[BreachExchange] What IT leaders need to prioritize to protect against cyberattacks

[Destry Winant]

https://www.techradar.com/news/what-it-leaders-need-to-prioritize-to-protect-against-cyberattacks

We live in a world of increasingly sophisticated hackers and
adversaries, out to steal data from people and companies for profit,
knowledge or disruption. While business leaders juggle new, pressing
concerns daily due to the pandemic, one item that unfortunately often
gets put on the back burner is cybersecurity.

As businesses embrace digital transformation and new ways of working
remotely at scale, keeping sensitive information safe is a growing
challenge for employers and employees alike. Especially considering
new research that has highlighted over 1 in 5 (22%) UK workers have
received phishing emails related to COVID-19. And worryingly, only 24%
of UK employees say their companies have increased cybersecurity
training during the pandemic - suggesting many businesses may still be
blind to the cyber risks associated with it.

With mass vaccination efforts still in development, COVID-19
challenges are here to stay for the time being. As a result,
businesses must invest time, education and actions to remain vigilant
to the cybersecurity risks associated with remote work. They need
cyber resilience, or in other words, the right tools, processes and
backup policies, coupled with cyber awareness and training, in place
so that business can continue regardless of any malicious attack
method.

Blurred lines increase uncertainty

Before the global pandemic and related lockdowns went into effect in
early 2020, many businesses were already adopting part-time and
full-time remote work schedules for employees. However, this still
wasn’t to the scale we’ve become accustomed to today. As a result,
employees have had to adjust to remote working on a full-time basis
and the challenges and cyber threats that come with it.

For many, working in home environments can cause a problematic
blurring of home and work boundaries. Not only are there issues of
stress and mental health, but performing work tasks on improperly
secured personal devices, or, alternatively, performing personal tasks
on a work device, can present increased security risks for
individuals, businesses and their networks.

It has never been more crucial for every employee to take ownership of
their online behaviors because common threats, like phishing, are at
record highs given the ongoing pandemic – and the employee is often
the target.

In fact, the aforementioned report found that 34% of UK workers say
they have received more phishing emails than this time last year.
Phishing attacks continue to grow in popularity because,
unfortunately, they work. Hackers and criminals weaponize the simple
act of clicking and employ basic psychological tricks to illicit
urgent or harmful action from unsuspecting employees.

Which is why its crucial employees are made aware of the importance of
maintaining clear boundaries between work and personal lives, and that
employers equip them with the knowledge needed to stay safe from
opportunistic threats like phishing and have a process to check back
on understanding and employee knowledge.

The way forward

The pandemic has changed our working lives for the foreseeable future.
Workers are concerned - and with that concern comes a desire for
information, safety and support. We’re seeing both organized crime and
opportunistic attackers exploiting fear, uncertainty and doubt to
target individuals and businesses in a variety of ways with
pandemic-related phishing attacks. It’s clear from the survey answers
that many workers feel that to properly prevent phishing, their
employers need to invest more heavily in training and education, in
addition to strong cybersecurity tools. Continuous focus, education
and increased awareness of common attack methods are a central
component to becoming more resilient against cyberattacks and other IT
challenges.

For businesses, that means implementing regular simulated phishing and
external attacks that address the various ways hackers attempt to
breach organizations through their users. By combining the latest
detection, protection, prevention and response technology with
consistent attack training and engaging content, IT security
departments can tackle the people, process and technology combinations
needed to successfully mitigate attacks. Additionally, businesses must
ensure that all workers have clear distinctions between work and
personal time, devices, and obligations. This helps reduce the amount
of uncertainty that can ultimately lead to phishing-related breaches.

It’s also important for businesses working toward cyber resilience to
value back up data and ensure employees can access and recover their
data no matter where they are. Confidentiality, integrity and
availability in the case of cyberattacks or other forms of potential
data loss need to be clearly understood and planned for to address any
weakness in the security system. While accidents happen, what matters
most is being able to recover quickly and effectively. So, it’s also
crucial to back up collaboration tools frequently used for meetings
and communication as these will be key for continued productivity in
the event of an attack. By investing in cyber resilience and the end
user training needed to make it pay off, businesses can significantly
reduce risk while protecting their reputation, staff, and customers.
When staff feel they can identify cyber threats like phishing, they
help themselves and their organizations to avoid the devastating
effects of a cybersecurity breach.