Cyber security priorities impacted by our new way of working

Our new way of working has resulted in a continuously evolving attack surface, which has changed cyber security priorities for many organisations. Indeed, the COVID 19 pandemic has changed how we interact with technology, driving a shift to remote work environments. This new, ever-changing landscape has exposed organisations to more costly cyber incidents than ever before, demonstrated by a 10% increase in the average cost of a breach year-on-year between 2020 and 2021. Undeniably, with remote work environments here to stay, increases in cybercrime activity are inevitable. For businesses, this translates into the threat of higher associated breach costs. As a result, adequate security is now a fundamental and highly justifiable investment.

Securing remote workforces is top of the cyber security priority list

Remote work environments demand new security solutions as the hard edge of an office security perimeter no longer exists. Subsequently, with data no longer in internal data centres and users mainly situated out of the office, endpoints require targeted security everywhere. Understanding critical assets and services is key to understanding your cyber security priorities. Recommended actions include

• Maturing identity management
• Educating users
• Getting a handle on endpoints

Adopting a zero-trust framework is critical to success

The Zero Trust model of questioning, do I trust this person? Do I know who they are? Do I know from which IP address they originate? is critical in providing realistic and effective controls to address today’s attack vectors and dramatically reduce the cost of adverse security events. Subsequently, as reported in the IBM Cost of a Data Breach Report 2021, breaches are 42% less costly when organisations have a mature zero trust framework.

Zero Trust is a company-wide journey that strategically redesigns your network from the inside out. Zero Trust is not a technology; it is an information security model that denies access to applications and data by default. Zero trust has a lot of components involved in orchestrating focus on sensitive assets. Accordingly, it is slowly but surely gaining adoption In Australia and New Zealand and on its way to becoming a top cyber security priority for organisations. The Zero Trust framework, when layered across every resource in your IT environment reduces risk dramatically.

Furthermore, Zero Trust adoption takes concerted planning, effort and expense, so I recommend starting with a business approach. Map which data is critical to the organisation and work on your top priority areas first. Build a practical and realistic Zero Trust Readiness Roadmap and proceed in applying a layer of Zero Trust to each area in a timely and consistent manner.

Understand the positive impact of early detection

Organisations able to quickly detect and respond to incidents reduce a breach’s impact more effectively than those without detection mechanisms.

Close the critical gaps

The risk of financial loss is most volatile and occurs most often within foundational security gaps and not due to the lack of advanced controls. Therefore, this means a focus on understanding critical sensitive assets and making them your top cyber security priority will help minimise financial risk.

Use a layered security approach to safeguard sensitive assets

Ransomware remains the #1 threat to the safety of your data. Unrelenting ransomware attacks make it seem like attackers must be using complex new techniques. Still, prevalent ransomware attack vectors are well understood. Nearly all modern attack variants breach victim systems in one of three ways

• Email phishing
• Software vulnerabilities
• RDP/Remote access compromise

Effective anti-malware control is still a must-have, but the single layer of defence approach is no longer enough. Assume that your security controls will fail. Organisations with effective security prevention are often breached by ransomware – but they are prepared to contain those breaches.

What layers should I implement?

• Create a ransomware response plan in order to prepare your organisation to handle and respond to breaches
• Adopt Zero Trust
• Implement security awareness training, including phishing detection
• Encrypt and back up your data

Conclusion

Understanding your organisation’s critical functions, assets and services is critical to form a foundation to focus security resources on. Once you have a foundation of cyber hygiene, the footprint can be expanded over time. It’s often hard to start the process, but that’s where a security assessment can help by identifying strengths, weaknesses and risk areas. If you want to find out more about how security assessments work, book a 30 min security assessment consultation with our security team. This complimentary session is discussion based and will create a base for your future security planning and development.