The shift to home working has created two distinct cyber security challenges: maintaining security through the rapid transition, and securing IT in a future where remote working is the norm rather than the exception.
Meanwhile the bad actors have lost no time in exploiting the opportunities presented by remote working. Mimecast detected a 30+ percent increase in each of spam, impersonation, malware and suspicious domains in the three months following 31 March 2020.
Rethink your security posture
To identify the cyber security challenges of sustained remote working, and offer solutions, Mimecast sponsored a webinar, Why your cyber security posture needs a rethink.
CSO associate editor, Byron Connolly, chaired a panel comprising cyber security analyst James Turner from CISO Lens, Garrett O’Hara, Principle Technical Consultant with Mimecast, and Chris Neal, CISO at Ramsay Health Care.
Turner set the scene for the panel discussion by identifying three forces driving the need to rethink organisations’ cyber security: increased risk, economics and geopolitics.
Summing up the risks created by the surge in demand for home working, he said: “A lot of risks were just accepted in the rush to do it. And now, CISOs and CIOs are going back over the risks they’ve accepted over the past several months and asking if it is still appropriate to be accepting those risks.
“How do we best enshrine those processes given all the indicators are that this is going to go on for at least the next couple of years?”
It was evident compromises had been made to balance cyber security and operational priorities. Neal said, in Ramsay Health Care, that threat awareness training had been wound back.
“If it’s a choice between a nurse caring for patients or trying to deal with COVID patients versus spending five minutes on a security awareness video, I know which that has to be.”
More seriously, O’Hara predicted that many cyber security decisions taken under pressure from the pandemic would create problems down the track. “I see a big piece of work in 12 to 18 months where people go ‘Oh my god! All this stuff has happened. How do we get the toothpaste back in the tube?’”
Meeting the cyber skills shortage
To add to the challenges, the cyber security demands engendered by home working have exacerbated an already serious shortage of cyber security skills, and the discussion turned to how this problem might be addressed.
Turner said there was a growing trend to fill security roles from other areas of IT. “The CISO community is looking to train existing technologists to care more about security themselves. If we can shift their understanding so they get how what they do has a direct impact on security … we’ve got better security practices and thinking coming from people that already understand the tech.”
Neal confirmed this approach saying he had hired no cyber security specialists. “Most of my team I’ve poached from other parts of Ramsay Health Care IT: people who knew how Ramsey worked, knew the technology, knew the business and had an interest in and an aptitude for cyber.”
Three part solution to security challenges
Each of the three experts in the webinar — analyst, vendor, user — brought a different perspective to the COVID-19 induced cyber security challenge, but all agreed that meeting this challenge required an effective combination of cyber security skills, technology skills, and business and communication skills.
O’Hara said having good, well-integrated cyber security platforms would free up cyber security personnel for more meaningful roles.
Turner said security staff must understand the businesses they were hired to protect. “Security people need to have an intimate understanding of how the business uses technology, but they can’t know everything. They are completely dependent on their communication abilities with both the business and with IT.”
Neal said drawing cyber security staff from other areas of IT had a dual benefit: they knew the business and could educate the business about the importance of cyber security.
You’ll find these and many more valuable insights from the front line of cyber security in a COVID-19 world in our webinar. Why your cyber security posture needs a rethink. Watch it here.
You can find the original article here
WOLFE SYSTEMS Can Assess Your Current Risk We will run a FREE Scan for your Organisation, to evaluate your current Risk Posture. On going Monitoring will allow you to know when there are new exposures associated with your domain, so you can take the actions to close the doors before a criminal accesses your network, your data, your business. If you don’t monitor, you won’t know… until it’s too late! Contact us today on 1300 958 923 to discover our findings and set up a 30min introductory meeting
Follow us on the WOLFE SYSTEMS socials for up to date tech trends, information and cool facts