FUTURE TECHNOLOGY
CISOs at organisations everywhere are
looking for the best way to handle these
challenges while keeping employees safe
and productive. As they navigate this
‘new normal’, there are three fundamental
areas that are emerging as key priorities
for security leaders across critical people,
process and technology dimensions.
One is securing people. Attackers have
launched a wave of phishing, ransomware
and social engineering campaigns, taking
advantage of the confusion and distraction.
Some cyberattack attempts are seemingly
work-related – like a phony email from IT
asking the user to click on a link as part of
a set-up process – while some who make
emotional appeals looking for support of a
‘noble cause’ use government stimulus or
other financial incentives as the hook.
Secondly, devices and applications
must be secured. Some employees were
able to take their office computers home
with them while others set up shop with
their own technology. This surge in new
and personal device use has created a host
of new challenges, particularly for those
organisations that did not have an existing
BYOD policy in place. In the rush to get
Staying ahead of known
and emerging threats in
this new landscape has
added even more levels
of complexity to an
already complicated job.
connected, misconfigurations abound and
leaving new devices in their default (insecure)
factory settings can put companies at risk.
Attackers look for these situations to gain a
foothold into the organisation.
Finally, connections and access must
be secured. Many organisations face both
security and availability challenges as
hundreds of thousands of employees try
to connect using virtual private networks
(VPNs) to send and receive data.
Compounding the issue, employees
logging into their VPNs are using home
Wi-Fi networks, which are often unsecured,
unmonitored and overloaded as multiple
people try to work and learn remotely.
Attackers can easily infect these Wi-Fi
routers with malware, making all of the
household’s connected devices vulnerable
– from TVs and smart thermostats to cell
phones and computers.
What advice would you offer
CISOs looking to improve their
strategies to enable a secure,
smart workforce?
Organisations need to adopt a proactive
rather than reactive approach to
cybersecurity to reduce their risk
management concerns. On an organisational
level, this means training staff to think like
an attacker and identify potential security
vulnerabilities before they are exposed by
outsiders with malicious intentions. From a
proactive security perspective, engaging in
Red Team services is a valuable exercise to
simulate a cyberattack.
These ‘ethical hackers’ can exploit
discovered vulnerabilities to penetrate
company systems and
networks and remain
undetected for as long as
possible to determine what
sort of damage could be done
under a real attack.
By doing this,
organisations will not only
discover how vulnerable they
are to an attack, but it also
gives them an opportunity
to play out risk mitigation
techniques and prioritise
assets for protection.
Knowing how an attack could
impact the business and
establishing a game plan for
response is critical to gaining
a greater understanding of
risk exposure. •
INTELLIGENT TECH CHANNELS
INTELLIGENT
TECH CHANNELS Issue 30
35