The COVID-19 pandemic was a difficult time for many firms as economies shut down, travel came to a halt, and everyone was confined to working from home. The past two years also forced many firms to embrace digitization at a faster rate, moving key processes to the cloud and deploying workflow automation software to help manage remote teams in a more efficient way.
These remote work policies were adopted quickly as a response to work-from-home measures and certainly helped many survive the pandemic. However, as we emerge and put COVID-19 behind us, hybrid work has remained and has left many organizations vulnerable to cyberattacks.
Understandably, Asian companies have prioritized business continuity and resilience over cybersecurity in digital transformation activities during the last two years. At the same time, cybercriminals have become more adept at targeting vulnerabilities within these environments, often as a result of rushed digital implementations.
A recent Infoblox report highlighted this problem. The report, which surveyed 1,100 respondents in IT and cybersecurity roles in 11 countries, showed that Singapore organizations saw higher rates of security incidents and breaches compared to other countries. Sixty-five percent of Singapore respondents experienced six or more IT security incidents (compared to 21 percent of respondents globally).
Key vulnerabilities among this group were cloud infrastructure or applications, an IoT device or network, or remote, employee-owned endpoint. All of these areas are pivotal for enabling remote or hybrid work and all of them present vulnerabilities for organizations.
Of specific note is the ability of hackers to target IoT devices. These devices are not just confined to our phones and laptops, rather they now include smart fridges, air conditioning units, TVs, and other everyday household items. Any device that is connected to the internet is potentially at risk, as a US casino famously found out when hackers used a fish tank, specifically an internet-connected fish-tank thermometer, to get a foothold in the network and steal 10 gigabytes of data.
Less unconventional yet more damaging are the everyday ransomware and phishing attacks that occur on a daily basis in Asia, which target employees working from home in unsecured environments. Ransomware attacks have also caused organizations to lose hundreds of thousands of dollars.
Phishing is also a top vector for attacks and for targeting employees, according to the Infoblox global state of security report. Gaps that cybercriminals are able to exploit also include WiFi access points, employee-owned endpoints, or the cloud.
With personal information so publicly available on the internet, employees’ social media accounts have become viable targets as well. Seemingly innocent social media posts on birthday celebrations and updates on job statuses can become the perfect place for hackers to identify targets, acquire information to profile them, and create highly targeted attacks. In fact, nearly three-quarters of people post information on social media that could make them vulnerable to a cyberattack.
These vulnerabilities would be less concerning if workers operated from the safer confines of an office, with its closed and protected servers and networks. Now, though, employees regularly work from home which has traditionally been a much less secure environment.
Organizations need to wake up to this and fast. Luckily, there are a number of steps firms can take to protect themselves and their workforce.
On a topline level, awareness and education are key and ultimately, protection will come from individuals who are taught and trained in the correct way. Organizations should understand what they don’t know and fill those skills gaps. Whether that means establishing a dedicated team or putting some employees through specialized training courses, leadership should take steps to acquire high-level cybersecurity technology within their firm.
At the corporate level, because over 90 percent of malware must touch Domain Name System (DNS) to enter or leave a network, using DNS security can help security pros block threats earlier and accelerate threat hunting. DNS is one of the oldest protocols of the modern Internet and is widely used and relied upon – making it an appealing target for hackers. Stopping attacks is not as simple as adding a Firewall and may involve signature recognition, Resource Rate Limiting (RRL), Response Policy Zones (RPZ), AI/ML-based analytics, and other security measures.
There are effective cybersecurity solutions that protect both on-premise networks and your distributed workforce. They will be able to deploy machine learning and Artificial Intelligence (AI) to detect and analyze threats automatically providing resiliency and redundancy. Through a common console, you can centrally and automatically secure IoT and other devices, apps, virtual machines and switch ports wherever they reside.
The solution, though, must come from the top. Leadership needs to be aware of the reputational damage that a cyberattack can cause their organizations and understand that prevention is better (not to mention cheaper) than not doing anything. A genuine interest in cybersecurity will also cascade down from the CEO to the remote workforce, ensuring better awareness and better security.
As a member of Infoblox’s Go-to-Market leadership team reporting to CRO Mitch Breen, Chris Millerick leads Infoblox’s Global Partner Sales & Alliances Organization. Known for leading teams with high standards that deliver results, Chris has a reputation as a collaborative, partner-minded sales leader.
He brings a variety of sales and channel leadership experiences that contribute to our mission at Infoblox and continues the company’s focus on the channel driving incremental value through new customer acquisition and cyber-security sales. Prior to Infoblox, Chris was a sales leader at Nutanix, a Hybrid Cloud Software company.
TechNode Global INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
7 Essential skills elite technologists need to thrive in the new world of hybrid work