Does your cyber security architecture support hybrid work?
Throughout the pandemic, organisations have been introducing permanent remote and hybrid work patterns, including a more intense focus on serving customers through digital channels. As a result, they now need to address new associated security risks.
Today, securing your organisation against cyber security threats is more critical than ever before. Year on year, the cost of cyber attacks is growing. We’re all aware of the increasing determination and sophistication of the criminal community to threaten our security by hacking into our systems. However – what might be less apparent is the more recent threat brought about by new post-pandemic working practices, such as hybrid working. In this article, we explore the nature of cyber security architecture and how to adapt it to contemporary working practices.
What is cyber security architecture?
Security architecture is the system you put in place to minimise the risk of cyber breaches and protect your assets from digital harm.
Security architecture is essentially a set of security principles, methods and models aligned to your organisation’s strategy and objectives. Applied effectively, your cyber security architecture will keep your systems and processes safe from cyber threats.
You can look at cyber security architecture as conventional architecture. An architect designing an extension, for example, examines the original property and takes into account numerous factors – soil type, client preference, predicted use and function, topography, even the climate. They then produce a blueprint to achieve the desired outcome. Other individuals, in this case, builders and contractors, construct the extension under the supervision and guidance of the architect, making sure it achieves its objective.
Cyber security and remote or hybrid working
How does your cyber security strategy need to be different to accommodate the new working patterns? Many organisations have adopted a three-pronged approach –
- Identifying, assessing and destroying danger points
- Fixing and mopping up operations
- Fortifying incremental digital gains.
1. Identifying, assessing and destroying danger points
As your employees begin working from home in a potentially less secure IT environment, you need to be addressing immediate operational, process, technology and training gaps. Training is vital. You can install and operate the world’s finest cyber security system, but if your people don’t maintain their own ‘digital hygiene’, such as updating their computers and mobile software, then your investment can be easily wasted.
In one example, a large bank adapted several security policies in response to the COVID-19 crisis. They ran more frequent security awareness campaigns. The result? A 95% improvement in employee click rates during anti-phishing tests. The ban also introduced restrictions on USB connections and put critical patches on a 30-day cycle.
2. Fixing and mopping up operations
In the early days of the pandemic, your organisation may have felt obliged to accept new risks and reduce your security control standards – simply to allow you to keep going. Now, as you adjust to the new ways of working, you are armed with the latest knowledge of cyber threats. Your security teams can now assess any damage that has occurred, tidying up your security processes.
3. Fortifying incremental digital gains
As employees become accustomed to working from home, your organisation may wish to start standardising your security procedures for remote work environments and exploring technologies that will minimise long-term risk. This could be in the form of stronger consumer security and fraud-prevention controls.
Making sure your Cybersecurity architecture supports the hybrid working of your employees
Here are the five key challenges that arise from remote or hybrid working
1. Remote work infrastructures are facing an increasing blight of cyber-attacks
To enable remote working, companies are increasingly relying on cloud technology. They are also making use of remote connectivity tools such as a VPN. Since the start of the pandemic, cyber-attacks on cloud services have increased by more than 600%, and hackers continue to exploit vulnerabilities in VPN gateways.
2. Remote workers are easier targets
When your employees use laptops or devices shared by family members, they are exposing your systems to the threat of attack. In their personal lives, many people fail to use secure wi-fi or firewalls. Their mobile devices may be insecure. Remote workers also often suffer from a lack of internet connectivity or bandwidth. This can delay software update-patching, leaving clear vulnerabilities.
3. Need for more rigorous security architecture
Data protection of sensitive information becomes harder with remote workers. Access to sensitive data requires a stronger set of checks and balances than you would use in a conventional office environment. Cyber-criminals can easily fake a digital identity and hijack data from a secure environment. Emails, browsing habits, online purchases and financial content, social media activity can be easily abused to emulate a virtual identity.
4. Absent physical security and monitoring of virtual workspaces
One of the reasons why offices of larger businesses employ security staff is to oversee the disposal of physical confidential information. For example, entry barriers can help prevent tailgating. Paper shredders can help destroy sensitive information. In a digital world, managing the information lifecycle becomes an important element as holding data for longer periods of time is both high-risk and a liability.
5. Human-centred security is easy but dangerous to neglect
Home distractions can be a major cause of security mishaps. Remote employees are vulnerable to social engineering scams such as phishing. The potential threat of significant financial damages and irreversible loss of reputation is considerable.
Specialists in Cyber Security Architecture
AirIT is a leading specialist in the field of Cyber Security Architecture, with a trusted team of security architects. Our experience in the cyber security field is second to none. Suffering a cyber-attack may cause considerable financial and even irreversible reputational damage to your company. That’s why it’s important to keep up with the ever-evolving cyber threats with a strategic approach to cybersecurity, starting with a re-examination of your cyber security architecture.