Cybersecurity incidents hit $33 billion during the past financial year. Building the right assurances into both cloud and on-premises systems is essential to avoiding the some of the biggest vulnerabilities.
Eighteen months into the COVID-19 pandemic, the chaotic rush to make remote work viable for ‘a few weeks’ has given way to a more permanent transformation. Today, business leaders continue to be challenged to reimagine the very definition of the modern digital office.
From corporations to educators, from banks to small businesses, where we work may be changed forever but our need to maintain the highest levels of cybersecurity has only increased. When your endpoints can be anywhere, it’s essential to choose a set of security solutions that covers remote, hybrid, and in-person operations. But too often there are gaps left in the defences.
Cybersecurity transformed
A survey of senior cybersecurity executives found that 42% of CISOs agree the pandemic changed their cybersecurity priorities. The past eighteen months has seen constant reports of business cybersecurity incidents caused by exploits on vulnerable remote access scenarios or weak protocol management.
The Australian Cyber Security Centre’s Annual Cyber Threat Report found that the 2020-21 period saw the pandemic environment has been exploited heavily by malicious actors, with attackers regularly targeting not only the usual business sectors but also essential services and supply chains.
ACSC reported 67,500 cybercrime reports for the financial year, with self-reported losses from cybercrime totalling more than $33 billion. Ransomware attacks grew by 15%, while the average severity and impact of incidents also increased with over half being reported as ‘substantial’.
No one wants to be the business in the headline about customer data lists being discovered for sale on the dark web. So finding ways to build greater trust into your flows of information and collaboration is essential to elevate best practice beyond the standard protection layers.
Critical remote work security concerns
Addressing the more permanent status of remote work is essential in the new cybersecurity mix. A PwC survey found that three quarters of Australians say their ideal work environment is hybrid work, with 90% wanting to keep working from home “in some capacity”.
But an IBM-Ponemon Institute study found that the average data breach cost in Australia was now $3.7m, up 31% over the past year. Remote work environments were said to have increased the average cost of breaches globally by $1.5m.
So how do we help get our IT security teams back on the front foot after the rush to just keep the wheels turning? Across critical areas of cyber defence, addressing key concerns will make all the difference:
Cloud. The pandemic has made remote access solutions the preferred choice for sharing and collaborating, making the cloud the easiest answer. However, this desire for ease of access from anywhere becomes a major point of vulnerability if not properly secured. Microsoft found that 39% of companies are prioritising cloud security investments over data and information security or even network security. Choosing the right tool to invest in is essential, and many have found PKI has helped assure strong authentication and operational integrity at scale.
Phishing. Email phishing during the pandemic has skyrocketed as the on-prem defensive perimeter has dissolved. ACSC says spear phishing has increased, and the average loss per successful event has also increased to more than $50,600. Educating workers on what to watch for, and warning of new styles of attack such as fake COVID-19 return to work training documents, has a role to play. So too does using secure email tools like S/MIME through DigiCert’s Enterprise PKI Manager to provide clear sender authentication and proof of authorship.
Trusted messaging. Fundamental to overcoming so many modes of attack is to build better trust systems around corporate messaging, both internally and in communications with external partners and clients. Using Verified Mark Certificates can play a key role in enhancing trust identifiers in email as part of the Brand Indicators for Message Identification (BIMI) standard. VMCs are now fully recognised and displayed in Gmail and can be purchased at scale through DigiCert CertCentral.
Identity verification. Both internally and externally, it’s essential to be able to securely share and sign documents as part of any effective business process. But when we can’t get together in person it is a big challenge to verify sign off on important documents – particularly in high regulatory industries. Using tools like DigiCert Document Signing Manager, part of DigiCert ONE, can add the signature assurance required to meet high standards of verification and legal validation.
Variable remote devices. Mobile devices need their own unique security protections and practices. 52% of organisations are finding it a big challenge to protect mobile devices from cybersecurity issues. A critical first step to resolving such concerns is to deploy an effective mobile device management (MDM) policy.
No office-based cybersecurity. It is commonly thought that companies are more vulnerable when staff aren’t inside the physical IT security environment. While they can be more at risk, with tools like DigiCert’s Enterprise PKI Manager, you can boost security, protect vulnerabilities and provide remote workers with secure VPN access.
Why take chances?
Hybrid cybersecurity has created a far more complex landscape for IT management, but the stakes are higher than ever. Thankfully, help is available. If you’d like to learn more about how DigiCert could your assist with planning and implementing your organisation’s new hybrid security environment, reach out today for a chat with one of our team members.