Organisations throughout New Zealand have succeeded in adapting to new conditions in 2020. Between entering and emerging from lockdown we’ve seen some agile and innovative approaches to driving business continuity.
At the same time we know there are unscrupulous cyber criminals who have seen an opportunity to use the pandemic to their advantage. While tech teams have been working hard to set up new technology environments for a remote and hybrid workforce, they’ve also been battling against a host of existing and emerging cyber threats.
Even prior to the pandemic, New Zealand had seen a considerable increase in cyber security incidents. According to the latest reporting from the Cyber Emergency Response Team NZ (CERTNZ), there were a total of 4,740 incidents reported in 2019 – an increase of more than 38 per cent on the previous year.
The top three incident categories reported to CERT were:
Phishing and credential harvesting: 1,934 incidents
Scams and fraud: 1,734 incidents
Unauthorised access: 449 incidents
We’re likely to see further increases by year’s end, with all evidence pointing to a rapid increase in COVID-19-related attacks. Analysis by Redscan found that in March 2020, COVID-19 scams were more prevalent than the traditional leaders of Apple and Amazon scams. In one example of many from the UK, individuals were targeted with phishing emails containing fictitious COVID-19 'safety measures' that instead install malware designed to steal personal information.
These will be just the tip of the iceberg as cyber attackers continue to evolve their tactics to take advantage of the confusion and disruption in digital environments. So, how can organisations prepare to combat this complex, threatening landscape?
Adopting a zero-trust security approach
Cyber security used to be a relatively stable and predictable affair. In the halcyon days of unmovable PCs tethered to wired networks, the IT team had only to protect the perimeter with firewalls and antivirus software. Anyone inside the network was automatically deemed trustworthy and granted unlimited access to any data they needed.
In the era of cloud-based and mobile workforces, the concept of a network perimeter has become increasingly blurry. Because of this, we now have a much wider attack surface to be exploited.
Additionally, we know that one of the biggest threats to data security is our own employees. According to Verizon’s 2019 Data Breach Investigation Report, 57 per cent of database breaches involved insider threats of that organisation.
Whether your employees are malicious or lack sufficient cyber awareness, there is no escaping the fact they leave your organisation exposed. Therefore, more security teams are adopting a zero-trust approach — a concept based on the belief that we shouldn’t automatically trust anything or anyone inside or outside our network.
Putting a zero-trust approach into practice requires a range of complementary tools and processes. Unfortunately, there is no one-size-fits-all solution so organisations need to understand their risk profile and deploy solutions that best mitigate threats.
Trust no one
User behaviour and awareness are fast growing in popularity as security teams are enabled to automatically detect suspicious user behaviour and data access patterns in real-time. Powered by advances in machine learning, these tools can crunch massive amounts of data and make predictions about the likelihood of a data breach based on any user’s unique behaviour
Authenticate, authenticate, authenticate
The days of single passwords as security measures are long gone. With Virginia Tech research revealing that more than half of us are still reusing the same password due to password fatigue, multi-factor authentication has become a must-have for any business taking cybersecurity seriously.
Locate the crown jewels
Every aspect of your organisation creates data, and we’re collecting large amounts of data in various on-premise and cloud silos. Paying for solutions to protect every dataset is prohibitively expensive, so it’s essential to understand where your most critical and sensitive data is located and deploy advanced solutions in these areas, such as real-time encryption.
Enlist every employee as security
Your employees are one of the biggest risks to your data security, but they can also keep your business protected. User behaviour awareness training is vital for ensuring every employee can spot phishing attacks, and that they understand the value of secure passwords.
Protect your people in any location
No matter how advanced our other security systems are, we only need to be exposed by one user on a single device to suffer potentially catastrophic consequences. End-point security solutions, such as security patching and antivirus, are still valuable. Above these solutions, however, organisations can go to the next level of zero trust by purchasing devices with advanced in-built security features.
To ensure your hybrid workforce is protected in any location, the HP EliteBook range of PCs are equipped with the most advanced in-built device security features on the market, including:
HP Sure Sense: harnesses the power of deep-learning artificial intelligence (AI) to identify and quarantine never-before-seen attacks.
HP Sure Click: protects from websites and attachments with malware through hardware-enforced security.
HP Sure Start Gen5: firmware attacks can completely devastate your PC — stay protected with this self-healing basic input/output system (BIOS).
Datacom has been helping organisations throughout New Zealand to mitigate the cybersecurity risks of a hybrid workforce. Through our partnership with HP, we offer purpose-built devices that enable your employees to work safely and securely in any location.
Combining the right devices with Datacom’s range of flexible cloud solutions and managed IT services is the ideal way to create a zero-trust security posture for protecting your hybrid workforce. Get in touch with us today to discuss the solutions your organisation needs for powering a hybrid workforce into the future.