trust mind-set has never been more important. This is where organizations do not trust anyone in terms of security outside and inside their networks. It provides a more comprehensive approach to IT security and network security, allowing them to restrict access control to networks, applications and environments without sacrificing performance and user experience.
For example, our McAfee research showed that enterprise cloud usage increased by 50% between January and April 2020 alone. Although necessary to drive efficient business operations and innovation, increased cloud usage can make it even more difficult for IT teams to identify who can be trusted and who can be trusted within a network if the right security is not in place. This is where a Zero Trust mind-set comes into play, as it allows teams to reduce the risk of their cloud and container deployments, while also improving governance and compliance.
What are the benefits of a collaborative approach to cyber security in keeping businesses safe?
The collaborative approach is by no means a new way of thinking in the security industry. In fact, the industry has a history of sharing threat intelligence and new learnings to prevent criminals from quickly gaining the upper hand – as they regularly collaborate and share their most successful attack methods. . However, as we begin to adapt to the ‘new normal’ and more hybrid work environments, collaboration is no longer an option. 88% of data breaches are believed to be caused by human error – and not just originate in the IT team. Hence, the shared responsibility model has now become a necessity for businesses. The model includes a layered defense in which organizations address each part of the “responsibility stack” individually, yet they all interact together as a complete framework.
While IT must play its part, end users should also watch out for suspicious links, change their passwords regularly and generally follow good cyber hygiene practices. Ultimately, the enabling collaborative approach coupled with the shared responsibility model guarantees greater transparency and accountability, which is critical to ensuring best practice in the industry.
- We present the best Business VPN.