Cybersecurity in Today’s New Normal
A “new normal” has been established in the blink of an eye. In these uncertain times, the way we live, work and play – the world as we know it – has turned on its head.
Indeed, technology has permeated pretty much every corner of our lives now – video conferencing is the de facto means by which meetings are being conducted and businesses have turned to remote working to maintain operations. Businesses and individuals are leveraging technology to maintain a sense of normalcy during this period. To put things into perspective, on a peak day prior to our current climate, Cisco’s WebEx videoconferencing solution handles 2.1 million meetings on average. Now, that number doubled to 4.2 million. The solution hosted 14 billion meeting minutes in March, more than double the number in February. We are in a state of hyper-connectivity that we have never been in before.
However, there’s no denying that this hyper-connectivity exposes us to a whole new spectrum of cyber risks – after all, the potential attack surface is that much bigger and the potential targets are that many more.
Cybersecurity indelibly left its mark on the world in 2019, and with the current climate forcing the masses online, the coming months are sure to prove no different as cybercriminals go on the hunt for lucrative payouts. The question is how can we stay one step ahead of them?
With that in mind, here are 5 cybersecurity pointers to bear in mind to keep people and businesses secure.
1. Secure the remote workforce
Employees now use a multitude of devices and services – both personal and corporate – to connect to company networks, access data and hold meetings. With entire workforces moving online, more devices equal more risks and this level of hyper-connectivity is bound to attract the attention of cybercriminals.
Modern threats will look to take advantage of this swift move to a remote workforce, and seek to gain access to users' apps and data – whether on their devices they’re using to access corporate resources; via COVID-19 themed malicious domains or phishing attacks; or even by taking advantage of potential security weaknesses in collaboration tools, such as video conferencing services.
If your home network has got multiple IoT (internet of Things) devices such as a smart speaker, smart camera or smart switch on it, it is safer to keep them on separate networks from the one used for office work. Most IoT devices are not regularly patched, for vulnerabilities. Vendors do not secure them properly fearing it will ruin performance and eventually the user experience. So, if a smart camera gets hacked, the entire home network and the devices connected to it can get compromised.
Security needs to be top of mind for all collaboration tools, businesses and employees or businesses will face the prospect of falling prey to cybercrimes.
It is essential for technology providers to ensure the security of their platform before rolling out to the masses – when we’re talking about millions of people, “use now, secure later” is not an option. For example, Cisco’s WebEx videoconferencing platform has security baked into its DNA. Virtual meeting rooms are protected with dedicated IDs to prevent unauthorised access, Man in the Middle attacks are automatically prevented by denying third party proxy access, encrypting all data transmitted and only allowing for in-house transcription.
2. Identity will overrule ‘password’
Indeed, ‘access’ should be the flavour of the month. As everything in our lives becomes digitized and we’re forced to move our personal and professional lives online, we’re now getting used to being able to connect to everything on-the-go at the click of a button. Yet our defences are struggling to keep pace.
Look no further than the humble password – how many of us are guilty of re-using the same one across multiple accounts at work and at home? It’s becoming painfully clear it’s simply no longer fit for purpose.
In today’s “new normal”, ‘Zero Trust’ surpasses buzzword status to widening adoption – where businesses should take steps to critically assess and verify who is connecting to their network from what and where before granting an appropriate level of access in order to reduce their overall exposure to risk. In other words, it’s key to get serious about digital identities.
This takes the form of multi-factor authentication solutions such as Cisco’s Duo Security, or other means like bank tokens, SMS codes or biometrics. The bottom line is that if you want to access an organization’s network, remotely or otherwise, trust needs to be verified – not just at a user level, but also at a device level.
3. Cloud edge will continue to be a key battle frontier
However, it’s not just devices that are increasing risk factors. In order for information and data to be more readily available and easily processed, business back-end infrastructure has also metamorphosed in recent years, with critical applications (the programmes that allow a company to function) being placed in the cloud. This paradigm shift could not have been timelier, given the current need for numerous remote workforces around the world having to access company applications via the cloud.
This is a challenge for security – because where once protecting the four walls of an office was enough to ward off enemies, businesses now have to secure remote outposts (i.e. their cloud edge). Traditionally, this was done by sending everything back to HQ to be verified – but as you might imagine, the more outposts you have, the more unrealistic and costly this becomes.
That said, technology is now evolving to enable businesses to take security to the edge. This is now a crucial battle frontier as companies explore strategies to empower and enable their remote workforces.
Security and privacy cannot be afterthoughts that are bolted on but part of an integrated security strategy that is foundational to your business.
Employees have a part to play in this overall cybersecurity posture too – they have to be vigilant when sharing something online, even if it’s over a Virtual Private Network (VPN), and especially more so if it’s intellectual property or customer information that’s being shared and ensuring that company data is being stored with a trusted source.
4. Ransomware to Run Rampant
Speaking of ‘simplicity’, it’s hard to believe that only three years have passed since the world was rocked by the devastating WannaCry and NotPetya attacks. Yet the reality is that ransomware – considered one of the more primitive forms of hacking – is still causing business leaders sleepless nights. In fact, companies continued to rank it as the largest security risk they were facing in Cisco’s 2019 Asia Pacific CISO Benchmark Study.
What’s more, with the current situation proving to be excellent material to build COVID-19 themed malicious domains or form the basis of phishing campaigns, it’s getting easier for would-be cybercriminals to get paid while evading law enforcement. These campaigns prey on the fears of individuals and businesses, claiming to have hard-to-get emergency supplies, information on government relief measures and even World Health Organization safety guidelines – all more so pertinent and enticing especially so during this period.
To prepare and defend, businesses and individuals alike should scrutinize every email and request received and verify its legitimacy – with the organization or authority in question.
And, if unfortunately, they do succumb to ransomware, work with security vendors and law enforcement to remedy the situation – do not pay the ransom to only fund the criminals’ further endeavours.
Ransomware will continue to be a long-standing security issue – the increased number of people across multiple devices connecting to the internet make the threat surface area that much larger and hence, give cybercriminals a wide playing field to exploit. Ensure that all employees are also made aware of security basics and good cyber hygiene practices. An organization can only be as secure as its least aware or vigilant employee.
5. Complexity to give way to consolidation
The current environment we operate in is littered with threats – so it only makes sense that businesses would do whatever is in their power to protect themselves. Case in point: according to Cisco’s 2019 Asia Pacific CISO Benchmark Study, 41 per cent of companies across Asia Pacific use more than 10 cybersecurity solutions to protect their business (6 per cent use a whopping 50 solutions). Of course, we all also know that there is such a thing as too much.
Companies have traditionally approached building their security capabilities in a piecemeal manner, adopting solutions to address specific challenges one at a time. But while this may help patch individual vulnerabilities, it creates a bigger issue. How do you keep track of everything? And what happens when those solutions don’t work together?
Think about it this way – signing up to 10 credit cards might seem like a financing solution, but it’s going to be extremely difficult to maintain your credit score, let alone ensure you don’t fall victim to extra charges. The more complicated and fragmented the defence, the more likely you’ll run into challenges with visibility, threat detection and remediation.
Organizations should look to consolidate and simplify their cybersecurity solutions to reduce complexity, more so as they empower their remote workforces to ride out the current storm.
Ultimately, their defence systems should act as a team, and learn, listen and respond as a coordinated unit.
Vendors also have a part to play in this consolidation process. The onus rests on them to ensure that security solutions are secure, scalable, comprehensive and integrate easily with other platforms to provide a consistent end-user experience to users, whether they use it in the office or if they use it from home.
Beefing Up your Cyber Defenses
Today’s new normal has forced us to reflect on challenges, opportunities and risks – and cybersecurity should be topping enterprises’ list of priorities as resources shift online and workforces go remote. COVID-19 has hastened the spread of misinformation and everyone is worried to a certain extent. Cybercriminals will not be blind to this and will seek to manipulate the situation for their own benefit - there will be no rest and we should expect to be targeted.
But that’s not to say we can’t rise above and ride out this situation we find ourselves in. In addition to heeding the directives from authorities to minimise contact, socially distance and stay indoors, businesses and individuals alike to come together to shore up our defences and batten down the hatches as we navigate this new reality. We should stay safe and secure, not just from a personal health standpoint, but digitally as well.