2020 changed society dramatically. But it also changed cybersecurity trends.
Data breaches, the shift to working from home, new malware styles and pandemic-related attacks are all cybersecurity threats specifically created or accelerated by the 2020 COVID-19 pandemic.
This means a CIO's approach to security will never truly be the same.
In this blog, we identify the security risks of the new hybrid way of working and provide tangible solutions to these problems.
Let's get started.
The hybrid working model is here to stay
In a storm of confusion over the last year, one thing has become crystal clear: flexible work is here to stay.
The business world has been forced into a rapid digital transformation. And while the technology might have been ready, many employers have not.
Let's look more closely at how CIO's can manage these vulnerabilities.
IT security risks of hybrid working
In this new hybrid way of working, for cybersecurity teams who were already overloaded before things changed, the battle will only become more formidable.
These IT security threats include:
- Phishing emails. These compromise the cause of over 67 percent of all breaches.
- Web application breaches. These have doubled in the last year, accounting for 43 percent of all breaches.
- The need for staff to access and communicate data beyond the periphery of the usual security firewalls.
- The need for staff to access company servers or cloud accounts over public networks offering restricted bandwidth via home routers with exposed modem control interfaces.
- The widespread use of domestic IoT devices such as printers, cameras and TVs using default settings.
So, how can you overcome these hybrid working threats?
IT security solutions of hybrid working
While these threats and their findings are alarming, there are plenty of available options to secure critical assets for remote workers.
These IT security solutions include:
- Anti-phishing protection in EOP. With the growing complexity of attacks, it's tricky for even the most trained users to identify sophisticated phishing messages. Fortunately, Exchange Online Protection (EOP) and the additional features in Microsoft Defender for Office 365 can help.
- Azure Sentinel. You can get a bird's-eye view across the enterprise with the cloud-native security information and event management (SIEM) tool from Microsoft.
- Always On VPN. While it's not possible to address every single employee's broadband and home router setup, it's also not necessary. Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, nondomain-joined (workgroup), or Azure AD–joined devices, even personally owned devices.
- Azure Virtual Desktop. You can set up Azure Virtual Desktop (formerly Windows Virtual Desktop) in minutes to enable secure remote work.
- The Zero Trust model. Based on the principle of verified trust, Zero Trust eliminates the inherent trust that we assume inside the traditional corporate network. Its architecture reduces risk across all environments by establishing robust identity verification, validating device compliance before granting access, and ensuring least privilege access to only explicitly authorised resources.
Securely embrace the ''new normal''
Many business leaders enjoy having schedules free of flights and in-person meetings (that may have been less productive than realised).
A hybrid model - that divides time between the home and the office - could offer an ideal working solution for companies and their employees. However, this brings vulnerabilities that CIO's must address to transition securely.
If you'd like more information on how to get on the right track for a secure and modern workplace, please don't hesitate to get in touch with us.