With hybrid work becoming popular and new tech like AI depending on data mining, there are growing concerns amongst many businesses regarding cybersecurity. As Cybersecurity Awareness Month draws to a close, Veerakumar Natarajan, Country Head, Zoho Kenya shares some thoughts on technical security, privacy measures for businesses, and the importance of Zero Trust model.
Kenya is now the third-most targeted country by cyber criminals in Africa, after Nigeria and South Africa, according to The Communications Authority of Kenya (CA). In a report released at the beginning of October, the regulator said the frequency, sophistication and scale of cyber threats targeted at Kenya’s critical information infrastructure had increased dramatically. The country, according to the regulator, experienced a record 860 million cyberattacks in the last one year and 79% of the attacks were caused by cyber criminals infiltrating the computer systems of organisations.
Given that a number of businesses are now embracing the largely perimeter-less hybrid work model, organisations need to plan their long-term security strategy to support the new ‘work-from-anywhere’ environment. Adoption of new technology like AI, also poses privacy and security risks.
Security concerns with hybrid work models
In a hybrid work culture, an employee may log in from multiple locations outside of the office during a given week when they work remotely. In the home or remote environment, work and personal tasks are often commingled in one machine, corporate devices are used for personal projects, and work is done over home internet service providers.
This can lead to cases like unapproved software installations, installations of vulnerable browser extensions, and browsing malicious sites on corporate devices. Moreover, employees might fail to consider company security policies and could inadvertently disable security controls, exposing their device to vulnerabilities and threats. A company’s entire network is at the risk of compromise if such a device connects to the corporate network.
With data turning into a prevalent commodity in today’s digital world, privacy issues are a rising concern. It’s essential to comprehend these threats to make informed and safe decisions. Privacy issues include challenges related to protecting personal and sensitive data from unauthorised access, manipulation, and misuse. The most typical threats include phishing and social engineering, personal or card data theft or misuse, malware, and hacking.
These challenges span across multiple domains, from social networking to online banking, and the increasing reliance on digital infrastructure only makes companies more susceptible to cyber threats. This raises the question of how businesses can protect their resources.
The initial step for an enterprise, regardless of their size, is to look at covering the following basics:
- Setup asset management: You can’t protect what you don’t know, so it’s critical to maintain a self-updating list of deployed assets in your organisation’s network.
- Strengthen remote access management: This includes using Virtual Private Networks (VPNs); however, they do not offer sufficient security. A robust remote monitoring and management system will help the IT department to enable employees to access sensitive data and files in a secure manner.
- Deploy endpoint security: Endpoint security applications help organisations protect devices like laptops and mobiles from cyberattacks. These need to be regularly updated.
- Adopt multi-factor authentication: This is one of the easiest steps to take. There are multiple tools available in the market, such as Zoho OneAuth that can help enable this.
- Raise employee awareness within the organisation: The security of an organisation is only as good as the least security-conscious employee. Many cyberattacks happen through social engineering, which plays on the vulnerability of employees. Therefore, regular workshops and education on privacy and security are vital for a business.
When evaluating security solutions, businesses should consider factors like easy adoption, accuracy and lesser false positives, automated response provisions, limited administration, and intuitive features that are also simple to manage.
On the security operations front, the sheer volume of attempted attacks is increasing to such a point that it is impossible for human analysts to examine them all to identify real and serious threats. So, there should be focus on process automation to free up some of the security team’s time to concentrate on higher level analysis. This is where Zero Trust fits in.
Importance of Zero Trust models for modern businesses
Zero trust is a modern security strategy based on the principle: never trust, always verify. Instead of assuming that everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an open network.
Zero trust architecture is well-suited for a hybrid work environment as it delivers solid access controls and context-based perimeter security. This helps enable a seamless experience for employees through multi-factor authentication and continuous authentication of the users and devices on a network, regardless of where they are located.
Adopting a Zero Trust strategy is no longer an option, it’s a business imperative to remain secure in a hybrid future.