With so much of the work that used to be done in offices now being done remotely over corporate networks, the pandemic has acted as a stimulant for cybercrime.
According to a recent survey by Lombard Odier Investment Managers, asset managers are applying ESG practices far more extensively to safeguard their funds from losses due to cybersecurity risks present in portfolio firms.
Businesses are advised to practice good cyber hygiene and approach cybersecurity risks as important corporate governance problems, much as businesses have begun to consider climate-related risks. CIO World Asia Spoke with Chris Millerick, Global Senior VP of Channel and Alliances about the relationship between cybersecurity and the hybrid workforce.
The current state of work
Singapore, which has one of the most open economies in the world, is recovering from economic slowdowns more quickly than other Southeast Asian nations. According to Reuters, strong vaccination rates will allow the country’s economic recovery to continue in 2022. However, the interruptions in the supply chain and the growing cost of energy pose a danger to these advantages.
According to Singapore’s official government agency website, the country experienced a seismic change in the number of people working remotely in 2020, with over half (49%) of inhabitants doing so at one point. Singapore employees welcomed their new arrangements during the first few lockdowns, and many of them still do so today. This presents continuous difficulties for cybersecurity personnel entrusted with securing distant equipment and connections. Singapore organizations suffered much more IT security events than other countries, leading to breaches and the slowest incident response rate. There is a lot of potential for development here.
Security challenges of hybrid work
Remote Employees + Weak Wi-Fi Security = Big Trouble
A quick, widespread shift to remote employment and an increase in consumer digital services will increase the likelihood of anything or someone getting through that shouldn’t. Phishing was the most effective attack method (58%). Zero-day breaches, which are among the trickier to guard against, made up little under 25% of all breaches.
Instead, up to five IT security incidents were encountered by more than half of all respondents (53%) in 2021, and six to ten occurrences were dealt with by one in five respondents. If the source of the compromise is discovered to be a third party, these occurrences risk undermining trust in internal capabilities and putting vendor relationships at risk. If the defenders themselves lack confidence in their skills, it is also more difficult to organize appropriate defenses.
Wi-Fi access points and remote, employee-owned endpoints, two regions over which employers have the least control, were the two most common attack vectors in 2021. The most common effects of breaches were outages or downtime, but compromised data had a substantial impact as well, regardless of whether it had been altered, stolen, exposed, locked down, or otherwise limited. Nearly a third of individuals also contracted other malware infections.
What companies are doing to secure their hybrid work environments
Companies tend to favor hybrid versions and solutions that safeguard both on-premises and cloud-based IT infrastructures with a more mobile workforce. For instance, while preferences for on-premises, cloud-based, and hybrid DNS security were fairly evenly distributed, hybrid versions of data encryption and security web gateways received more favor.
The most often used applications for these technologies are DNS security to manage and monitor network traffic and VPNs to restrict access. The provisioning tools and CASB had the lowest adoption rates.
Future Obstacles and Options for Networks
The biggest problem moving ahead was monitoring remote worker access, which makes sense given the resources required to deploy, equip, and continuously safeguard remote or hybrid work workers. Low finance and a labor scarcity ranked highly as well. All of these major issues are symptoms of a shifting labor market and the continued financial effects of the epidemic globally.
A common element of organizations’ overall security strategies is DNS. Nearly half of them employed it to lessen the load on perimeter defenses by assisting in the blocking of bad destination requests. The same number discovered harmful destinations by gathering information from devices sending queries.
Additionally, DNS was widely used to defend against attacks such as DNS tunneling/data exfiltration, domain generation algorithms, faked domains, and the detection of malware activity early in the attack kill chain.
Serving a remote workforce fast has risks, but there are also benefits. During a protracted period of uncertainty, the ability to pivot during the epidemic kept economic engines running smoothly. To maintain coverage over a distributed workforce and defend against a new incarnation of “home network invasions,” it could have required reorganizing IT security ranks. If this report is any indicator, businesses are increasingly prepared to spend money on cybersecurity solutions in order to fill skills gaps in both technology and labor as well as remotely educate and supervise workers who may no longer work in secure environments.
Since the pandemic began, cybersecurity experts have gained a lot of knowledge, particularly about their weaknesses. Sadly, threat actors are also aware of the areas where organizations are still most exposed.