The pandemic has resulted in increased digitalization of business processes. Along with this comes enhancements in the so-called future of work, wherein businesses that have grown mature in their digital transformation are able to provide an opportunity for employees to work remotely.
The effects of the pandemic have only sped up this process. Digital adoption among businesses jumped to 55 percent when the pandemic started, from around 33 to 35 percent on average in the previous years. According to the World Economic Forum, 97 percent of global companies have accelerated their technology adoption. The proportion of full-time remote workers has jumped from 33 to 61 percent on average, according to a study by Gallup.
There are still gaps, however. Even with increased adoption, most of the capability lies in big enterprises. Digital giants like Facebook and Google have famously continued to embrace the remote working model, and it is only natural for technology-driven companies to have the tools at their disposal for such. Small and Medium Enterprises (SMEs) have much to catch up on, as only 23 percent were able to dedicate enough resources to digital tools.
An uptick in remote working and digital activities will increase cybersecurity risks
This rise in digitalization and digital activities includes both transactional and relational activities, such as digital payments and remote collaboration. E-commerce transactions rose by 32 percent in the US alone. Payment platform PayPal saw a 20 percent increase in transactions compared to the same period in the previous year.
Work-from-home and remote-working arrangements have also increased, and along with this comes a rise in cybersecurity concerns. The growing decentralization of the workplace is making it increasingly challenging for businesses and enterprises to address cybersecurity concerns.
For instance, at least half of employers across various industries are now allowing remote employees to use their personal devices and even email addresses while working from home. Their remote work forces are also not trained or poorly trained in the cybersecurity risks of remote working.
Businesses need to invest in improving cybersecurity capabilities and protocols
The task of securing sensitive company data becomes much more challenging. New factors come into play, such as using unsecure home WiFi connections, inadequate malware protection, and the use of potentially insecure or even harmful client-side applications.
It’s no longer adequate for IT departments to deploy simple anti-malware solutions or utilize strategies that are static and reactive in nature. Businesses need to ensure the integrity of authentication systems, verification, and fraud prevention. There needs to be an improvement in how client applications handle data. There is also the need for adequate cybersecurity training and education across all technology users in the company.
Security is often sacrificed when developing mobile applications, underscoring the real need for improving the integrity of data and applications in real-time. Perimeter defenses such as firewalls and anti-malware can be rendered moot as users are now mostly accessing data and apps remotely. RASP security addresses these concerns in real time, being built into the application runtime environment.
Runtime application security protection does not rely on malware signatures, nor is there a need to rely on patching. Even zero-day exploits can be prevented, with the protection being built into the runtime itself.
Users are still the weakest link, thus education is key in ensuring security
In terms of authentication, utilizing two-factor (2FA) or multifactor (MFA) authentication keys would provide an added layer of security in gaining access to important company networks and resources. These are not foolproof, however, and there are alternatives being offered by technology providers, such as biometrics and heuristics-based access.
Worse, there is complacency among users who prefer convenience to security. Thus, even the uptake of 2FA or MFA is limited. Authentication provider Okta says only 55 percent of businesses use MFA on their platforms, whereas Microsoft says utilizing such security measures can already prevent 99.9 percent of attacks.
Even with proactive security measures, however, there is still a need to provide adequate training to employees and all stakeholders against falling victim to social engineering attacks. Phishing attacks are commonplace, and these have evolved into other platforms such as SMS (e.g., “smishing”), which results in the added danger of malicious actors potentially obtaining 2FA, MFA keys, or one-time passwords (OTP).
Malicious actors can use a combination of spoofed pages, stolen user data, as well as social engineering, in obtaining MFA keys generated by devices or sent through SMS. Once an unwitting user shares these, the entire security chain fails. It is thus essential to provide adequate training to a company’s employees–and this extends to internet users at large as well.
The new normal is here to stay
User education, as well as the general strengthening of systems for access and authentication, verification, and fraud prevention will play a big part in preventing data breaches and unauthorized access to sensitive data. It pays to use solutions that do not rely on reactive measures.
There are new and emerging solutions gaining traction that are providing a way to identify and authenticate that do not rely on MFA, which can be overcome through social engineering type attacks. Still, with malicious actors quickly finding ways to mitigate such security measures, it pays to be one step ahead and always be updated with the latest trends in cybersecurity.
