Written by Kate Dadlani, Head of Security Advisory Services at Logicalis UKI
Over the last 12 months, remote working models have drastically reshaped our working habits and network security environments, and the pace of digital change has been accelerated by over five years because of the pandemic. Executives now recognise that their businesses need to be digital. Organisations that can successfully achieve rapid digital transformation will inevitably succeed over competitors and find success in the post-pandemic economy.
The pandemic has prompted businesses leaders to shift their operations to adapt to remote working. As the shift to digital transformation continues, unlocking data, building secure business resilience, and establishing strategic relationships with partners who can deliver end-to-end solutions that directly impact top and bottom line, will become essential priorities for business leaders in 2022.
In 2021, ransomware increased in frequency and severity. We saw even more emails that entice you to click on nefarious links. These phishing schemes often used topics with a strong emotional pull, such as COVID-19 vaccinations. In fact, recent National Fraud and Cyber Crime Reporting research found that in 2021, there were over 700 reports from members of the public who have been sent emails purporting to be from the NHS, offering them a vaccine passport. As a result, we saw even more ransomware payloads delivered through phishing.
The reality is cyber terrorism is a trillion-dollar business – and in 2021 it showed no signs of slowing down with cyber-attacks heavily targeting supply chains to cause maximum disruption which has already been the case with the Colonial Pipeline attack earlier in 2021. Politically, a country can be destabilised by supply chain cyber terrorism and has the potential to cause unrest and disrupt the lives of millions. This digital type of terrorism will only continue to grow due to mistakes that will be made because of human error and influence as the world continues to adapt to increased digitalisation and the continuation of the everywhere workplace.
We are only human; we all make mistakes. The same can be said in the cyberspace, with the majority of breaches being as a result of human error. However, organisations can take various measures to reduce the likelihood of human error. It comes down to automating simple and repetitive processes.
Microsoft’s recent trial of their sub-sea data centre had a lower system failure vulnerability rate because there were no humans in the data centre. However, hackers are resourceful and will often be better prepared and one step ahead. Therefore, the focus should also be on having a damage control process in place and anticipating daily threats to outsmart the hackers.
Work flexibility and remote security
Flexibility within employment was a growing phenomenon in 2021, not just in terms of working hours, but also flexibility with the devices you work on. BOYD (Bring Your Own Device) has become even more mainstream. Currently, there are no boundaries. Whether that be somebody using their own device, or one provided by an employer; what controls a company can put on that phone to uphold data security?
You can remotely wipe a person’s device, but what happens to that person’s personal data. It’s hard for IT leaders to decipher what data is personal and what is corporate. Businesses must separate the two to ensure there isn’t any mixing of a person’s personal and professional life. This opens a dilemma: As an enterprise, how do you secure your data and remain compliant? Identity is a new firewall, and we can no longer have a corporate network safeguarding us, its employee identity. Holistic approaches such as zero-trust and patch management will be the key to long-lasting success.
Business Resilience must include Security
Throughout 2021, new digital architectures were created to quickly react to the rapid changes in circumstances during a very challenging time globally. However, now the dust has settled it is important to address any risks or issues that have arisen from this accelerated change. We are seeing an opportunity opening to better define and deploy holistic security technology to remove vulnerabilities and reduce the risk of future attacks.
These insider incidents are likely to be caused by a combination of rapid adoption of remote working and the ease with which data will be moved. As a result, threat defence and employee engagement should be prioritised, and organisations should remember that trust is not a control.
Organisations must continue to adapt their approaches to security and invest in new business models in response to changing economic uncertainty, scattered workforces, and mobile customer expectations. The only effective approach to security and business resilience for the continued remote working enterprise is a holistic, architectural approach – one that is manageable, adaptable, and responsive and developed with the right partner.
2021 has seen a lot of activity within the technology sector as it has had to adjust to the rapid changes in lifestyle as the pandemic continues. This acceleration in digital innovation is widely expected to continue into 2022 as the challenges such as cyber terrorism and security issues persist.