- Hybrid working between home and office has required a recalibration of how organizations provide secure, productive and digitally enabled environments for their employees.
- A recent study revealed that 78% of employees put data at risk inadvertently.
- What major cyber-security related changes and events can we expect in the cyber landscape over the next 12 months?
Covid-19 introduced a paradigm shift in working culture. The new era of the “hybrid employee” has required a recalibration of how organizations provide secure, productive and digitally enabled environments for their employees.
Security teams are also having to deal with escalating threats to their new cloud deployments, as hackers seek to take advantage of the pandemic’s disruption: 71% of security professionals reported an increase in cyber-threats since lockdowns started.
Have you read?
And this shouldn’t come as a surprise. Working from home under unusual circumstances, users become more distracted, prone to careless behaviour and don’t always comply with corporate security policies. A recent study revealed that 57% of employees insecurely save passwords in browsers on their corporate devices while 21% allow other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. All in all, it was found that 78% of employees put data at risk inadvertently.
This phenomena simply opens the door for more risk. Threat actors always seek to take advantage of major events or changes for their own gain. Looking to 2021, we should ask ourselves what are the major cyber-security related changes and events that we expect in the cyber landscape over the next 12 months?
Below are my 2021 predictions, and some guiding principles to prevent those potential cyber-attacks:
1. Securing the new normal: the ‘new normal’ is here to stay. A recent Check Point survey found that half of all respondents believed that their organizations will not return to pre-pandemic norms for at least the next two years.
Addressing the new normal means securing “hybrid employees” that work both from home and from office and require secure access from any location and any device, securing hyper-distributed enterprise applications that reside everywhere including traditional data centers and the cloud, and lastly, securing emerging IOT devices and networks.
This will require organizations to recalibrate their cybersecurity approach around three main elements: Securing their networks; cloud environments and applications; and lastly, securing employees – wherever they are. Automation, consolidation and prevention will top CISOs agendas to stop advanced attacks spreading rapidly across organizations, and exploiting weaknesses to breach sensitive data.
2. COVID-19 and Vaccine related phishing campaigns: Pfizer, Moderna, the Russian vaccine – all those announcements carry a huge promise to society. But a COVID-19 vaccine, will not stop hackers from utilizing vaccine developments in phishing campaigns. The pharma companies developing vaccines will also continue to be targeted by malicious attacks from criminals or nation-states looking to exploit the situation.
3. Mobile applications security threats: Many of us are not aware how much of our personal information is being used by apps and devices demanding broad access to our media files, contacts and more. Yes, even your smart speaker knows your music habits by now.
This problem has been magnified with patchy COVID-19 contact-tracing apps that have been rush-released with privacy problems, leaking data about individuals. With remote employees prone to careless behaviour, mobile malware targeting users’ banking credentials and committing click-fraud on adverts is still a significant and growing threat.
Recent research by IDC predicts that “Organizations must also be prepared to mitigate the additional cyber risks associated with workers remotely accessing enterprise resources over unmanaged networks (e.g., home networks, public hot spots) and from unmanaged devices.”
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
The new hybrid employee and the above predictions require us to recalibrate how we secure our work. To meet this new reality, below are 3 guidelines organizations should consider:
Complete, consolidated protection
Today’s enterprises are hyper distributed with applications residing everywhere and users connecting from anywhere. To deliver complete protection across datacenters, perimeters, cloud, mobile, endpoint and IOT, organizations frequently implement multiple cybersecurity solutions.
As a result, they are frequently left with a costly, patchwork security architecture. Adopting a consolidated security approach will help businesses realize complete, preemptive protection against the most advanced threats while achieving better operational efficiency.
Complete protection also means that your security solutions will have to address all potential attack vectors as cyber criminals become more and more sophisticated.
Real-time prevention is the key to protecting our organizations and employees from zero-day cyber-attacks. Organizations will have to deploy pre-emptive user protections to eliminate threats before they reach the users regardless of the user activity.
Employee awareness and education
The human factor may sometimes represent the weakest link even when all the technology stack is there. Organizations will have to invest in employee awareness and education. These measures should include testing employee skills in detecting phishing emails, training on how to avoid social engineering attacks and reiterating corporate data and security policies.