The world is currently under the attack of a disastrous pandemic, and in just two months’ time the entire process of how we work and live has been overthrown. Countries across the globe are grappling to repair the economic damage caused due to the impact of COVID-19. Organisations are still in transition to adapt to the new business norms and processes for a post-COVID phase.
Modern Organizations to face significant Disruption in Businesses
The COVID-19 affected workforce is now trying to adjust with new modes of operation and work delivery. Working from home and interacting with peers through virtual platforms with high reliance on digital connectivity is becoming the new normal. Again, the organisation’s data is now scattered across regions, as employees are accessing the work data network from their respective homes. In case of no data security strategy in place, these companies are at high risk of data breach, mostly through ransomware attacks that usually lead to downtime for the company or complete destruction of the company’s data and network infrastructure.
Organisations thus, need to embrace new data protection and security policies to ensure business continuity.
Business Implication of Modern Attack Surface
As the impact of the pandemic crisis grows, businesses will be challenged to ensure that distributed data remains protected.
• Formerly office-bound employees to now use personal digital tools
The majority of organizations are now opting for Work From Home culture, leading to the mass adoption of digital tools and raising the risks of data security and privacy. Recently, a virtual conference hosted by the Broadcast Audience Research Council (BARC), was forced to stop the briefing midway because of a ‘hacking’ episode.
• Increased usage of cloud
A remote workforce translates into increased use of the cloud leading to a new set of challenges for organisations. There is a spike in demand for virtual desktop and VPN solutions with the same data and cybersecurity capabilities as they had in an on-premises setting.
• Increased data exfiltration and corporate networks infiltration attempts
WFH employees are now accessing the cloud through personal devices, which may not be directly under the organization’s control, and via networks whose security measures are unknown. This provides hackers with a greater opportunity to exploit loopholes and exfiltrate sensitive business data which is more prone to exposure.
What must organizations do?
• Respond with greater agility
With the current situation more favourable for data breaches, it demands innovative and agile responses. The usual practice of keeping bad actors out to mitigate insider threats will no longer suffice. Hackers have managed to compromise the credentials of millions of online users and they can successfully impersonate genuine employees, which will likely exacerbate the problem of unauthorized movement of data. As a result, traditional approaches to mitigating cyber threats may not prove enough to maintain the required cyber resilience.
• Plan for DLP
Businesses transitioning to a largely remote workforce must draft a thoughtful security strategy that provides for a good data loss prevention (DLP) plan, enables robust protection against bad actors, and facilitates compliance to global IT standards (ISO, NIST, and CMMC).
To this end, businesses must be aware as to where their critical data resides so that unauthorised access can be prevented and automated security responses triggered with the changing risk levels of the digital identity accessing that data.
• Data-backup for emergency recovery
As cyberattacks, especially ransomware, are inevitable to any organization whose business depends on crucial data, it is important that organizations have a data recovery strategy in place that ensures that despite any form of cyberattack, the company will not suffer the setback of data loss.
• Create a strong VPN strategy
Businesses can use a strong VPN strategy to keep people and data secure, even with large groups of remote workers. Separate, performance-focused VPNs may be created for dedicated groups of employees, such as accounts or development teams.
• Educate employees on security hygiene
Employees can be an effective first line of defence in the fight against cybercriminals. With regular and frequent communication, organizations must encourage the remote workforce to practice active security hygiene, emphasizing on its importance in helping mitigate data loss and insider threats.