8 minute read
ADAPTING TO THE NEW NORM
REMOTE WORKERS ARE FOLLOWING RISKY BEHAVIOR AT HOME AND COUPLED WITH INCREASED PHISHING THREATS, CONTINUOUS AWARENESS PROGRAMS ORGANISED BY A QUALIFIED PARTNER ARE ESSENTIAL, EXPLAINS RANJITH KAIPPADA, MANAGING DIRECTOR AT CLOUD BOX TECHNOLOGIES.
Global and regional threat actors continue to exploit human engineering in order to penetrate an organisation’s cyber defense. Real life impersonation through frequent emails, HTML emailers, embedded links, can trick users into believing that the communication is real and authentic.
Advertisement
Well written messages leverage spontaneous human actions getting users into clicking through calls for action. The tendency of users to follow through calls for action, even if they are on bordering on the edge of plausibility, have got further accentuated in these post pandemic months.
Work at home has isolated remote working teams, with insufficient peers around to seek advice. With teams fragmented, threat actors have further chosen to attack individual workers, through impersonation and other click baits, allowing threat actors to penetrate enterprise defenses.
With increasing vaccination rates, organisations are keen to bring back remote workers and integrate them as hybrid workers or regular office workers. But there are concerns on both sides, that is from security administrators and returning employees.
Recent research by security vendor Tessian indicates that security heads are aware of challenges related to the impact on business once employees come back to the office. 56% of IT leadership believe employees have adopted incorrect cybersecurity behavior while working from home. 54% are worried remote workers will bring infected devices and malware into the office. 1 in 3 employees think they can get away with riskier security behavior when working remotely and 40% employees plan to bring their personal device into the office.
While the device issue is easy to fix, changing remote employee behavior from risky to less risky, requires continuous education and awareness campaigns.
When we use the term insider threat, the usual connotation is a malicious employee working against the organisation. But lack of security awareness coupled with accidental errors by employees on a day-to-day basis, are a much higher occurrence, adding to inside threats. According to research by Egress, 84% of breaches were caused by human error and 74% were caused by employees breaking security protocols.
Email remains the most concerning conduit for 64% of IT leaders. Nearly one-third of IT leaders cite lack of security awareness training as the likely cause of a data breach. Having employees receive continuous updates on the latest phishing scams, social engineering tactics, helps to keep them in a state of vigilance that protects the organisation from email-based threats.
Research from Trend Micro and Osterman Research indicate where organisations are strongest and weakest at stopping phishing attacks resulting in ransomware. One part of the problem is how well organisations can stop attacks that leverage employee communications.
Amongst the most effective ways for organisations to protect against phishing threats is training end users on detecting and addressing phishing and social engineering.
Research has shown that at any point of time, approximately 38% of employees within an organisation, will generally fail a phishing test and, therefore, the real thing. Some organisations approach security and phishing awareness training as a routine once a month or once a quarter.
But the right approach is continual education of users, keeping them constantly updated on latest social engineering tactics, and the importance of their role in the organisation’s security.
On-going events like the Tokyo Olympics are a classic example of how and when phishing attacks will increase, leveraging employee at work interest. This is also the time to increase employee awareness campaigns to a daily basis, showcasing examples of phishing attacks leveraging the theme of Tokyo Olympics.
Another phishing approach followed by threat actors is to leverage the recall of familiar brands, luring users into believing a communication is genuine. According to the latest data from security vendor CheckPoint, Microsoft is the predominant brand used in phishing attacks. DHL, Amazon, Best Buy, Google, are other brands that are most frequently used in impersonation and phishing emails.
An employee facing campaign that circulates samples of these impersonating templates will help to increase the awareness of how threat actors are targeting employees in their day-to-day work. Using a specialised security training partner to identify where and how to begin with employees can help to reduce the lead time and build robust security awareness and security work practices.
THE THREE PILLARS TO A SUCCESSFUL CLOUD STRATEGY
PATRICK SMITH, CTO EMEA, PURE STORAGE, SAYS MOBILITY, CONSISTENCY AND COST CONTROL ARE KEY FACTORS FOR SUCCESSFUL CLOUD TRANSFORMATION.
It’s no secret that cloud now plays a pivotal role in the success of modern organisations. For those looking to thrive, it should be a given. When implemented correctly, cloud should enable smooth business agility, with its scalability and flexible capacity ultimately providing technology services on tap.
Of course, the label ‘cloud’ has now come to mean a whole variety of things, making the term itself rather nebulous. Indeed, clouds now come in many forms, and with a mind-boggling variety of providers and services, it can make the prospect of implementing a and iterating a cloud strategy and the management of data is worth special consideration. Given the importance of an organisation’s data in an increasingly competitive datadriven business climate it’s critical that data is accessible, protected and mobile whatever its mass; managing data easily, consistently and cost effectively in the cloud, as on-premises, is essential.
cloud strategy, and getting it right, both daunting and confusing.
Most organisations already have a cloud strategy which is likely to range from simply running productivity tools in the cloud through having a single public cloud provider, combining public and onpremises cloud and potentially consuming services from multiple cloud providers. Are these environments interoperable? How should an organisation plan on scaling and incorporating different workloads? Do they provide the capabilities to meet business objectives? These are significant issues to take into consideration when developing
Mobility: don’t let your data get tied down
Increasingly, organisations that are adopting modern applications are more
reliant on the individual clouds that house their workloads and data. Using multiple providers in this way can cause issues in relocating data, or subsets of data, from one environment to another. Adopting cloud should facilitate application movement whereby the underlying data simply moves with the application; across Clouds, from Cloud to Co-Lo(cation) or Cloud to on-premises.
Fortunately, mobility is not a myth, and organisations can ensure that they don’t end up with siloed data by opting for providers that have multiple integrations and partnerships. In particular, organisations should ensure they opt for services that integrate seamlessly with the large public cloud providers, such as Microsoft Azure, AWS and Google Cloud.
Adopting Kubernetes allows for enhanced data flexibility by being application centric, allowing an organisation to move the whole app or workload as many times as needed. Making sure that the environment is built for this portability from day-one provides futureproofing. Organisations therefore need to make sure that they have a platform in place that has a dataplane fully integrated into Kubernetes.
Consistency, through hybrid
Organisations will also want to ensure that they achieve a consistent, simple experience. So, you should therefore opt for a single cloud provider, right? Not necessarily. A single provider may have the ability to offer hundreds of different services, but that doesn’t mean all of them are right for every organisation. Going down this route may mean you find yourself ‘locked in’ without the flexibility you are used to and with your data constrained rather than truly enabling your business.
Organisations shouldn’t assume that the public cloud is always the best option for every workload. Ultimately, a ‘cloud best’ rather than a ‘cloud first’ strategy should be adopted — pick and choose the use cases where cloud makes the most sense, but where this isn’t the case, consider keeping applications under your own control, through a hybrid set up. Yet, by having a portion of their infrastructure on prem, organisations don’t need to worry about losing the flexibility that they’ve learnt to love with cloud. Increasingly characteristics of the cloud are available in a hybrid or on-premises environment such as elastic capacity and as-aservice consumption-based commercial models.
Maintain cost control, and avoid technical debt
Cloud, and its inherent scalability is fantastic for business agility and offers the potential for significant savings for the right workloads. However, this scalability can be a double-edged sword. Whilst capacity is available instantly with the “swipe of a credit card”, it can be easy to get carried away, leading to rising monthly bills that are increasingly hard to track. Factor in a multitude of consumers and services across multiple cloud providers, and it’s easy to see how cloud spending can get out of control.
This again is where having a ‘cloud best’ strategy comes into play, and where choosing a hybrid cloud model can allow for the best cost efficiencies. Flexible consumption models should be considered as they allow organisations to pay for use, rather than engaging in the tricky practice of predicting capacity requirements in 18 months’ time. This will position organisations to address changing business demands whilst avoiding excess capacity or unnecessary commitments on spend.
Cloud as a vehicle for growth in an unpredictable world
Ultimately, for organisations to get the most out of the cloud, they need to be proactive rather than reactive in how they use it. This means having a fully developed strategy, making sure you are equipped for multi-cloud up front and not locking yourself out of any potential infrastructure upgrades once a cloud architecture is established. With flexibility built into the architecture, ensuring both optionality and portability, organisations can ensure they are geared for growth and ready for the unpredictability that businesses globally have had to accept.
Wherever it is used or stored, an organisation’s data holds immense value. With the right cloud strategy in place, and having portability as the lynchpin, each organisation can squeeze every last drop of value from its data and use it to gain a competitive edge.
