Craig Greenhalgh, Content Analyst at Comparesoft, discusses why the COVID-19 pandemic has increased the need for robust cybersecurity
As we stepped into the new decade, we have been facing challenges which our generation has not encountered before. The stability we took for granted has been taken away as countries have imposed quarantines onto their citizens, preventing them from carrying out their daily activities.
Thankfully, the advancements we made in digital technology over the past decade have enabled numerous industries to continue their activities remotely. Almost nine million people in the UK are working from home, with more joining every day. Time magazine has aptly named this the World’s Largest Work-From-Home Experiment.
The pressure exerted by the COVID-19 induced lockdown has forced businesses to cut any corporate red tape and deliver remote working solutions to their customers as quickly as possible. In only a few weeks, we’ve made a 5-year leap forward in terms of digital progress.
This new sudden wave of digital advancements has helped businesses realize that they are able to maintain their productivity just as high and even lower their operation costs. Huge companies such as Facebook and Twitter will be allowing their employees to work from home permanently.
However, remote working is not possible without the adequate collaboration tools. These include:
– Realtime communication tools such as Slack
– Project management applications such as Trello
– Video-conferencing software such as Skype and Zoom
– Cloud-based applications which can be accessed remotely such as the Office 365 suite
As we can see, all these applications entail multiple employees working together in a single online space to share private and secure information. All these tools have had to be deployed by unprepared businesses in a matter of days.
Remote Working Cybersecurity Risks:
Hastily deployed collaboration tools and VPNs over a non-secure home broadband network are easy prey for hackers. Zoom, a videoconferencing application which has gained significant attention during these times, has been facing numerous challenges. Zoom bombers are unauthorised people joining conferencing calls, having access to all information shared by the genuine attendees. Some security experts have gone as far as saying Zoom is Malware.
Cybercriminals saw the transition to remote working as a huge hacking opportunity. In fact, 71% of security professionals had reported an increase in security threats or attacks since the start of quarantine. The companies and employees who were only introducing to remote working now were the most vulnerable. Rudimentary cyber-attacks such as phishing and malicious websites were reported as the top threats. One vendor observed a drastic increase of 600% in phishing attacks.
Fifty-six per cent of a respondents form a Check Point study reported increasing pressure for providing remote secure access, but the most worrying figure was that 47% of respondents were facing issues with remote employees using shadow IT.
Another weak point in security infrastructure is posed by end-of-life IT systems. As these are not receiving vendor support anymore, they are no longer equipped to defend against new cyberattacks. These are a clear target by hackers and companies might not have the resources to deal with renewals and refreshes under those circumstances.
How SAM Can Mitigate Cybersecurity Risks:
Many of the problems described above are caused due to a lack of visibility and adequate management of the employed software. Whether the applications were already existing or have been deployed to deal with remote working, software asset management is critical in mitigating cybersecurity risks.
Here are the most efficient methods of using SAM to lower cybersecurity risks:
- Security Patching: software asset management tools are able of identifying and flagging in advance IT systems which do not have the latest patch installed and vulnerable to attacks. Having visibility of these items will enable IT administrators to conduct the appropriate patching in order to keep protected against the newest digital threats.
- Identifying Shadow IT: SAM enables technical managers to discover and identify the applications used within an environment. As such, any shadow IT systems which were deployed by select teams within a company can be found. At this point, IT managers can either force the decommissioning of the shadow IT applications, or bring in the applications through the appropriate, secure channels.
- Identifying security threats: software asset management tools can build and access a blacklist. This blacklist typically contains details of applications which are known to be rogue software.
- User permissions: by giving specific users certain permissions for using applications, IT managers can minimize the risk of unauthorized users accessing key information.
- Visibility and employee training: SAM tools hold a comprehensive list of all the details associated to the deployed software. This visibility can be useful to IT managers in the education of employees. As phishing is the most common type of attack in today’s environment, training the workforce to know what software is available and through what channels will be the best method of preventing these types of attacks. Typical security solutions such as antiviruses can do little to prevent these types of ‘social engineering’ attacks. Here software asset management is the most effective way of keeping secure.
Software asset management is an indispensable tool in the secure management of newly and already deployed applications. SAM should not only be viewed from the cost-optimisation point of view, but it should be looked at as a holistic method for managing all aspects of asset management, including security, procurement and license management.