Cyber risk in our new working culture?
Are cyber security risks heightened by our new working culture?
A lot has been written recently about the cyber security risk of remote working; larger attack surfaces, more informal surroundings and the upturn in threats, have all been contributing factors. While some people believe our working environments are more vulnerable now, others point out that companies are getting better at preventing attacks. The truth is probably somewhere in the middle, but it’s clear the inherent risk of a cyber-attack has gone up.
According to research from Interpol in August 2020, ‘a further increase in cyber-crime is highly likely in the near future’. The influential policing body also suggested that vulnerabilities related to remote working would be exploited by cybercriminals.
This fast-moving situation presents challenges for everyone. On the one hand, security leaders are able to tackle these problems with an increasing list of technology at their disposal but, on the other, the threats they face are evolving and changing all the time. This means it’s becoming harder for them to understand how well their businesses are protected; plugging the gaps and firefighting will only get them so far.
Making cyber security easier to understand
The key to helping everyone progress is to frame these challenges in a language that makes sense to business leaders, not just technology professionals. Assessing the risks through the eyes of people can ensure better understanding of cyber risks in more human-centric way.
Internally, it’s common for well-meaning users to bypass controls so they can do their jobs; for example, if someone wants to send a large document to a client, they probably find a file transfer service to get the job done – but it might not be secure. In addition, opportunistic insiders are sometimes all too happy to undermine security but are not so criminal they would bypass established controls. In situations where those controls are missing, however, they’ll see a green light.
External threat actors range from sophisticated, such as organised crime syndicates, to unsophisticated, which use well-understood but easily detectible methods. Most managers expect to be breached by sophisticated attacks because they are highly co-ordinated and harder to protect against, but lower-level phishing scams and malicious URLs can also create a lot of noise for companies if they are not dealt with quickly.
From understanding to action
At this point a company’s risk assessment becomes a framework to help them move forward; by discovering and defining the problems, it’s possible to develop and deliver the right solutions. Once business leaders understand how threat actors operate, and how they impact real world problems like confidentiality, integrity, availability and privacy, it’s easier to think about security differently.
As companies navigate the changing landscape of cyber security, it’s important for them to frame their challenges in a language that business leaders can understand. In a world where cyber security threats are moving fast, and professionals are in high demand, this human-centric approach helps more people to understand the risks that organisations face – and ultimately allows them to move forward together.
For more information on our digital security services, or to speak to an expert contact email@example.com.
Contact firstname.lastname@example.org for more information.