Why business continuity must adapt to secure the new way of working
More than a year into a worldwide pandemic that forced businesses everywhere to adapt, it's widely known now that as digital transformation efforts have increased, so too has digital risk.
The small window of time given to organisations to operationalise remote working apparatus and bolster general cybersecurity health left many businesses scrambling — and cloud-based tools were the solution many turned to, hoping they would help the business ride out the storm.
But this created a whole new problem; there was a rapidly increasing dependence on the same systems that attackers have already been targeting.
To put this into perspective, the latest findings from NTT's October 2020 Monthly Threat Report showed that Business Email Compromise attacks have become more dangerous and efficient over the past eight years, and more profitable than ever for cybercriminals.
Risks like this were only compounded by the fact that many companies rushed into cloud adoption without adequate planning or guidance. A lack of training saw many remote employees use the same devices for both work and personal use, exposing their employers to new vulnerabilities and additional threats.
And now, it's clear that unplanned digital transformation undertaken at the outset of lockdowns, no matter how justified, could have consequences that will be felt for the next few years.
NTT Australia's director of cybersecurity, John Karabin, outlines, “The environment we work in is changing constantly and businesses need to adapt. As businesses transform and change rapidly, they need to be reimagining what their security profile needs to be with their environment. It's no longer just “work from home”, it's “work from anywhere”; whether that's your home or a cafe or down the beach.
Of course, it's not a walk in the park to implement such solutions, but there are three distinct phases of workforce transformation that, if done correctly, can ensure a simpler process for securing the workplace.
1. Acceleration of the remote workforce
The first phase involves rapidly scaling up to enable remote working — and the first step is to find efficient ways to use collaboration and video-conferencing tools from any location while staying secure.
Being almost ten months into the pandemic, it's safe to say that the majority of organisations have already done this. However, during this time, limitations on the tools people use to access remote work were exposed, thanks to massively increased workloads.
With millions upon millions more people working from home, the increased demand for cloud infrastructure created an opportunity for cyber-attackers: in the latest findings from NTT's 2020 Global Threat Intelligence Report (GTIR), application-specific (40%) and web-application (20%) attacks dominated in Australia, accounting for nearly 60% of all attacks combined.
2. Business continuity must adapt
One of the most valuable lessons gleaned from the pandemic is that ‘unplanned accelerated transformation' must be a core part of future scenario planning. Business continuity strategy must be at the heart of this — part of which is the acceptance that such an approach may not align with future realities.
Automated and cloud-based tools offer flexibility when old habits and processes can't be implemented anymore. Five years ago, people were running applications like SAP and Exchange on-premises. Fast-forward to today, and half of those applications are sitting in Azure, AWS or being consumed as a service.
“It's a myth that workloads are safe just because they are in the cloud,” says Palo Alto Networks VP and regional chief security officer for APAC - Japan, Sean Duca.
“Baking in security at the start of any move to the cloud is critical.
COVID-19's effect, while devastating for many organisations, also forced a reality where businesses now have the technological flexibility to deal with future crises. One of the cornerstones of preserving this flexibility is maintaining a cyber-approach that complements these new technologies.
By implementing advanced approaches such as Zero Trust and SASE, the level of automation (including artificial intelligence and machine learning), can be increased, ensuring that hardware and applications are resilient around the clock.
These new tools and platforms can be added rapidly and scaled up and down with less concern for increasing the organisation's level of vulnerability.
3. Securing the new way of working
In reality, we're already in ‘the future of work'. This final phase will only increase the importance of cloud-based solutions and have lasting consequences for the work environment — from commercial real estate and office layouts to hot-desking and the increased flexibility of work-from-anywhere.
Organisations will depend heavily on automation to tailor web-based platforms, such as portals and supporting web applications to the individual needs of employees and customers. To ensure customers and employees' confidence that their data is secure, companies will need to prioritise a secure-by-design approach that considers each user's unique needs and deploys AI-driven, context-based security.
According to the 2019 Gartner Top Technologies and Trends Driving the Digital Workplace, ‘over the next several years, the greatest source of competitive advantage for 30% of organisations will come from the workforce's ability to creatively exploit emerging technologies'.
“You can never say “we've nailed it, we're fine”. The reality is that we live in a dynamic world and our environments change all the time, and so too do the risks,” concludes Karabin.
“Knowing what the most critical parts of your organisation are that could cause a material impact to your business and managing those risks is what we should be striving for.
COVID-19 has resulted in the most rapid workplace transformation in modern history, and it's served as a wake-up call for traditional security and business continuity practices. The new workplace has made us think about improving remote worker security and application access in the event of a problem. And the benefit is we're now better prepared to move into the future.
To learn more about NTT's security offerings, click here.