Getting cyber security right – why it needs to be an integral part of your hybrid IT plan
Published On: January 13, 2022 |
Hybrid working introduces many new cyber threats to businesses. What will this mean for your security strategies?
Every business must make protecting its networks a top priority. The risks posed by cyber crime are greater than ever, and with high-profile data breaches hitting the headlines on a regular basis, awareness among customers of the problems this can cause is also high.
According to figures from the Department for Digital, Media, Culture and Sport, 39 per cent of UK firms experienced a security incident in the last year, with this rising to almost two-thirds of medium-sized and large businesses (65 per cent and 64 per cent respectively). What’s more, 27 per cent of companies experience attacks on a weekly basis.
This is an issue that is only set to become more pressing in the coming years. As firms embrace trends like hybrid working and operations become more decentralised, this presents more opportunities for hackers, and therefore more risks to businesses.
The growing burden of cyber security
Despite the huge importance of cyber security defences in this environment, too many businesses are still struggling to implement effective solutions. This isn’t because they don’t recognise its importance, with business leaders placing defending their firms from hackers among their top priorities. Instead, there are a few other common issues that prevent firms from achieving success in this area.
One reason is a lack of skills. There has been an acute skills shortage in the cyber security sector for a while, and this means it’s hugely difficult to find in-house personnel with the necessary talent and experience.
Other issues may include an over-reliance on built-in security. This may be especially the case if firms are relying heavily on cloud services, as many organisations may not realise that the onus remains on them to manage many of the critical security steps.
As a result, it’s clear that going it alone isn’t an option. Bringing in expert help will be essential in tackling these issues. The right combination of technology solutions and professional expertise ensures companies minimise their risk of potentially huge financial and reputational consequences.
The challenges posed by hybrid working
This demand for effective security solutions has been made even more acute as the way many businesses work shifts. As more firms embrace hybrid working and employees spend more time connecting remotely, outside the protection of traditional network firewalls, this presents new opportunities for criminals.
For example, IBM’s 2021 Cost of a Data Breach survey revealed that security incidents cost UK firms an average of £3.36 million in the last 12 months – an eight per cent rise on the previous year. However, it also noted that breaches where remote working was involved were significantly more costly, at £3.57 million, compared with £2.8 million for other incidents.
There are a number of ways in which criminals have been able to take advantage of hybrid working during the Covid-19 crisis. This includes the fact that a lack of direct supervision and communication may make workers more susceptible to email-based social engineering attacks such as business email compromise, and that they may be using unsecured networks to access confidential data and applications.
Getting cloud and networking security right
Therefore, one of the first areas you need to safeguard against intrusion is your network, and in particular any cloud connections you have. Cloud computing is an essential element of any hybrid working strategy, as without this, remote workers will find it much harder to access essential data and applications, but it can also pose a critical weakness if it’s not protected properly.
The first step will be ensuring all cloud and networking tools are configured properly, as this is a leading cause of vulnerabilities. This is an effort that’s easily overlooked by smaller IT teams, which can leave you open to attacks.
Protecting data when it’s moving between on-premise systems, remote workers and cloud tools is another must. Therefore, strong end-to-end encryption and access controls that ensure only approved personnel can access data are also essential elements of these solutions.
Why email security is your first line of defence
However, such measures are only a partial solution. No cyber security strategy can be complete without a comprehensive plan for tackling email security. This is often the weak link in many firms’ defences, and with 94 per cent of malware entering businesses via this channel, it’s clearly a fruitful avenue for criminals.
Techniques such as phishing, business email compromise and other social engineering-based attacks aim to take advantage of careless users, especially when they can’t speak to colleagues or managers face-to-face to verify any requests.
The best way to stop this type of attack is with proactive user training. This means not just educating users about signs that emails may not be what they seem, but also ensuring users are tested on their awareness, through techniques such as running phishing simulations to see who is and isn’t taking the messaging on board.
However, technology has a key role to play here as well. While traditional email gateways may struggle to spot sophisticated email attacks, tools such as artificial intelligence-enhanced filters can offer much more accurate identification of malicious emails. By examining an employee’s entire inbox, they can spot unusual activities and send out alerts before the individual has a chance to fall victim to a phishing attack.
Putting these tools in place is essential if any hybrid working policy is to be successful. Neglect this, and you’ll be leaving your business exposed to hackers and other cyber criminals. Therefore, it needs to be a central part of your planning from the very earliest stages.
Find out more about what you need to make hybrid working a reality in our latest ebook.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.