Last year, the adaptability of organisations was tested by the sudden shift towards remote work caused by the pandemic. Now, in 2021, we know the shift wasn’t temporary. A combination of office-based and remote work – the hybrid work model – is part of the new normal and presents a new host of challenges, not least of all, cybersecurity.
Businesses today are figuring out how to secure the expanding attack surface and secure the distributed workforce from the network to the cloud, the endpoint and all users. Just like businesses, threat actors have also adapted to the new normal, with a rise in attacks targeting the personal devices and home networks of remote workers – according to Cisco’s Future of Secure Remote Work Report. Moreover, 69 per cent of organisations in Asia Pacific have experienced a 25 per cent or greater increase in cyber threats or alerts since the start of the pandemic. In fact, Asia Pacific is where the largest proportion of organisations have experienced this cyber threat increase globally. Phishing attacks and other scams that take advantage of people’s fears during a crisis also continue to rise as our personal and professional lives converge online. They are also constantly evolving as malicious actors frequently adapt their techniques and campaigns based on what is topical.
What’s causing this trend? For organisations in Singapore, it’s the increased complexity of the cybersecurity perimeter, the combination of tools and interfaces, and, as usual, the human factor.
This increased complexity brought on by hybrid working is providing new opportunities for attackers, says Cisco’s Managing Director of Cybersecurity in APJC, Kerry Singleton. “There’s a lot of attention paid to ransomware, but there is not a simple ‘never pay the ransom’ or ‘just pay the ransom’ resolution as there are things that need to happen simultaneously after an infection is discovered,” he says. “Paying the ransom does not remove the adversary from your environment, nor fix underlying security issues that the adversary may have leveraged to gain an initial foothold on your network. The consequences can be a lot worse if the cybercriminal steals intellectual property and sells it to your competitors. Or if they sell your customers’ credit card data which in turn damages your reputation.”
Kerry Singleton, Cisco Managing Director of Cybersecurity Sales (APJC)
“As every IT professional knows, relying on passwords is suboptimal as they are easily compromised and difficult to manage, costing businesses billions of dollars a year. That’s the case even when there is a traditional security perimeter in place in the form of a corporate office. Once people are using their home networks and possibly their personal devices and getting barraged with phishing attacks, be it in the form of phone calls, texts, emails or even messages on social media platforms, there really is no alternative other than mandating multi-factor authentication (MFA) to prevent credentials being stolen.”
According to the Future of Secure Remote Work Report, companies in Singapore are responding to the new threat landscape, with 76 per cent of survey respondents planning to increase their spending on cybersecurity as a direct response to Covid-19, and 63 per cent of them are introducing MFA to support remote working.
While some companies will opt for cybersecurity solutions from a variety of providers, Cisco believes there’s a better way. Cisco has adopted a reference architecture premised on providing
“networking and collaborative solutions that are flexible, simple to use, effective, and secure, whether delivered via on-premises data centres or in the cloud and across all user devices – work or personal”.
Singleton adds: “A Zero Trust approach to security can be simply understood by protecting ‘3 Ws’ – the workforce workplace, and workloads. Our solutions are based on this approach addressing potential weaknesses in the 3Ws, without forcing users to jump through a lot of time-consuming hoops. They aim to guarantee a secure network connection to the workplace, whether that is a traditional office or the living room of their apartment. And finally, a Cisco solution should facilitate workers accessing their workload, which will usually involve some combination of entering, accessing, storing and transferring data, without inadvertently providing an attack surface for malicious actors.”
One such solution is Cisco’s SecureX, which serves as a cloud-native security platform that provides visibility across users’ entire security infrastructure, including network, endpoints, cloud and applications, to help accelerate and simplify threat response in today’s fast-changing world. These principles are also exemplified in Cisco’s Secure Access Service Edge (SASE) offering, which combines comprehensive networking and security functionsto support the dynamic secure access needs of organisations in a cloud-centric world
“Whether you’re responsible for the cybersecurity of a large, mid-sized or small business, SecureX is a one-stop, cloud-native security platform,” says Singleton. “This is especially useful for businesses, and I’m sure it will be getting plenty of attention in the months to come as businesses seek to bed down hybrid working arrangements, which will in turn require a robust cybersecurity infrastructure.”
While companies in Asia will each decide their hybrid working policies, the nature of cyber threats have changed to exploit the vulnerabilities of employees working remotely. The constantly changing application environments, coupled with the challenge of working with multiple standards and with a variety of different providers, make network security more complex today. For companies moving to hybrid work, IT departments should leverage the right digital tools and integrated solutions to simplify processes, improve visibility, and address the current skills gap. These help build a future-ready workforce and drive business continuity and resilience in the new normal.
PAID ANDPRESENTED BY:
More access. More opportunity.
Cisco has pledged to positively impact 1 billion people by the year 2025. We’re committed to powering a world where everyone has access to information and education. To contribute. To be bold. To participate.
It’s called the Inclusive Future. When everyone and everything is connected, anything is possible.