Organizations who still rely on five-year-old cybersecurity solutions can’t respond to today’s threats. Just consider the big rise in phishing and ransomware attacks, that both large and small businesses fall victim to. The current cybersecurity challenges look a lot different than they did a few years ago. Throughout this blog we cover three important security developments, and we also explain how organizations can battle these new risks.
Companies used to compete alone, but nowadays an organization depends more than ever on an ecosystem, with a wide array of partners. A factory might have its security sorted, but still goes down if a supplier gets hit. One example is the attack on the distribution company of a Dutch supermarket, which caused delivery problems of cheese. And when your accountant or hosting provider can’t access its systems, your business continuity is at risk as well.
Traditional security methods like virus scanners or firewalls won’t fully protect your organization. These methods offer some protection but only secure outside-in, while employees are the easiest cybercrime targets. Attacks are becoming more personalized, with phishing not just happening over e-mail, but through Whatsapp as well. A fake text message from a hacker to an employee led to the large-scale data breach at taxi company Uber. Only one employee slip-up is enough for a culprit to enter.
Employee awareness is important to prevent this, so they can establish the authenticity of a message from their manager. But to limit damage, it’s just as important to promptly report security incidents to IT. Additional solutions can be deployed to discover atypical behavior. When a user normally works out of the Netherlands in the morning, it’s suspicious when he signs in from a foreign country at 3AM. By monitoring and quickly discovering anomalies, you can respond when necessary.
A big percentage of the employees is working hybrid since the pandemic. Cisco research showed that 62 percent of the employees is working partly from home, as opposed to the 19 percent pre-covid. In that respect, insights in the IT environment shouldn’t just be limited to the office but move to the home environment as well.
If that doesn’t happen, cyber criminals will receive more attack opportunities. Just consider an old-fashioned home pc for instance, or an out-of-date router. In short, the security measures for data and applications should stay intact, even if the base of work changes.
One way to secure the IT environment always and everywhere is through a posture assessment, which checks both your authentication and device validity. Employee-owned devices are allowed, as long as they comply to the organization’s security policies. This means the OS has to be up to date and encrypted and anti-virus software has to be up-and-running. An out-of-date system is not allowed to access the company network and can’t download files from SharePoint, for example.
Since everyone’s a mouse click away from online services it’s impossible to dictate employees what they can or can’t do. To keep in control three steps are important:
1. Organizations need insight in their IT environment to know exactly what’s going on,
2. They need to know what they want to protect, to assess activities accordingly,
3. Then they need the measures to act on incidents fast.
Besides the necessary IT resources employees should be able to recognize security incidents and respond to emergencies adequately.
Interested to know if your security solution is up to par with current security risks? Please contact … for a Security Health Check.