4 minute read
CYBER SECURITY
Managing the hybrid workplace — what CISOs need to know
The impact of Covid-19 has rippled through the way we work, socialise, learn and shop forever. On a global scale, a growing number of organisations are embracing remote work as part of a hybrid working arrangement. South Africa is no stranger to this worldwide trend and the restrictions imposed by the pandemic reinforce the certainty that flexibility remains as important today as a year ago.
Advertisement
By Jonathan Fischbein, CISO, Check Point Software Technologies.
What needs to change however, is the approach to cybersecurity. If the beginning was rushed and CISOs (chief information security officers) found themselves having to implement policies on the go, now, more than 12 months on, there is a real need to level up as cybercriminals continue to take advantage of this global shift to exploit organisations and enterprises of all sizes.
The last six months have seen organisations in South Africa being attacked on average 1,537 times a week — almost double the attacks per organisation globally. This is according to the latest Threat Intelligence Report by Check Point® Software Technologies Ltd. a leading provider of cybersecurity solutions globally. As a result, local companies are becoming prime targets for cybercriminals. For IT and security professionals, this shift from identifying and protecting against vulnerabilities for on-premises equipment has evolved to dealing with key threat actors such as employees accessing internal assets from personal devices and remote locations.
One of the key challenges facing organisations in a hybrid work environment is the intensity of cyberattacks rather than the exposure to new vulnerabilities. In fact, Check Point® Software Technologies Ltd. revealed in its 2021 Remote and Hybrid Work Security Report that the top breach and attack vectors since Covid-19 are data infiltration and leakage (55%), phishing
emails (51%) and account takeover (44%), following the shift to remote work. In South Africa, 80% of malicious files have been delivered by email since the start of this year, with 65% of organisations reporting information disclosure as a top vulnerability exploit.
Further to this, IT and security professionals identified scalability (46%), privacy (42%) and supporting BYOD (40%) as the top administration challenges with remote access. As a result, we are witnessing an increase in ransomware, supply chain attacks and zero data attacks. Take for example, the Sunburst attack, believed to be one of the most sophisticated and severe attacks ever seen in the wild, followed by the ‘Hafnium’ (aka Microsoft Exchange server) attack. Locally, credit reporting agency, Experian, disclosed a data breach of personal information affecting 24 million customers last year.
These vulnerabilities cause IT and security professionals – who are faced with the relentless discovery of new exploits – to constantly race to patch and fix the cyber incidents. However, patching external-facing systems is not enough in this new normal. There is now a need for IT and security leaders to protect the ‘soft’ areas such as employees and assets from vulnerabilities, which means securing all endpoints. Allowing cyber criminals the opportunity to take advantage of a weak point can result in serious repercussions. The obligation IT professionals have to secure and protect businesses and assets from cyberattacks may be a huge responsibility but there are solutions to protect the network and infrastructure even with their hands full.
It’s becoming clear that the hybrid workplace is here to stay, so how can IT and security professionals protect their businesses against cyberattacks and potential threats?
• Reinforce education and awareness across the company
With remote work, there are increased risks to security management.
However, IT professionals at the frontline of protecting organisations from cyber threats and attacks should be working together with security leaders to reinforce education and awareness across all company levels.
Regular communication with simple, concise policies and setting up controls to prevent threats is essential to ensuring employees are compliant while generating user awareness.
• Ensure proper security policies and infrastructure
Cybercriminals are fully aware of the timeframe industries can take to identify and remediate; it could take days, weeks, and even months to patch vulnerabilities if organisations don’t have the proper security policies and infrastructure.
Almost half of organisations (48%) consider application protection against cyberattacks and zero-day threats important, therefore ensuring that there are proper security policies and infrastructure in place may alleviate challenges in securing the hybrid work environment.
• Adopt Secure Access Security Edge (SASE) Solutions
With the hybrid workplace taking front and centre stage across many organisations, the important lesson for IT professionals and SOC teams is to leverage unified solutions that will provide valuable protection on multiple fronts.
The responsibility to detect, assess and monitor security threats coupled with several different solutions is never an efficient way to secure business and IT networks. For this reason, Secure Access Service Edge (SASE) solutions aim to bridge the security, management and performance gaps caused by the digitally dispersed workforce.
Most IT professionals (94%) are familiar with the SASE framework, but adoption is slow, with 9% already implementing it and 21% planning to do so. Check Point Harmony Connect has redefined SASE by making it easy to access corporate applications, SaaS and the internet for any user or branch from any device without compromising security. This will ensure businesses are protected against the most advanced cyberattacks from anywhere at any time.
The benefits of SASE adoption mean simpler, more efficient management of potential threats and consistent policies with fast access from anywhere at any given time. This security strategy is in-road to providing that additional layer of protection for your organisation.
The bottom line is that the hybrid workplace will become a part of our everyday life and – as IT professionals and security leaders – it makes sense to consolidate all of your security solutions to ensure that each possible endpoint is secured.
