The world has witnessed one of the most unprecedented times with the outbreak of the Covid-19 pandemic. As countries gear up to get the vaccination programs rolling in a bid to get back to normalcy, there is still a relatively unpredictable possibility of how things can turn out to be in the near future. With the new variants of the coronavirus still emerging in various parts of the world, it would not be a surprise to see how the ways of work as we know it and especially the way we came to realize it during its evolution in the pandemic, will continue to change or maybe even revert to how things were during the peak period.
All this means that with the changing times and global environment, work has dynamically and drastically undergone a serious makeover. Some organizations require employees to be on-site, while many have done away with permanent offices and gone remote. While some are still in the phase of experimenting or even implementing a hybrid model of work which has an appropriate mix of days where employees are required to work on-site and from home. Regardless of the variants in the ways of work, one sure thing is that the world is continuing to adopt the power of the internet and, where feasible, enabling a majority of its business and operations virtually.
While this has its benefits in many ways, there are also enormous challenges that organizations have faced and continue to face as they get going with the virtual model of work.
- During the pandemic outbreak, as confusion and fear made their way worldwide, companies jumped the panic button. Many implemented technologies to enable remote working and virtual conferencing to get hit by a flood of cyber threats that rose exponentially during the lockdown.
- Cyber Threats that made a stark rise during this time included email threats, malicious domains, covid charity scams, ransomware, and spyware. For instance, here’s a look at the number of email threats that surged during April 2020.
- Along with surging threats came newer ways in which attackers and internet trolls targetted organizations and individuals by intruding into ongoing video conferences and posting objectionable content during the ongoing session leading to sessions getting shut down and impacting the reputation and goodwill of the organizations and people involved.
Thus, as the pandemic forced people to stay at home and video conferencing came to be used increasingly across businesses, schools, and social media, attackers, leveraged the changing dynamics to suit their ulterior motives and continued to inflict harm in the cyber world.
The numerous instances of rising cyber threats and highly deceptive and ingenious scams only point to the potential of the population of attackers and how creative they can get when it comes to taking situational advantage of a changing world with its people juggling multidimensional challenges involving jobs, travel, education, and health.
In the world of Cybersecurity, the perimeter organizations once knew now extended to almost all employees’ homes, leaving many loopholes further exposed for misuse by attackers and even malicious insiders.
- For example, while malicious employees would have been cautious about grabbing screenshots of their desktop at the office during pre-covid times, they may now have complete and uninterrupted liberty to do so as they are given temporary laptops or allowed to connect to their workstations in the office through Virtual Desktop Infrastructure (VDI).
- Thus while enterprises have an array of various security technologies, a lot of the gaps that those technologies could not solve during pre-covid times are now turning out to be a bane that needs to be dealt with at the earliest, before organizations end up with incidents involving massive breach of data through means and ways that are undetected and unpreventable in a remote setup.
- Likewise, other challenges continue to remain in grey areas like the employees operating remotely from shared accommodations and locations which are open to the prying eyes of uninvited neighbours or possible visitors in the room who may as well be curious and malicious at the same time to drop a bugging device that records all video conference and conversations.
- This way, if one imagines the average number of employees for a large organization, one can make out the wide range of possibilities that attackers can choose from to select an attack vector and try social engineering attacks to break into networks and steal confidential information.
These are just some of the security challenges staring in the face of many Information Security Officers across the world today. Therefore, as newer ways of work get formalized, it becomes increasingly important to identify and assess such possibilities and mobilize resources and management support to see how such risks can best be managed. An extensive risk assessment is key to uncovering the blind spots in the security posture and taking measures to address them before it’s too late.
While state-of-the-art technologies and surveillance systems might be readily available as viable options, investing in them without knowing what the risks are and understanding their likelihood and impact can backfire in the long run, especially from a financial perspective, and the end may not justify the means.
Based on the risk assessment results, organizations need to define appropriate risk treatment plans that can address the risks to data security introduced by different permutations and combinations of the work model involved. While risks may thus be identified, organizations must consider exploring necessary tools and technologies that can be implemented as justifiable controls commensurate with the level of risks addressed. Some of the technologies that organizations must consider implementing include but are not limited to VDI, DRM, DLP, CASB, MDM/MAM, and EDR. However, technology needs to be strongly backed by the right processes and policies, which can only be defined based on a detailed risk assessment outcome. Where areas may remain unaddressed even after deploying controls, organizations must invest resources and efforts to research and evaluate emerging technologies or even develop custom solutions that can reduce the overall risk to an acceptable level.
~Arun Ramakrishnan, Former IS Compliance Officer and Cyber Security Manager at Reserve Bank Information Technology Pvt Ltd (ReBIT)
The past couple of years has shown an inflated risk in cybercrimes, causing companies around the world losses amounting to trillions of dollars. Take charge of your organisation’s security by upskilling in this highly-popular domain. Emeritus offers several courses in cybersecurity, which include real-world case studies and practical knowledge by industry leaders. Enrol in a programme in cybersecurity and ensure you are prepared ahead.