With organizations putting more applications and data in the cloud and more employees working remotely and using social media comes another reminder that CISOs have to adopt faster for a new workplace.
It comes in a report from Frost and Sullivan, paid for by integrator Dimension Data, which warned there’s a greater need than ever to implement appropriate measures to secure data, infrastructures and applications.
Citing another report, it notes that in Canada 44 per cent of full-time employed Canadians today are able to work remotely, and 70 per cent of full-time millennial workers say they would be more satisfied in their jobs if they could work remotely using cloud.
Already, close to 80 per cent of knowledge workers globally work remotely at least one day per week, says the report. By 2020, up to 1.55 billion workers will be responsible for work that doesn’t confine them to a desk. And knowledge workers are increasingly going to demand flexibility, it adds. Not only that, the Internet of Things means more devices will be connected to enterprise systems, multiplying opportunities for a cyber attack.
“Hence, it is imperative for companies to adopt a proactive cyber risk management strategy to safeguard their most critical assets,” says the report. Risks not only include data theft but also data manipulation and, through DDoS attacks and ransomware, data denial.
Cloud applications are a tempting target for attackers, it adds. It notes business chat application provider Slacks suffered a breach last year that exposed user profile information including as login usernames, passwords, and other personal data such as phone numbers and Skype IDs. “With the information, a cyber criminal could potentially log into users’ accounts to access sensitive corporate data residing in their chats within Slack, containing confidential details about intellectual property and sensitive press releases. “As future workspaces could potentially use cloud-based collaboration tools like Slack, it is important to be aware of the possible attacks to these platforms and the proper security measures to mitigate these threats.”
Smartphone-enabled smart locks for buildings are available to lock and unlock doors without the use of keys. But, the report says some have been found to be vulnerable to simple hacking tools. “In fact, 75 per cent of smart locks can be easily hacked to unlock at will, according to two researchers who tested 16 different smart locks at a major hacker convention in 2016.”
At the same time it advises that while security technology is essential in any organization, so is security awareness training for employees.
Other defences the report advises include
–integrating a cloud access security broker (CASB) into the SaaS applications enterprises use, which offer authentication and encryption when accessing cloud-based services;
–adding data loss prevention (DLP) solutions, which can protect sensitive data in public cloud applications;
–add actionable cybersecurity intelligence;
–perform a vulnerability assessment across all devices to identify gaps cyber attackers may potentially exploit. Penetration tests will also help find those gaps;
–conduct regular cyber drills to ensure security staff are prepared for an attack;
–consider creating a cybersecurity operation centre to monitor the threats in real-time, manage security solutions, and promptly react to risk indicators before an attack infiltrates the organization.