CYBERSECURITY
technically spreads far and wide and therefore can be hacked at many different points with hackers often using valid credentials to blend in with normal user activity, making breaches harder to detect.” Kevin Williams, Technical Director, GAIN LINE: “The more people’s lives become digitally based, the more data there is at risk of being targeted as part of cyber security attacks. This is both for customer-facing systems as well as internal ones; anything that stores personal details needs to ensure it has the right protection and processes in place to ensure its safety. “As a large amount of the workforce has moved to a hybrid or remote working model, cyber security becomes a more difficult problem to manage for businesses. No longer are employees sat at a desk connected to a network within an office; they are able to access the systems to conduct their roles from anywhere. This then opens up gaps in processes which can no longer be adhered to, it can be a challenge to manage an individual’s access when they are sat in a coffee shop rather than within an office.” Simon Langdown, co-founder of ERP implementation business, Essenkay: “Hybrid working is becoming a new “normal,” with employees embracing the flexibility of working from home and the office. In my opinion, hybrid work does not create more of a cybersecurity threat; it just creates another opportunity for bad actors to exploit an organisation’s security. “The biggest threat, as usual, would be the human factor in the hybrid working equation. The security blanket of working from the office would be gone, and cybersecurity threats could come from working on personal devices or unsecured networks. An employee working from home may be less likely to identify phishing attacks or similar security threats that may be encountered.” Q How can Businesses overcome these threats? Kevin Williams: “Businesses can look to overcome these challenges by ensuring that all of their processes are reviewed and updated to cover remote-based working. There may be additional tools put in place for all employees to ensure
they are protected whilst working remotely, from using a VPN to protect their connection to enabling Multi-Factor Authentication with the systems that they log into. “Businesses can look to secure their network by reviewing the correlating and tools they have set up for managing this. They should look to validate this by applying for Cyber Essentials and Cyber Essentials Plus certification or taking this further by looking at ISO 27001.” Tim Freestone: “Ensuring a secure network requires a proactive, defence-in-depth approach. Multiple layers of security controls, such as firewalls, intrusion detection/prevention systems, and virtual private networks (VPNs), form the foundation of a robust network infrastructure. “Regular vulnerability scans and penetration testing aid in identifying and addressing weaknesses before attackers can exploit them. Implementing network access control (NAC) ensures that only authorised devices and users can connect to the network. Continuous network monitoring and log analysis are essential for detecting anomalous activity and potential threats. “Investing in advanced threat protection solutions that leverage AI and machine learning is crucial for identifying and blocking sophisticated attacks. Regularly updating and patching all network devices, operating systems, and applications is necessary to close known vulnerabilities. “Multi-factor authentication should be mandatory, and data encryption should be employed both in transit and at rest. Investing in secure content collaboration platforms with granular access controls, data loss prevention, and integration with existing security tools is also essential. Simon Langdown: “An organisation needs to strengthen its defence measures and monitoring systems in an environment of hybrid working. As well as the basic security practices we discussed above, Microsoft often talks about a “Zero Trust” security strategy, which means having an approach of “Never Trust, Always Verify.” This means protecting the organisation by granting access to systems based on continual verification of identities, devices and servers. “However, as the human element is a big
CONTINUED
Andy Syrewicze Security Evangelist
hornetsecurity.com
Kevin Williams Technical Director
gainline.co.uk
26
Powered by FlippingBook