The onslaught of COVID-19 cases back in early 2020 catalysed a nation-wide lockdown, requiring 84% of the organisations and workforces in Singapore to transit to a home-based working environment within a short span of time. In their haste to transit to remote working, many employers have overlooked potential risks that could create more vulnerabilities within the company’s IT structures and systems.

For instance, not all equipment and technology can be moved back home. In an office setting, companies can mitigate the common cybersecurity risks through a firewall, employee training, and separation of work and personal devices. However, when employees are working remotely, putting up cybersecurity measures becomes a little difficult to challenge. Moreover, some people do not have access to reliable networks at home and may be forced to move to cafes or public spaces to access the Wi-fi there, and these networks could be less secure and more vulnerable to attacks. Cybersecurity experts and law enforcement report an 800% surge in cybercrime statistics during the COVID-19 pandemic of 2020. That means 4,000 cyberattacks were aimed at major corporations, governments, and critical infrastructures, according to PR Newswire

Nevertheless, COVID-19 has dictated that remote or home-based working arrangements will be the new normal. Whether organisations like it or not, they will need to step up and adapt to new cybersecurity challenges that come as technology develops – but it doesn’t have to be intimidating. Here are several ways organisations can adopt to strengthen their cybersecurity:

1. Make Cybersecurity an Organisation Priority

With increasing concern towards cybersecurity and data privacy both from regulatory authorities and consumers, it’s time for businesses to take cybersecurity more seriously and elevate it to an organisational priority that C-suite level members are involved in. Cybersecurity must no longer be treated as simply the IT department’s concern, but rather a core aspect of the organisation that requires top-level strategic imperatives.

For example, with regards to the major hit news on Solar Winds breach, it was seen that there are certain vulnerabilities in reliance on software-enforced defenses. There is only so much that firewalls, anti-virus systems, intrusion detection systems can do for us.

It is therefore crucial to be updated of the new technologies and cybersecurity trends that enhances your cybersecurity posture such as the use of hardware-enforced protection of critical networks on top of these existing protective measures.

According to Garrison, it is not enough to rely completely on software-enforced solutions because they are also vulnerable to malicious attacks upon deployment. In most cases, software running for a course of a year pose a lesser security ROI, where any attacker can impose commands onto any machine that was running the product.Products such as the Data Diode for example, can be used to isolate and segment critical networks away from the internet-facing networks. The unidirectional flow of data ensures that no vulnerabilities can enter critical networks from the internet.

Meanwhile, cyber attackers are not resting.

Their main goal is to find just one organisation security loophole and take advantage of it. As such, there is a strong need for organisation to review their cybersecurity measures frequently and to be on top of new cybersecurity trends and vulnerabilities, setting these as one of the organisation’s main KPI.

2. Regular Cybersecurity Auditing

2020 saw many organisations rushing to migrate to the cloud due to social distancing measures from the global COVID-19 pandemic. While digital transformation is to be applauded, the speed of change meant that many organisations ran the risk of leaving their digital networks and infrastructure misconfigured, unsecured in some ways, and open to cyber-attacks.

The key to this is for IT teams to consistently audit and patch their technology infrastructure while investing in regular vulnerability assessments and penetration testing.

3. Adopting A Zero Trust Mindset

Another way is to build resilience through a zero-trust mindset that treats everything as hostile – networks, hosts, applications, and services – so as to make sure that no gaps exist for potential attackers to exploit.

This mindset shift may seem excessive initially, but as companies begin remote-working arrangements and allowing employees to use their own devices, it is increasingly difficult for IT teams to rely on the same perimeter-based security that might have worked in the past.

Organisations that successfully navigate the zero-trust journey will recognise the importance of incorporating a holistic suite of capabilities including, but not limited to secure encryption for endpoints, strong multifactor authentication, and comprehensive identity governance and lifecycle across all key digital assets.

4. Ensure Cyber Hygiene

The strongest chain is only as strong as its weakest link. In organisations, employees with poor cyber hygiene pose a significant risk to defences. It is strongly recommended that organisations implement cyber-education and ensure staff members adhere to cyber hygiene, especially given the prevalence of hybrid workforces and work-from-home arrangements.

Every employee from the business staff to IT personnel to executives should adopt a cyber-resilient mindset, which begins with recognizing that they are the first line of defense against threats Organisations can also take it one step further by instilling a culture celebrating those who practice good cyber hygiene. While business leaders invest their cybersecurity dollar, our modus operandi is to provide greater value for organisations. Reinforce the culture with continuous security-awareness training—use gamification to let people experience the impacts of security policies, and reward them for doing the right thing rather than punish them for mistakes.

5. Shift to Defence In Depth

Today, the ‘Defence in Depth’ approach is more important than ever. Defence in Depth is based on a military strategy through which defences are meant to delay rather than prevent the advance of an attacker. The more layers of defence present, the less momentum the cyberattack can build, and the more time you’ll have to respond appropriately.

In the context of cybersecurity, a Defence in Depth strategy is designed to increase the cost and effort of an attack against an organisation. Having multiple layers of defence not only improves and expands capacity to detect attacks, but also allows more time to respond such that an attack that manages to breach some layers of defence will not fully compromise the business.

But in case Defence in Depth falls short, it’s best to look for alternatives to avoid over-reliance on a single solution. The Center for Internet Security listed down information security models you can implement such as the following:

  • Principle of least privilege (PoLP), where a user account gets only those privileges essential to their work;
  • Multi-factor authentication (MFA), a digital authentication method that requires two or more distinct verification factors for a successful access;
  • CIA (Confidentiality-Integrity-Availability) triad, a model designed to ensure every access and every object should be checked every time thoroughly from where and when it is stored, transmitted, and processed.

Summing It Up

Digital transformation looks set to ramp up in 2021 and will only continue doing so in the years to come. Inevitably, as technology and cybersecurity systems develop, so will level and sophistication of cyberattacks. It is all the more important, and imperative, for organisations to shift the way they regard cybersecurity – from an IT-department issue to a core organisational aspect of concern. These steps to strengthen cybersecurity are only the beginning, but they are crucial, nonetheless.

If cybersecurity is not the strongest suite of your organisations but your exposure remains high, it is highly recommended that you look into leveraging on cybersecurity consultants or managing security services to plug any gaps in your systems. To mitigate the risks of data breaches and malware attacks, businesses should be aware of the need to create strategic and multi-layered security architectures.

Find out more on the holistic cybersecurity solutions and services here: https://www.stengg.com/cybersecurity or email us at cybersecurity@stengg.com for further enquiries.

Subscribe for notifications

Fill in the particular below to receive notifications of new insights and articles, delivered directly into your inbox.