The overnight transition to remote working that was enforced when governments imposed stay-at-home orders in March 2020 has exacerbated potential cyber-risk and placed a renewed emphasis on security.
“We have all had to pivot to satellite or hybrid working models and understand and embrace what technology and practices needed to be implemented to protect from ever more intelligent forms of cyber-attack,” says George Ralph, global managing director at technology specialist RFA.
“With the sudden implementation of business continuity planning and remote working following covid, the risk of a cyber-attack was heightened and cyber-risk profiles have changed,” says Alex De Santo, group head of private equity at Crestbridge. “Cybersecurity assessments and testing must be carried out on a frequent and ongoing basis.”
Certainly, it seems attacks are on the rise. External hacking is getting more complex, more professional and highly lucrative. Phishing attacks are by far the most common, and they are getting harder to spot. The other major threat, however, is from inside the business.
“In an office environment, it is easy to spot if someone is unhappy, likely to leave or a possible threat to data and security compared with a scattered workforce,” Ralph says. “We use machine learning and AI as behavioral analysis tools to help firms manage this. If people change their work habits, access files they wouldn’t normally or download documents they wouldn’t usually access, we can report back.”
Growing web, growing vulnerability
Meanwhile, it can be difficult to secure hybrid cloud environments, where data is travelling between the private cloud, user endpoints and the public cloud. Malware and viruses can come in from anywhere – the endpoint, malicious URLs, attachments to emails or the cloud itself. “We also have to consider how systems are integrated with each other,” explains Ralph. “In this environment, hackers are trying to find exploitable vulnerabilities in a firm’s infrastructure wherever they can.”
Indeed, cloud security and endpoint security, which were once seen as separate issues, have merged as the list of devices and endpoints accessing the cloud grows. Meanwhile, identity and access management has moved on significantly in line with the increasing numbers of remote workers accessing corporate resources from a variety of devices.
Many firms now have a zero-trust approach to identity and access management, whereby no access request is trusted and every request from any device or user is checked and verified before access is granted. This ensures the right people have the right access to the right systems in the right context. It utilizes single sign-on and multifactor authentication and allows administrators to enforce unified policies across apps and servers and by groups of users.