Recently, I came across a report that stated, 375 new cybersecurity threats emerge in one minute which was a head-turner. And now with work done more often outside the traditional office walls, the risks associated with securing your organization’s most important asset – its data – are even higher.
Organizations now face threats from multiple sources and the nature of those threats continues to evolve, rapidly.
- External threats: India faced almost 7 lakh cyber-attacks in August 2020, according to a report by the Ministry of Electronics and Information Technology (MeITY). As per the report, India was ranked third and one of the biggest victims of cyber-attacks in recent years makes it even more critical. Cybercriminals often exploit fear and uncertainty when major world events occur by launching cyberattacks. And the global COVID-19 pandemic was no exception.
- User behavior: End users are working and collaborating in more places, with more devices and sharing more information, sometimes indiscriminately. According to the Remote Work Readiness Index commissioned by Dell Technologies, 85% of India employees had worked remotely before the pandemic and 91% felt prepared to work remotely in the long term. Supporting mobility, connectivity and flexibility are critical to your organization – and even more so when prioritizing their health and safety – but not at the expense of security.
- Limited security resources: There are not enough security professionals to fill knowledge-based roles and address the needs most organizations have. The security industry has historically had a very low unemployment rate, which means that companies have a hard time staffing and retaining key security personnel. For many smaller organizations, staffing a dedicated security individual or team is not realistic within their limited budget, so it often becomes a part-time responsibility and focus.
- New and evolving threats: Attackers continue to look for new methods of entry, one of which is below the PC operating system. Low-level attacks often take advantage of weak system configurations and firmware vulnerabilities. In a Futurum study commissioned by Dell Technologies, 56% of companies experienced an external cyberattack attributed to a vulnerability in hardware or silicon-level security. While many of these attacks may not be as sensational as ransomware, they can be even more devasting.
Considering these threats and that an organization’s security perimeters are expanding beyond the traditional four walls into their employees’ homes, here are five fundamental things you should implement from a cybersecurity perspective:
- Protection above and below the Operating System (OS). In addition to having modern solutions in place to prevent unknown threats and respond quickly and efficiently to attacks across the endpoint, network and cloud, you must also choose devices that have protection and detection capabilities below the OS at the PC BIOS level, where we’re seeing a significant rise of attacks. The PC BIOS lives deep inside the PC and controls core functions like booting the PC. Often when the PC BIOS is compromised, the attacker remains hidden while the PC has credentialed access to the network and data.
- The physical security of a device is as important as its data. The physical protection of a device is just as important as the cybersecurity deployed on and within the device. If you’re using public spaces to work, remember to use a privacy shield so your data is protected from prying eyes. Also, enabling chassis intrusion detection tools will notify the user and send an alert to the system administrator if any physical tampering of the device takes place.
- Adopt a password-plus strategy. Enhance passwords with biometrics, implement multifactor authentication and utilize digital certificates for stronger protection. Cost and complexity barriers are breaking down making biometrics, like fingerprint and facial recognition, easier to adopt. Also consider using password managers to create strong, complex, and unique passwords which are then stored in a secure repository.
- Ensure employees are routinely trained on smart security practices. This is especially important with many working from a home environment. Implement a security training program and include regular tests like sending test phishing emails to keep employees’ skills sharpened. And don’t forget, security training is equally important for security practitioners and IT managers as it is for any other employee.
- Allow for usability and protection to co-exist. Even if you have the best security tools, if they’re hard to use or hinder productivity, they will be ignored or defeated by your employees, leaving your organization at risk. Successful security solutions must be easy to deploy, easy to maintain, and easy to use.
We know that the threat landscape is constantly evolving, so flexibility is key. Organizations should assess the tools they have, invest in the future, and remember to adapt to the threat landscape. By focusing on foundational elements, like the five above, you can ensure your organization is off to a strong start today and into the future.
Disclaimer: The views expressed in the article above are those of the authors’ and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.