As threats become the norm as work-from-home expands,
businesses need to fight back
“It doesn’t matter if you’re a one-person company or if you’ve got tens of thousands of people. Potentially, everybody is vulnerable; attackers don’t discriminate.” This was the warning served by Kerry Singleton, Managing Director for Cybersecurity Cisco APJC, during the fourth episode of the tech company’s webinar series, “Navigating the Shift.”
The warning comes at a time when globally, the restrictions brought by the COVID-19 pandemic lurched businesses towards the digital space. Remote working has changed the business landscape and will continue to be the norm until such time as there is a dwindling of the fear and the threat of the COVID-19 virus.
“Almost 97 percent of Asia Pacific organizations made changes to their policies to shift for remote working. All of a sudden we went from business continuity planning to execution,” Singleton reported.
This development had made enterprises both big and small are faced with cyber threats, and the need to adopt security measures is more critical than ever.
“[Cybersecurity] has to be foundational and has to be built into our digitization strategy and everything that we do today,” Singleton said.
The series goes on a deep dive on the pandemic’s impact across industries, and in this episode titled Cybersecurity Today: Addressing the New Threat Landscape, Singleton, along with other experts in the field, examined changes in the cybersecurity landscape as businesses went online.
“There are a lot of breaches happening. There were breaches early [in 2020] and it increased with remote work,” GIAC Information Security Expert DefCon Black Badge Raymond Nunez observed. The former Security Consultant of the Department of Information and Communications Technology (DICT) mentioned that these include SMS- and voice-based phishing, also known as smishing and vishing. While automated spam filters are available in emails, SMS and voice services rely on users to determine scams.
Nunez also reported breaches due to weak credentials in user accounts, stating that attackers are still able to penetrate organizations using passwords as easy as “1234”. This shows a certain level of vulnerability currently present among the online community, including businesses that could be negatively impacted as work-from-home is foreseen to be here for the long haul.
“I’ve spoken to customers across the globe. They’re all thinking about how do we return to work, and a common theme that I’m seeing is that they are going to leave a percentage of their workforce working remotely,” shared Singleton. He pointed out that a few large tech companies in the US have even gone for a 100 percent work-from-home policy.
The remote setup had employees bringing home their workstations, taking devices out of the protection of cybersecurity systems found inside offices and leaving them vulnerable to threats.
“The threats are not getting any smaller — they’re getting bigger and more maverick,” Emmanuel Caintic, Assistant Secretary of DICT, commented. “Now more than ever is the time to invest in your network security. It’s insurance and it doesn’t cost much. It’s actually more expensive to remediate after an attack.”
Aside from cost implications, successful attacks can result to client loss and business shutdown due to bad reputation from having been breached. Thus, the speakers called for businesses to take security measures, with educating staff on cyber hygiene habits as the first line of defense. These include being vigilant when opening attachments, clicking links, and providing information.
Another recommendation is for businesses to invest in endpoint security and visibility now that endpoint devices like laptops and phones are deployed in employees’ homes. Technologies such as multi-factor authentication or MFA was also raised as a way to ensure a person’s identity. “That inconvenience of a few seconds of having to check your phone to log in to that two-factor authentication could spell a lot of difference,” Caintic mentioned. According to Nunez, Google and Microsoft have also deployed MFA to prevent breaches and were rewarded with good success rates.
“We’ve seen online banking, government applications, and a lot of social media and email platforms move down that path, but the corporate environment and businesses [also] need to look at multi-factor authentication as the first step in their process,” Singleton agreed.
Cisco offers Duo MFA which requires users to push a token to their smartphones — a technology that the company uses itself for security. “So we’ve got the username and password, and then we’ve got the multi-factor authentication piece that sits over the top of it as well,” Singleton added.
The highly-esteemed tech company offers other cybersecurity solutions that are used by enterprises around the globe, but are still scalable from small- to large-sized businesses.
“When you’re in a small business, if you can afford to invest in device systems and secure the devices that you give to your employees or you station in your business, that’s the best solution,” said Caintic. As an alternative, he suggested investing in a virtual private network (VPN) service and in malware protection programs — which have to be kept updated in order to safeguard systems from evolving cyber-attacks.
Meanwhile, for bigger enterprises and those in public service such as telco companies, Caintic recommended flawless business continuity programs on top of robust cybersecurity technologies to ensure minimal disruption in business and service when an attack occurs.
Big or small, experts agree that businesses urgently need to look more into the cybersecurity landscape as industries continue to shift online in the new normal. It may seem intimidating and complicated with the various systems and jargon, but there are tools like Cisco SecureX that give businesses a single comprehensive platform to view threats and respond to them.