By Steve Durbin, Chief Executive of the ISF
With the pandemic precipitating a rapid acceleration of working from home, the potential attack surface for cyber-criminals has grown enormously. People are working in less secure environments, they are more distracted, and the pandemic has provided cover for countless scams.
Steve Durbin, Chief Executive of the ISF
After a difficult year, many businesses are still adjusting to the new landscape and trying to plan for a brighter future. Cybercrime ran rampant in 2020 with global costs climbing as high as $1 trillion, according to CSIS research. Sadly, with the pandemic dragging on and a fatigued remote workforce that still needs to be properly secured, there’s every chance cybercrime will be an even bigger problem in the months ahead.
Several factors are aligning to create a perfect storm scenario. Organizations that fail to identify and address these looming threats will be at risk from a new wave of cyber-attacks and data breaches. But disaster can be averted with the right action. Seize this as an opportunity to realize digital transformation. By aligning security efforts with business goals, redesigning infrastructure, and securing the edge, organizations can build resilience and chart a course for future success.
Cyber-criminals are Thriving
With the pandemic precipitating a rapid acceleration of working from home, the potential attack surface for cyber-criminals has grown enormously. People are working in less secure environments, they are more distracted, and the pandemic has provided cover for countless scams. The promise of a vaccine is certain to be exploited by unscrupulous attackers and the economic downturn will swell their ranks.
It has never been easier for a would-be criminal to buy an effective crime kit online; they can purchase ransomware complete with technical support. But it would be a mistake to imagine cyber-criminals as loners in their parent’s basements. In reality, organizations are under attack from well-organized, professional, determined groups employing increasingly sophisticated tactics.
Some of the most successful criminal groups are adept at working collaboratively, sharing intelligence, and waiting patiently for the right moment to strike. They may live on your organizational network for months on end, gathering intelligence before making a move.
The Insider Threat is Growing
Contrast determined groups of attackers armed with sophisticated social engineering tactics against those fatigued and stressed remote workers. While the threat of a malicious insider is cause for concern, negligence and plain human error can cause just as much damage. Constantly online and glued to screens, with the boundary between work and home life blurred, it should come as no surprise that people are tired and distracted; mistakes are the inevitable consequence.
Sending an email to the wrong person, attaching the wrong file, or falling victim to a seemingly plausible request that turns out to be a scam, are potential risks for everyone. This kind of vulnerability may be exacerbated by Gen Z moving into the workforce. This next generation coming through has been taught from an early age to share, to embrace technology and to live their lives digitally.
To combat this growing threat, organizations must support remote workers, encourage a healthy division between work and home life, and set out very clear policies on how social media and different kinds of technologies can be appropriately used. Proper education and stringent security awareness training are vital.
Time to Redraw the Battle Lines
Edge computing enables organizations to carry out high-speed processing at the point where it’s required, so processing power can be spread across the extended corporate network to bring data closer to individuals. This boosts productivity, but it also creates a new paradigm for security which has traditionally sought to stem the flow of data. Existing security solutions are unlikely to be capable of addressing the potential digital and physical security weaknesses that edge computing presents.
Third-party cloud providers and the use of personal devices can create blind spots for security professionals. As organizations design a new architecture, they must be cognizant of what’s going on across the extended network. It’s crucial to review potential points of failure and build that into not just resilience planning, but also risk assessments.
This may be a good time to assess investments in digital transformation. Where new systems are deployed on top of old ones, they must be integrated effectively, or new vulnerabilities and attack vectors will be introduced. Make sure that business and security leaders work together in the planning stages of any digital transformation.
Foster Collaboration and Plan Ahead
Ensuring the integrity of assets across an organization isn’t just about correctly configuring and integrating the right technologies, it’s also about supporting your greatest asset: your people. A spirit of collaboration will reap rewards across your organization, and business security alignment is hugely important.
Build awareness internally and work collaboratively with third parties and other organizations. Anticipate what lies ahead, then craft and disseminate response plans that clearly lay out the different roles that everybody will play come the day that a breach or an attack takes place.
Only by working collaboratively can you hope to respond to emerging threats effectively and maintain a high level of service. Build resilience and safeguard business goals, and you will also build confidence among customers, shareholders, employees, and the board.