It is no secret that the significant changes required of organisations over the past year have come with heightened cyber security risks. Even now, as we begin to move into a ‘new normal’, the landscape is anything but certain. Organisations need to keep up with this evolving threat landscape, as there are several cyber security trends that are emerging from this new post-pandemic era.
Defence against ransomware
Ransomware has been a key adversary for quite some time and there is no sign of this changing. As a result, we expect to see new initiatives released and developed to counteract this threat. There are several initiatives in development because of collaboration between governments, industry associations, businesses and vendors.
The proposed extension to Know Your Customer (KYC) transparency rules in financial transactions is an excellent example of what can come about as an outcome of this collaboration. KYC currently does not include cryptocurrency transactions but attacks against cryptocurrency payments are a favourite of ransomware attackers because they are untraceable. Therefore, extending KYC rules to include cryptocurrency payments is a matter of importance as it will act as a strong deterrent. Collaboration in the development of these initiatives is vital – any organisation that is at risk of becoming the next victim of a ransomware attack will benefit from new initiatives, so it is important that they are supported where possible.
Avoiding ransomware: what security & risk leaders need to know
Culture of security
Corporate culture often brings to mind ping pong tables, free beers on Fridays and bean bags, but what about security and business continuity planning? Well, they are about to become just as important. Cyber security needs to become front of mind for all employees, not just those who work in IT. One way to do this is through “war-gaming” activities, training employees and creating rapid response plans to ensure that everyone is prepared in case of an attack.
The roles of the C-suite have been changing for quite some time now, as each role becomes less siloed and the whole company is viewed more as a whole than as separate teams. The evolution of the chief information security officer (CISO) is a great example of this – rather than being a separate role to the chief information officer (CIO) or chief technology officer (CTO), the CISO is now responsible for security, customer retention, business continuity planning and much more.
Now, this change needs to spread to the rest of the business so that all employees prioritise security and collaboration, whatever their level and role. The natural result of this is that teams will become more open and better at information sharing which will make it easier to spot when there has been a cyber security issue, as everyone will know what is and isn’t normal across the company.
Security at the edge
The next step of this repositioning of security within the organisation is to acknowledge the impact that working from home has had. At the height of the pandemic, almost all workforces became remote and now, even as companies are gradually starting to return to offices, there will still be a vast network of remote employees.
This rapid and huge shift to remote working at the onset of lockdown restrictions would not have been possible without VPN architectures, but the security governing VPNs is not as strong as it needs to be for the heavy reliance placed on these systems to connect employees to vital applications placed organisations. Organisations have therefore turned to SD-WAN instead. These systems now come with integrated security controls, delivering almost the same level of security to remote workers as the head office. Another more secure option than VPNs that is likely to take an ever more central stage are secure access service edge (SASE) solutions. These combine network and network security into a single cloud service that is both secure and able to provide the level of connectivity needed to run devices at the edge.
How to inspire and empower your remote or hybrid workforce
The emergence of microsegmentation
A trend that we are likely to see in the near future is that of segmentation and microsegmentation requirements. Accelerated investment in vendor roadmaps will enable more integrated approaches to the requirements of home networks. This will dedicate resources to addressing the segmentation and microsegmentation of all stakeholders in the applications and data that run on personal devices to produce a more integrated method.
Due to the sudden switch to remote working and cloud service adoption, certain principles of cyber security best practice had to be temporarily overlooked for many organisations. However, now that cyber security teams have overcome those earlier challenges in the peak of the crisis, there’s an opportunity to learn from the pandemic to improve cyber security posture long-term.