Bernard Montel, EMEA Technical Director and Cybersecurity Strategist at Tenable, shares his predictions for a coming year of unrest and uncertainty in the digital ecosystem
Amid growing concerns over the rise in Covid infection rates, particularly with the Omicron variant, the UK government has directed companies to revert to the remote working model whenever possible. With such restrictions back in place, it’s not surprising that companies are adopting a hybrid work environment again as the New Year begins. According to an independent study conducted by Forrester on behalf of Tenable, 86% are planning to or have already implemented a remote working policy on a permanent basis. To make this move easier, 46% of companies have moved business-critical functions to the cloud, including accounting, finance, and human resources. This increases the pressure on security teams to ensure digital security, requires additional support in maintaining network security, and diligence in maintaining basic cyber hygiene.
It is estimated that cybercrime costs the UK economy around £ 27 billion annually. As a result, security leaders need to rethink their cybercrime prevention strategies over time to keep digital assets safe and repel attacks from adversaries.
Cybersecurity education will be a top priority in hybrid companies
Unfortunately, remote working has created many opportunities for bad actors to wreak havoc within shared networks. According to the Forrester study, 98% of remote workers use at least one personal device for work every day and have an average of eight devices connected to their home network. This reliance on technology means businesses need to raise cybersecurity awareness among all stakeholders and employees.
All too often, threat actors can gain access to sensitive data by compromising just one device and infiltrating shared networks. For this reason, the importance of a coherent malware protection strategy should not be neglected, and routine security and cyber prevention techniques should be shared and taught across departments of an organization.
Infrastructure attacks will continue to disrupt daily life
With critical cybersecurity breaches like SolarWinds last year, similar attacks are expected to proliferate in 2022. Violations of IT infrastructures allow attackers to move sideways within the system and affect other business areas. Companies from a number of industries including telecommunications, financial institutions, and retailers have seen such attacks, and it remains likely that they will remain a target as the new year begins. This increase in the combined security breaches of IT and OT systems is directly related to the increase in cybercrime and companies must react together and standardize the visibility of OT and IT errors.
Ransomware is a security breach that affects businesses the most. It brings a high return on investment for bad actors who pursue a simple and inexpensive strategy. In an environment where organizations simply do not invest enough in updating their cybersecurity master plan and patching their systems, malicious actors are seeing more opportunities for attack. According to the study, 65% of companies that adopted a work-from-home model in 2021 attributed the recent cyberattacks to third-party software vendors. As a result, organizations need to select vendors that offer adequate security solutions that provide visibility and control over converged infrastructures.
Evil actors will benefit from domino attacks
By compromising a device, network and system, malicious actors create a domino effect that gradually exposes more victims. Software supply chain integrity concerns are particularly emerging in light of recent security breaches – such as the Kaseya VSA attack, in which malicious actors attacked 1,000 companies using hybrid work models. This shows the assumed high risk of dependence on third-party independence, such as software-as-a-service systems.
The number of costly ransomware attacks will skyrocket
If companies want to stay ahead of their time and not be targeted, they have to appear inaccessible to bad actors. Businesses need to understand that ransomware operators want a profit that cannot be made if the legal impact and investment in the attack does not match the potential profit. Hence, the focus must shift from preventing the violation itself in order to make the cost of the violation too high compared to its compensation.
Organizations need to take a risk-based approach and have a clear picture of where their system vulnerabilities are. Companies must have the same control over their cloud system as they do over their local network and take the right security precautions to future-proof their operations. It should also be common practice to consider the security implications before developing applications and uploading them to the cloud.
Such strategies do not make companies the target of cybercrime and protect themselves in times of digital unrest.
#world #work #change #cybersecurity