The emergency coronavirus seems to have returned, leaving a new normality in which cybersecurity and smart working must go hand in hand; we therefore asked the opinion of Bogdan Botezatu, Director Three

The manager has indicated how for years, data breaches have dominated the headlines, despite the growing commitment of companies to set up complex security measures to safeguard their ‘perimeter’.

Coronavirus’s pandemic has only added further pressure by redefining what we call ‘perimeter’: a company now has hundreds or thousands of ‘offices’ scattered throughout the city, and therefore it is necessary to pay attention to each of them.

The teams dedicated to cybersecurity, degenerate and overburdened work, have faced not only the challenges of teleworking, but also the increase of attacks by cyber-criminals. As malicious activity has increased to 500% compared to the reference value, IT security teams should redefine priorities and resume control of their companies.

Set up computer security on autopilot

There is a good reason why most companies ask employees not to use their business devices for personal use and vice versa: this practice can lead to an increase in the number of alerts coming from EDR technologies, which puts the cyber analysts to the test Choose an EDR solution that operates in the background and focuses only on the last 1% of the alerts, allowing analysts to manage what is essential.

But an EDR solution is just part of a more complex ecosystem. Cybersecurity solutions should be able to operate with automated directives and keep up with the rapidly changing threat landscape even if they do not receive security-related updates or cannot communicate with the cloud.

According to Bitdefender, organizations must rely on a security solution that can manage multiple environments, from smartphones to data centers. These security solutions that bring back to a single console simplify management and increase visibility. The correlation of information from different environments can outline signals of sophisticated attacks and allow IT security administrators to detect incidents more quickly.

Home network security is crucial

It is used to say that security is as strong as its weakest link. In the home, one of the most often neglected hardware devices is the home router. Usually, the router can be misconfigured (for example, with a weak or even without a WiFi password) or can use an outdated and vulnerable firmware that makes it easy to compromise. Companies with employees in teleworking should offer guidelines to help them set up the home network properly. Some companies also provide specialised software that evaluates the security of the entire home network • including IoT devices • and provides useful information on how to solve the problems encountered.

While convincing users to invest thousands of euros in network devices at company level is unreasonable, having them perform a security check from time to time helps to make the working environment safer and to establish a good level of protection for the future.

The third priority of cybersecurity: managing human risk

People are the life force of any company, but they can make mistakes that expose companies to cyber attacks. Due to the increase in workload and uncertainty caused by the global pandemic, smart workers are more likely to click on harmful links, fall victim to phishing scams or circumvent company security practices. Research shows that employees typically access 59 unsafe URLs per week or 8.5 per day. This is more than once per hour in an eight-hour working day.

Depending on their knowledge of the threat landscape, employees can be dangerous just like a computer attack outside the company • especially if they work remotely.

A survey conducted by Bitdefender on 6,724 IT professionals worldwide shows that 86% of companies agree that cyber attacks have increased during the COVID-19 pandemic. More than one in three (34%) says that employees are afraid of feeling more relaxed about cybersecurity issues due to their surrounding environment. On the contrary, others claim that employees do not adhere to security protocols, especially in identifying and reporting suspicious activities.

Teleworking reduces the control possibilities that the company has on employee behaviour (less network security controls or no physical control). This gives users a higher level of responsibility (e.g. which networks they connect to, who has physical access to their devices).

In the circumstances, increasing security controls and endpoint restrictions may seem the best option, but creates an imbalance between productivity, controls and user frustration.

To address this problem, the best cybersecurity experts have developed a process that quickly and efficiently combines risk data, thus solving the issue of human error. Security solutions incorporating human risk analysis promise to offer an approach based on the golden section, allowing the user greater flexibility and monitoring his/her behaviour to create an individual risk profile.

This allows IT administrators to act with surgical precision, increasing security checks when and where they are needed, and even to organize training courses for staff to better understand the principles of corporate cybersecurity.

Leave a Reply

Your email address will not be published.

You May Also Like