Uma Iyer explores how in a post-pandemic world steering toward remote work, and a general move towards a digital workforce, cybersecurity turns into a potential nightmare.

With rapid growth comes increased vulnerability. This can affect not only high-profile operations but even basic infrastructure like water, transportation, et al. Cyberattacks on transportation networks are a definite possibility of wreaking devastation with substantial traffic jams, to crashes with many casualties. Israel is one of the greatest reminders of such a potential risk. To that end, the Israeli Defense Forces store information which contain biometrics for data protection. As such, there is no records management and no regulations to the National Cyber Directorate’s Control Center.

Israel’s new government

The recent cyberattack on the Hillel Yaffe Medical Center, which caused physical and emotional harm to patients, was a shocking demonstration of the situation.

“The government data establishes the sharp rise in attacks on the banking and financial sector. Between June 2018 and March 2022, India’s banks recorded 248 successful data breaches by hackers and criminals.”

Convenience in Chaos

Image Credit: Unsplash

When there is an attack there is focus, however, inconsistent policies and rapidly growing infrastructure and computing needs including data requirements make it difficult to keep pace. Quick money drives most hackers to keep inventing new mechanisms to find loopholes in the systems.

The teams working on these in the companies are viewed as the bad guys and it is the boring work! With COVID and the world moving to working from home, the cyber security efforts had to be ramped up. KuppingerCole found that endpoints connected to the internet experienced 1.5 attacks per minute in 2020.

On Thursday, HP released an HP Wolf Security report titled “Rebellions & Rejection.” The findings detail employee pushback due to company cybersecurity policies and operational drawbacks for IT teams overseeing these networks.

“The fact that workers are actively circumventing security should be a worry for any CISO–this is how breaches can be born,” said Ian Pratt, global head of security for personal systems at HP, in a press release. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive.

According to the HP report, 76% of respondent IT teams said, “security took a back seat to continuity during the pandemic,” 91% felt “pressure to compromise security for business continuity” and 83% believe remote work has “become a ‘ticking time bomb’ for a network breach. Ransomware topped the list (84%) followed by laptop- and PC-focused firmware attacks (83%), unpatched devices with exploited vulnerabilities (83%) and data leakage (82%), in order. “Man-in-the-middle attacks” and account/device takeovers (81%), IoT threats (79%), targeted attacks (77%) and printer-focused firmware attacks (76%) round out the top eight perceived threats.”

Remote work: A cybersecurity terror

Image Credit: Shutterstock

During the initial shift to remote operations, ensuring business continuity took precedent for many companies including financial companies. With infrastructure provisioning both personal and official devices were used which may not have the right security policies. Including taking screenshots, taking photos at home or secure networks.

However, the security aspects also lead to employee dissatisfaction with the view that it is a hindrance.

While systems and processes can act as deterrents, the key is that employee education, continuous training and collaboration needs to be invested in more than anything else. Right from the basic password management to simple conversations and downloads, employees need to understand why these processes are in place. It is not just a business need; it is a need for the hybrid worker as well.

Positive Security culture and Generational training

Image Credit: Shutterstock

Organizations need to move from punishment-based systems to responsibility-based decisions where security rules are designed with usability, transparency, fearless reportability. User Friendly security tools and giving self-catering views to behaviors and threats will go a long way.

‘In a recent study using data from a global YouGov survey of 8,443 employees and 1,100 IT decision-makers, the key trend which appeared throughout was that employees are unsure about security policies and 34% view security as a hindrance, which may lead them to bypass security measures. The data also shows a substantial proportion of businesses are under pressure to ensure continuity, which can lead to compromises in security.’

Read the report to know more.

Image Credit: Flickr

The key would be to hire new and young professionals to work on cyber security supporting the generation and embed the culture from grassroots. The current generation are curious about cyber hacks and will be interested in finding ways to put their skills to use. The gap will widen if there is no clear path to enable the generation to hone their skills rather than switching over to the side where they are unable to prevent but are promoting development.

‘A severe lack of talent is a problem that can hurt the security perimeter of this industry’ – days Shashank Shekhar.

The biggest issue with the industry is that cyber-security is often viewed as an activity that is performed by the elite with big titles and training. The profession requires to evolve and the landscape to attract talent requires to change where roles are created to promote training internally to develop teams and talent.

This will not be a band-aid, but the need of the hour is to start building a dam on a scale that requires effort not only from the financial industry. It requires us to work in tandem with the education sector and the government, including the policy makers, to ensure that we are ahead of the calamity that is impending to happen any moment which will be akin to a pandemic.

In case you missed:

Uma currently works as a delivery lead in a leading bank managing anti-money laundering projects. She started her career setting up and managing data centers and disaster recovery centers moving on to setting up niche healthcare business analysis teams. She would like to share her experiences and best practices across industries in view of a common user. The comments reflect the author's views and not the bank or Sify's.

Leave A Reply

© Copyright Sify Technologies Ltd, 1998-2022. All rights reserved