If last year kept IT and Security teams on their toes, 2023 will certainly not disappoint if the security predictions are any indication of what to expect. Recently, during the annual meeting of the World Economic Forum (WEF) in Davos, Switzerland, a cybersecurity expert from the University of Oxford predicted a “gathering cyber storm”.
Leaders would be wise to take heed: cyber-attacks are on the rise, with emerging threats, new technologies and geopolitical movements featured as major contributing factors in the global cyber landscape, according to the Global Security Outlook report produced by the WEF. These factors, coupled with the widespread move to remote and hybrid environments, create the perfect scenario for bad actors to get creative and expand the reach of their attacks. And the focus of their undue attention? Your users.
The human factor remains crucial for any companies aiming to keep a successful security strategy. Preparation, awareness, and a good understanding of cyber-safe behaviour can turn users from vulnerable entry points to a strong frontline defence against attacks. One could think that, with access to information at our fingertips, awareness of common threats and scams would effectively minimise those threats. Sadly, phishing attacks continue to sit at the top of the threat landscape. In fact, 91% of successful data breaches started with a spear phishing attack.
Are Your Users Security-Aware?
The culture surrounding security awareness has been gaining traction within enterprises. This growing security-savvy mentality is helping users better handle the threats faced daily, in their professional and personal spaces. Corporate guidance and training are becoming commonplace and can be effective in encouraging a security-minded culture that translates into lowering risk and keeping critical data safe.
A conventional focus of policy enforcement is passwords, an obvious weak link in the security chain. It seems like for every user that follows good practices, choosing a unique password with a mix of multi-case characters, numbers and symbols, there is another that cannot be bothered to “remember one more password”.
Sophisticated social engineering techniques mean users can still be persuaded to wilfully give over their credentials to well-versed strangers. In addition to user education and security training, technology can assist by removing the password from the equation. Modern single sign-on (SSO) and multi-factor authentication (MFA) workflows, especially those using biometrics, are reimagining the authentication process to simplify the user experience while minimising risk from compromised credentials.
Protect User Privacy, For Their Sake and Yours
It seems a long time since remote work environments became a source of countless articles and analysis from industry experts, but the complex task of securing data in these environments remains topical.
While some organisations have adapted and advanced quickly in their transition, others are still finding it nearly impossible to protect enterprise data from threats targeting home offices and remote employees. Attackers have caught on and set their sights on these groups with newer, more sophisticated attacks. While there are plenty of solutions seeking to leverage the power of the cloud to maintain endpoint security, each organisation has unique needs that may require jumping through additional hoops before they can crystalize their data protection strategies.
Upholding data security is imperative for organisations, not only to maintain business continuity and compliance, but to protect user privacy. Strategies must be robust to avoid leakage of protected data types, such as Personally Identifiable Information (PII), or risk exposure to liability.
Add to the mix the rise of Bring Your Own Device (BYOD), a model that relies on the use of personally owned mobile devices for work purposes, and a whole new set of user privacy requirements must be met to keep company data safe and compliant without compromising user privacy.
Users at the Centre, Technology All Around
There is little point defining a comprehensive remote work security policy if companies don’t benefit from adequate tools to assess risk and enforce access decisions in real-time. Legacy remote access technology such as Virtual Private Networks (VPN), a technology developed over 25 years ago, certainly won’t cut it.
To modernise their security strategies, enterprises are considering changing their framework to a Zero Trust concept. “Never trust – always verify” is a tagline that best exemplifies the security model at the crux of Zero Trust. To obtain access to protected resources, like data, apps and services, users must authenticate with their cloud-based identity, and the devices they use to request access must be verified as being free from compromise. Crucially, Zero Trust technology can keep personal apps and data private, preserving privacy and enhancing the user experience, and fundamentally, their trust.
Regardless of individual cybersecurity requirements, companies must focus on their users to help weather the lurking 2023 cyber storm.