As the COVID-19 pandemic continues, more and more organizations are making the switch to virtual workspaces. Because remote employees rely on their home networks and equipment to do their jobs, this digital transformation poses some hefty security risks.
A new report from Randori, a security consulting company, which surveyed 400 security-decision makers, reveals how cyber security risks have grown during the COVID-19 pandemic. According to the report, three out of four security leaders saw a boost in cyber attacks.
Leaders are struggling to take action against these threats, with 76% feeling that the attacks were unavoidable and agreeing that prioritizing what to patch has become more difficult. Additionally, although 85% said they had a good understanding of their attack surfaces (the various points within a network that a hacker can target), 48% said they are knowledgeable of less than half of their attack surfaces.
According to Scott Ikeda, a senior correspondent for CPO Magazine, a majority of decision makers view their ability to secure their networks’ most sensitive information and minimize reputational damage to their organizations as their top priorities. However, they are unclear about how to create strategies for doing so.
“Randori believes the central problem at present is that security experts simply do not know what is exposed to cyber attacks and what the relative network security risk levels are given this flurry of fairly rapid changes,” states Ikeda in CPO Magazine.
Six Considerations for Building An Effective Cyber Security Strategy
Leading cyber security experts told Information Age there are six ways to create an effective cyber strategy for remote, hybrid, and office-based work.
Leverage communication and teamwork:
Every department within the organization should be involved in ensuring infrastructure security. Furthermore, there should be regular communication over email, video conferencing, and other tools on the topic.
“Once a strategy is created it needs to be communicated to the wider business, ensuring buy-in and understanding. Everyone plays a role in cyber security, especially as employees are often the weakest link in your defence against cyber crime,” said Colin Blumenthal, managing director at Complete I.T., part of Sharp, a B2B product provider.
Analyze the risks and adopt the results:
Rather than simply following compliance-related security procedures, organizations should proactively evaluate possible risks within their networks, work to understand and reduce those vulnerabilities, and figure out how to eradicate them systematically.
“Once you’ve fixed what you’ve found, iterate. Do it until you think you’ve matured your incident response. Then start conducting red team exercises to see how [your team can] respond to a real attack, and again, continue to iterate–probably, forever,” said Kevin Reed, CISO at Acronis.
Build multiple lines of defense:
In today’s age of digital transformation, one line of defense won’t be enough to secure your organization against cyber attacks. You need to consider both internal and external threats to your data.
“Whether it’s through a firewall breach, a stolen password, or a brute-force attack, a comprehensive and therefore effective security strategy should act to also protect the interior network—limiting any data loss or damage and maintaining continuity,” said Rashid Ali, enterprise solutions manager at WALLIX.
Tighten access to critical infrastructure:
Make sure you’re covering all the security basics, whether it’s “patching, implementing regular system updates, or tightening controls over privileged accounts and administrator credentials,” said David Higgins, technical director EMEA at CyberArk. However, you also need to go beyond the basics of security, he added. “Adopting strong privileged access management is a must. This helps prevent lateral movement, contain an attack and limit damage.”
Establish security priorities based on risk and value:
“A data security strategy has to consider all data and prioritise according to the actual risk,” said Chris Waynforth, area vice-president at Imperva. Audit your data to understand exactly what risk it poses; delete high-liability data while retaining only necessary data; and monitor the data in ways that allow you to spot and avert leaks.
Leverage technology to reduce pressure on IT staff:
Implement top-notch technologies that will reduce “the impact of cyber breaches” and make your IT employees’ jobs easier, said Ian Pratt, global head of security for personal systems at HP.
Cyber Training Solution for Your Organization Offered by IEEE
It’s more critical than ever to find and keep the right people with the right skills to ensure your organization is safe from cyber attacks. It’s also critical to keep your existing team trained on the latest scenarios, threats, and tools. IEEE has partnered with ISACA to provide the Cybersecurity Nexus (CSX) Training Platform and CSX Cybersecurity Practitioner (CSX-P) certification to organizations, adding to its portfolio of training offered to professionals working to keep organizations secure from cyber attacks.
Learn how you can build critical technical cybersecurity skills with access to this affordable training solution.
Hurst, Aaron. (16 April 2021). Creating and rolling out an effective cyber security strategy. Information Age.
Scott Ikea. (19 March). Cybersecurity Programs Struggling To Keep up With Attack Surfaces, Risk Priorities in Pandemic Conditions. CPO Magazine.