Long reads

How will a new working environment change the way companies value cybersecurity?

Inga Schorno

Inga Schorno

Head of Information Security, Tandem Bank

Cybersecurity is in place to protect our computer systems and networks from theft or damage to their hardware, software or electronic data. Due to technology evolving and companies becoming more reliant on technology, cybersecurity is becoming more important to businesses. Cybersecurity is extremely complex, both in terms of politics and technology, therefore it is one of the major challenges facing companies and governments today.

How does remote working potentially compromise a company's cybersecurity?

The current remote working conditions represent both an increased danger and an opportunity for companies’ cybersecurity posture. Employees are now having to use communication tools such as Zoom and Microsoft Teams, both of which have reported security vulnerabilities. In addition, we are no longer able to access company databases on the secure networks at the office - many employees are using unmanaged and insecure devices and networks to access corporate systems and confidential information. Due to Covid-19 shutting down offices across the country and people being forced to work from home if possible, the onboarding of new applications and services to enable remote working, combined with insecure connections and a lack of cybersecurity knowledge from employees, has significantly increased the risk of attacks.

The rise of scammers and cyber criminals

Some companies will choose to remain the same and keep their risk appetites and control measures as they were when their employees were office based. However, it is impossible for companies to escape the alarming evidence that scammers and cyber criminals are taking full advantage of the current situation we are in. Through very successful social engineering campaigns and effective bypassing of somewhat loosened IT controls, scammers are able to not only pose a threat to the company’s ability to protect sensitive data or information systems, but they are also able to put a complete stop to the business continuity plans and remotely run business operations - this would be a serious impact to any organisation.

With serious implications like that, I am hopeful that senior leaders across industries are taking the time to carefully listen and evaluate their cybersecurity practises, and prioritise any changes that need to be made. The topic is generating a lot of attention and talk, with security evangelists, threat experts and modern technology vendors saying that now is the time to evaluate any given company’s cybersecurity strategy and highlight the areas that pose unnecessary risks or require extra attention.

Innovation and investment in a remote working environment

It is also important to highlight the opportunities and advancements that remote technology brings us. Remote working has shown us the need for much more innovation and investment in keeping those vital digital assets that we rely on so much secure and safe. Colleagues, clients, family and friends are now recognising the need and the importance of technology and instant remote connectivity.

Employees expect a high level of security and privacy from companies that they work for, and in turn companies expect a high level of security from those who are providing this service. Due to the complete change in our working environment and the rise in conversations around cybersecurity, cybersecurity leaders may be able to communicate to their stakeholders the need for improvements in their present capabilities a little more effectively.

Life after Covid

Overall, I do believe and hope that companies are giving their cybersecurity functions and teams more attention and are learning the value and importance of them. Senior leadership needs to understand what the threats and risks are and what areas require additional investment to not only maintain high cybersecurity standards, but to also ensure that any system can secure remote working in the long term. There is also a shortage of talent in the cybersecurity space, so it is important for more people to be trained in the industry as threats become increasingly more frequent. Companies need to keep talking about cybersecurity with their employees to ensure they know best practise. Our working from home habits, including reusing passwords and letting family members use our devices, put our business systems at risk and all employees should be taught simple tips to keep our systems as safe as possible. I think Covid-19 is going to change the way many companies are set up, and it is key to ensure that any investment in cybersecurity mirrors this changing way of working. I would encourage every cybersecurity team to use these opportunistic yet challenging times and explore possible additional and enhancing controls that span people, processes and technology.

Comments: (1)

A Finextra member
A Finextra member 25 July, 2020, 06:17Be the first to give this comment the thumbs up 0 likes

Poitns well covered. Also organisations shall focus on qucik detection and reponse capabilites. Also need to have controls  on known knowns and unknowns.