There are no shortcuts to cybersecurity

Next story
Parvinder Walia, ESET President for APJ

Businesses have experienced a surge in cyberattacks globally since the onset of the pandemic. While it is critical to ensure that organisations have effective cybersecurity solutions in place, it is also important to note that these solutions only constitute one component of a good cybersecurity posture.

In the face of an evolving threat landscape, businesses need to recognise that there are no shortcuts to cybersecurity. A whole-of-organisation approach is vital to ensure strong cyber hygiene and employee awareness in the defence against cybercriminals.

Rising cybercrime
COVID-19, and the ensuing hybrid work models, has accelerated digitisation across the world and increased the demand for digital services and devices. This presents potential vulnerabilities for businesses as more employees are connecting work devices to personal devices, giving more opportunities for cybercriminals to exploit weaknesses via insecure network connections. This is a worrying trend, given that more than a third of organisations worldwide have experienced a ransomware attack or breach in the last 12 months.

In Singapore for example, more than 4 out of 10 crimes reported in 2020 were cases of cybercrime. In particular, there was a 154% increase in ransomware attacks, which mainly affected SMEs from sectors such as manufacturing, retail and healthcare.

This trend can be attributed to the rise of the digital economy along with the new normal where people work, play and learn online.

Although there is growing awareness of cyberthreats and the far-reaching consequences of cyberattacks, businesses need to take a stronger stance towards cybersecurity.

Security risks and complacencies in the hybrid workplace
Within a workplace, each individual employee can represent potential weak points for cyber criminals to probe. Coupled with the switch to mass remote working as a repercussion of the pandemic, this challenge has only been magnified into an even bigger one for cybersecurity teams.

As hybrid work models have already become the norm for most businesses, along with the rise of connected and smart home devices, it is crucial to minimise the risks that insider threats, which are security risks that originate within an organisation, can pose. It can significantly impact businesses, as the average cost per incident from such a breach has been estimated to cost global organisations nearly $11.45 million in 2020, up from $8.76 million in 2018.

Besides the security risks from digital devices, stress, isolation and distractions that come from balancing work with personal life may also play a key role in increasing insider risk. According to a report from ESET, 47% of respondents surveyed were somewhat or very concerned about their ability to manage stress during the pandemic. As a result, there might be a higher chance for these stressed employees to accidentally click on malicious links, or fail to report a potential breach to IT.

In the era of cloudification, security solutions complement excellent cyber hygiene
The threats mentioned above are just a few examples amongst a myriad of others. Due to the evolving threat landscape, businesses need to constantly review their cybersecurity posture and ensure their operations and processes are cyber resilient.

This is particularly important due to the rise in cloud-first strategies to necessitate the transition to remote working arrangements. In APAC, the prevalence of such strategies have resulted in a more than 38% increase in public cloud services spending in 2020.

Despite the benefits of cloud-first strategies, there remain several security challenges that exist in cloud-based environments such as cloud data breaches. Although there are a multitude of cloud-based cybersecurity tools to secure their hybrid workforce, organisations should not be complacent as using the right tools only constitutes half of a good cybersecurity posture.

Effective cybersecurity solutions need to go hand-in-hand with excellent cyber hygiene throughout the organisation to protect IT infrastructure and corporate data.

Best practices to fortify businesses’ cybersecurity
As more businesses lean towards cloud-first strategies, there are a few approaches they can take to fortify their cybersecurity:

  • Stay up-to-date with the latest threat landscape and review security posture regularly with a trusted cybersecurity advisor
  • Consider cloud-based sandboxing solutions to enhance never-before-seen threat detection capabilities and response
  • Companies that have already gone cloud-first can use a cloud-based management console to manage their security. This allows IT administrators to remotely manage security solutions and enforce security policies.
  • Implement a zero-trust security model to mitigate any security risks. This model is a robust cybersecurity framework that centres on a “never-trust, always verify” concept, recognising that trust is a vulnerability, and nothing - a file, programme or person - is trusted by default.
  • Improve employees’ cyber hygiene by providing regular cybersecurity awareness training, sharing best practice policies and processes supported by the right technology

To conclude, it is important for businesses to know that cybersecurity solutions are not silver bullets. If we compare our battle with cybercriminals to the global fight against COVID-19, cybersecurity solutions are similar to vaccines. Even with the right security solutions and IT infrastructure built with the zero-trust model in mind, businesses may still be vulnerable to cyberattacks. For the best protection, organisations should use effective cybersecurity solutions in tandem with strong, company-wide cyber hygiene practices.