Businesses at all levels of digitalization and continuity need to re-evaluate cybersecurity through a security-by-design mindset.
Hackers today are increasingly innovative, and they are equipped with the same tools available to enterprises. They are consistently probing for the means to take advantage of the spread of data across interconnected devices, and remote-working is yet another chance for them to capitalize on this spread.
A McAfee study found worrying trends when it comes to remote work, with a two-fold increase in cloud traffic from devices that were not managed by companies, opening the door to potential data loss. Even more worrying was that cloud threats from external actors has increased by a whopping 630% across the world.
As companies go through different stages of their digital transformation journey, responses to the need to go to remote work are bound to differ. Some businesses may be ready, while others are taken by surprise when it comes to their Business Continuity Plan (BCP). In Singapore, there is a mix of multinational companies (MNCs) and family-owned businesses, and a 2019 study by Heidrick & Struggles had found that 23.8% of MNCs polled in Singapore were in advanced stages of transformation efforts, while the rest were looking into the future or in early adoption.
Likewise, for local family-owned businesses, only 8.1% polled believed they were in advanced stages. Digital transformation is an ongoing process, and much has to be done. How can businesses ensure that they are resilient against cyber threats during and after the pandemic?
Rapidly changing business environment
At this stage, many businesses would have embarked on their digital journeys years ago and are now usually well-equipped to utilize new digital tools to expedite their business. When it comes to cybersecurity, these businesses understand how lapses in protection can incur losses, so there is adherence to the concept of security by design, where layers of cybersecurity are utilized to ensure new digital solutions are implemented securely.
However, that is not to say that it is all smooth sailing. Remote-working today is the first real field test that many businesses will face with their BCP: they must adapt their policies and approach in real-time based on their findings in practice.
At the same time, threats are developing at a rapid pace: instead of being focused on those that existed yesterday, IT teams need to ensure that the business is also resilient against threats that could emerge tomorrow.
Staying ahead of the curve
To stay ahead, be open to change and do not get complacent.The established processes you have to ensure the resilience of the business may yet be cumbersome or flawed. Given that this is the first real field test of frameworks in place for remote-working, these processes need to be adjusted based on employee feedback, such as ease of use and implementation.
These processes must then be balanced against security concerns, identifying potential risks and loopholes. Agility and vigilance in responding to a changing situation will ensure that threats are prevented and do not interrupt the business.
Also, work together as a unified company. It is easy for employees to be left behind, especially during times of rapid change. Despite the physical boundaries, businesses and leaders must utilize the tools they have on hand, such as video communications and collaboration services to connect with employees. This helps to ensure that all their employees are energized, and are on the same page when it comes to cybersecurity best practices and developments in technology.
Entering uncharted territory
At the same time, there are some businesses that have only recently undergone digital transformation or not at all. They may not have a framework in place, or the necessary infrastructure to support it.
These businesses are likely to be working hard and fast to implement measures in a rush to ensure that remote-working capabilities are up to speed as part of their business continuity framework. Developing infrastructure and the limited window of time are barriers to creating a comprehensive framework, and businesses need to make up for lost time and ensure that they have security as a priority as they implement measures for increased interconnectivity.
At the same time, employees who are warming up to the plethora of new tools at their hands are also not going to be familiar with many features of the technology used, or the concept of remote-working, and thus may be vulnerable to threats that may take advantage of such unfamiliarity.
Tips for staying on course
Use a reference. When it comes to BCP businesses today are sharing advice on their steps taken, and some have even shared their frameworks. These materials are good to reference when developing a framework, and should be built upon for maximum effectiveness.
Work closely with your employees. Frameworks need employee buy-in, and it is imperative to communicate the expected behavior and best practices to ensure that employees are able to make the most out of remote-working.
Do not be afraid of trial and error. It is likely that measures will be put in place in a hurry, and as the situation progresses, important feedback, developments in hardware and software, and changes to the threat landscape will cause the framework to always be in flux. However, by the end of the situation, businesses in the midst of transformation should have already set up an effective framework for business continuity, tempered by their experiences.
Looking at work practices of tomorrow
Companies are reliant on both IT teams and employees coming together to ensure a smooth experience as they work remotely. Yet, security is also important, with massive ramifications if not implemented properly.
As a new normal sets in, businesses will eventually adapt, and can reinforce their measures by adhering to security by design. Every new application in the stack, every new technology needs to be secure—and there will be value in employing a cybersecurity solution that covers all the bases now, and in years to come.