By Jonathan Fischbein, CISO, Check Point Software Technologies
The impact of COVID-19 has rippled through the way we work, socialise, learn and shop forever. On a global scale, a growing number of organisations are embracing remote work as part of a hybrid working arrangement. The UK is no stranger to this worldwide trend and the new lockdown waves imposed by the surge of the Delta stream reinforces the certainty that flexibility remains as important today as a year ago.
What needs to change however, is the approach to cybersecurity. If the beginning was rushed and CISOs found themselves having to implement policies on the go, now, more than 12 months on, there is a real need to level up as cybercriminals continue to take advantage of this global shift to exploit organisations and enterprises of all sizes.
Over the last six months, an organisation in the UK is being attacked on average 356 times a week. As a result, local companies are becoming prime targets for cybercriminals. For IT and security professionals, this shift from identifying and protecting against vulnerabilities for on-premises equipment has evolved to dealing with key threat actors such as employees accessing internal assets from personal devices and remote locations.
One of the key challenges facing organisations in a hybrid work environment is the intensity of cyberattacks rather than the exposure to new vulnerabilities. In fact, Check Point® Software Technologies Ltd. a leading provider of cybersecurity solutions globally, revealed in its 2021 Remote and Hybrid Work Security Report that the top breach and attack vectors since COVID-19 are data infiltration and leakage (55%), phishing emails (51%) and account takeover (44%).
Further to this, IT and security professionals identified scalability (46%), privacy (42%) and supporting bring-your-own-device (BYOD) (40%) as the top administration challenges with remote access. As a result, we are witnessing an increase in ransomware, supply chain attacks and zero data attacks globally. Take for example, the Sunburst attack, believed to be one of the most sophisticated and severe attacks ever seen in the wild, followed by the “Hafnium” (aka Microsoft Exchange server) attack and the Colonial Pipeline attack.
These vulnerabilities cause IT and security professionals who are faced with the relentless discovery of new exploits, to constantly race to patch and fix the cyber incidents. However, patching external facing systems is not enough in this new normal. There is a now a need for IT and security leaders to protect the ‘soft’ areas such as employees and assets from vulnerabilities which means securing all endpoints. Allowing cybercriminals the opportunity to take advantage of a weak point can result in serious repercussions. The obligation IT professionals have, to secure and protect businesses and assets from cyberattacks, can be a huge responsibility but there are solutions you can implement to protect the network and infrastructure even with your hands full.
It’s becoming clear the hybrid workplace is here to stay, so how can IT and security professionals protect their businesses against cyberattacks and potential threats?
Reinforce education and awareness across the company
With remote work, there are increased risks to security management. However, IT professionals at the frontline of protecting organisations from cyber threats and attacks should be working together with security leaders to reinforce education and awareness across all company levels. Regular communication with simple, concise policies and setting up controls to prevent threats is essential to ensuring employees are compliant while generating user awareness.
Ensure proper security policies and infrastructure
Cybercriminals are fully aware of the timeframe industries can take to identify and remediate; it could take days, weeks, and even months to patch vulnerabilities if organisations don’t have the proper security policies and infrastructure.
Almost half of organisations (48%) consider application protection against cyberattacks and zero-day threats important therefore ensuring there are proper security policies and infrastructure in place can alleviate challenges in securing the hybrid work environment.
Adopt Secure Access Security Edge (SASE) Solutions
With the hybrid workplace taking front and centre stage across many organisations, the important lesson for IT professionals and SOC teams is to leverage unified solutions that will provide valuable protection on multiple fronts.
The responsibility to detect, assess and monitor security threats coupled with several different solutions is never an efficient way to secure business and IT networks. For this reason, Secure Access Service Edge (SASE) solutions aim to bridge the security, management and performance gaps caused by the digitally dispersed workforce.
Most IT professionals (94%) are familiar with the SASE framework, but adoption is slow, with 9% already implementing it and 21% planning to do so. Check Point Harmony Connect has redefined SASE by making it easy to access corporate applications, SaaS and the internet for any user or branch from any device without compromising security. This will ensure businesses are protected against the most advanced cyberattacks from anywhere at any time.
The benefits of SASE adoption mean simpler, more efficient management of potential threats and consistent policies with fast access from anywhere at any given time. This security strategy is in-road to providing that additional layer of protection for your organisation.
The bottom line is the hybrid workplace will become a part of our everyday life and as IT professionals and security leaders it makes sense to consolidate your security solutions to ensure each possible endpoint is secured.