The last two years has seen working from anywhere become the norm and ransomware attacks skyrocket, increasing 37% in 2021. To combat the threat, cybersecurity protocols must become more proactive, minimising both disruption and data loss potential. Ian Pitt, CIO of Progress Software, has more on the subject in this guest article…
The most popular method for ransomware attacks to be initiated is through phishing emails and malicious websites, with the risk heightened by workers working from anywhere. Once under attack, the entire tech ecosystem is at risk, both systems and critical data. Most IT leaders will have experienced some interesting situations over the last two years, such as laptops and personal devices being lent to friends and engineers breaching networks because they thought they knew how networking worked.
The biggest challenge is to reduce risk while promoting collaborative ways of working – ensuring the right people can access the right data at the right time with the network extending to thousands of new locations.
The Changing Landscape of Risk
With an increase in phishing attempts and even CEO spoofing, building a culture of security became intrinsically important in the first six months of hybrid working.
Undoubtedly, the hybrid workplace structure has created a larger data ecosystem and with it, more challenges about data protection and security protocols for CIOs and security leaders. Workers using their own Wi-Fi and personal devices for work have introduced a new element of complexity, and the sophistication of phishing attacks has increased.
Security risks are now more commonplace and malicious. There is a 100% chance of being targeted and a near certainty of being attacked. On a public unencrypted network, you’re left open to man in the middle attacks. It’s entirely necessary to remind workers regularly about the risks of joining public networks in their new workspaces. User education has stepped up a gear – not only in the workforce but getting partners to lock down their networks and ensuring customers are updating security patches via links.
Aside from the costly threat of paying a ransom, one of the most expensive consequences of a ransomware attack is downtime, with a staggering 21 days being the average downtime organisations experience after an attack, which can paralyse business operations.
Security risks are now more commonplace and malicious. There is a 100% chance of being targeted and a near certainty of being attacked.
CIO, Progress Software
A New Cybersecurity Approach
With the White House and the UK Government’s National Cyber Strategy 2022 sharing equally strong cybersecurity guidelines, these calls to action have raised the profile of security as a priority, enabling organisations to secure more funding for security technology and increase user understanding to promote increased endpoint detection. Recommended implementations include multi-factor authentication, encryption, and enhanced security logging, as well as migration of their applications and systems to secure cloud services.
IT teams must manage data on a permissions basis, as well as ensuring data security measures for new employees are enforced from day one. Fostering a culture of vigilance to the point of over-vigilance is exactly where you want to be. This should extend to third party users, such as vendors, who can be easily breached. This has resulted in our adoption of new functionality where needed and the roll-out of multiple layers of security.
IT Best Practices to Minimise Risk
With more advanced security tools at our disposal, it’s more complex to outsmart increasingly intelligent hackers. Here are some recommendations for tech teams to be prepared for the continuation of evolving workplace structures in 2022:
1. Cybersecurity Education
Communicating the risks is vital to maximise protection – at least two rounds of education are recommended. Having team members trained to send out a heads-up email to expect an email ensures that users know it’s legit. If it’s urgent, having a system in place to send all workers an instant message is also vital, which means establishing a company-wide channel for instant communication.
2. A Zero Trust Infrastructure
This means trusting the device and the individual, not the network. We invested in our security skills, embarked on better phishing education, and better zero trust deployment. This helps keep our people rather than the network secure. Being rigorous about multi-factor authentication ensures that valuable data is secured, and people are who they say they are.
3. Invest in Good Networking Equipment
Supplying good networking equipment to critical individuals, such as the C-suite and VPs will protect the most vital IP while easing the customer support burden.
4. Robust Ransomware Defence Means Detection & Recovery
Some say detection is enough – you need both. Network flow monitoring is critical to ensuring the network is continually monitored for potential breaches. But the more rapid you make recovery, the less likely you are to have to pay the ransom. With the UK the most likely country to pay cybercriminals’ ransoms, tech leaders need to ensure a proactive recovery strategy is in place. Classic tabletop test exercises and drills for a security breach scenario across business functions ensure that you’re familiarised with potential risks and mitigation strategies. This also highlights any gaps in your business continuity plan.
5. User Behavioural Analysis
A network analysis solution which gives insight into potential threat actors can flag suspicious behaviour so that you can predict when something untoward is happening. Once deployed to continually watch the system, security pros can more easily detect unexpected and suspicious behaviour.
Creating a Culture of Security
A shift in mindset is critical to optimising your security approach across the IT ecosystem. This means understanding that the risks can be just as big for the C-suite as the newly inducted worker. It also means having a proactive recovery plan in place which is regularly tested to review security capabilities and manage threat risks appropriately.
The objective is to keep cybercriminals out, and if not, then find them, and have a recovery strategy to rapidly bring systems back to within hours before an attack. With the right protection, the threat of ransomware becomes less of a threat. Preparation is everything – only a culture of security, the best ransomware detection, and restoration testing will keep organisations’ most critical assets safe and enable the most effective collaboration.
ABOUT OUR GUEST WRITER
CIO, Progress Software
With almost 20 years of experience in C-level tech positions, Ian is passionate about enterprise class business solutions covering the full environment of business applications, operations and security.
Ian conducts global transformational work leading to the adoption of SaaS for both product offerings and organizational consumption. He also boasts proven merger and acquisition skills on both sell and buy sides in high velocity environments, including the LogMeIn and GetGo merger creating the $1.4Bn organization, partial portfolio divestitures and tuck-ins.