Take a look at yourself from the outside in.
Cyber-security challenges and opportunities can unfold in a business at any time, delivering additional complexity to an existing tech footprint. Right now, as we move to better understand the new normal, while organisations are reviewing budgets and project commitments with a laser eye on cash flow, cyber adversaries plot to undermine our plans.
The ever-present cybercriminals have rapidly seized the opportunity to expand their operations, leveraging the Covid-19 crisis. Analysts at Atlas recently reported on the thousands of rogue Coronavirus internet domains that have emerged over the last six weeks, as quickly as the authorities take them down. Meanwhile, dozens of well-known attack scenarios including systematic phishing operations have been reimagined and released into the wild. To combat the fear and uncertainty, a national response has been mobilised by the NCSC to raise cyber awareness during the pandemic.
Home-working can make your business vulnerable
Home-working and remote communication at scale have changed the attack surface of almost every business. Personal devices connect to unwitting company platforms, many with ransomware lying dormant from previously shielded corporate firewalls, now free to activate. Our corporate edge has been extended deep into the home, with insecure devices sharing and now responding to opportunistic reconnaissance calls. VPN clients are being deployed, many upgraded in a hurry to match growth in remote-working and attempting to track malicious traffic.
The remote working-from-home community has exposed those still approaching security behind an enterprise firewall. There is an increasing likelihood of a security breach impacting organisations ill prepared to respond, with no muscle memory of cyber crisis planning. This is compounded by reporting inertia due to a lack of insight into the type and scope of the data impacted by this new way of working.
From a network security to a cloud service mindset
Moving the network security perimeter mindset to the cloud service edge will help with the scale and complexity of emerging technical debt, and focus on the whole picture. This will include considering insecure cloud application configurations, privilege creep, and data discovery blindness to insider threats.
Walk on the wild side and start to look at yourself from the outside in – has your network sensor opportunity just got bigger? Consider the best time to take appropriate risk mitigation steps, practise and plan ahead with what you will learn, balancing performance and availability. Risk tolerance within the business, at the board, will vary by industry and individual organisations' appetite.
Fixing the talent shortage
Securing what matters is one of the most pressing issues, but there's a talent shortage across the security landscape. Upskilling and cross-training into cyber and tech has never been more of a national imperative, as recently confirmed in this report by government.
We know that by this time next year, there will still be hundreds of thousands of cyber-security vacancies. Only by training the right people, learning the right skills right now, can we look forward positively having taken the right steps to protect our businesses together in these unprecedented times.
Get in touch
Speak to your sales contact or email email@example.com to see how QA can help your business plug that cyber skills gap right now. We have solutions ranging from individual training and bespoke training solutions to re-training your workforce through digital apprenticeships and seconding our tech specialists to your business – all virtually, of course.
Richard Beck is Director of Cyber at QA. He works with customers to build effective and successful learning solutions tailored for business needs, helping to solve business problems. Richard has designed and architected numerous enterprise and nationwide cyber programmes for QA customers. Responsible for the QA cyber portfolio, products, proposition and cyber partner community. He has over 15 years' experience in senior Information Security roles.
Prior to QA, Richard was Head of Information Security for an organisation who underpin 20% of the UK's Critical National Infrastructure. Richard also held Security and Technical Management posts in Defence, Financial Services and HMG. He holds a number of leading cyber professional certifications, including CISSP, CISM, CISA.
Richard sits on a number of industry boards and security advisory panels, and previously chaired the Communication Industry Personnel Security Information Exchange (CPNI). He is the work stream lead for Cyber Skills & Diversity on the techUK Cyber Management Committee, in addition Richard is also supporting a work stream for the UK Cyber Security Council Formation project. Richard is a regular contributor for cyber insights and industry collaboration including speaker engagements.
He is also a STEM Ambassador working to engage and enthuse young people in the area of cyber security. Providing a unique perspective on the world of cyber security to teachers and encourage young people to consider a career in cyber security.
More articles by Richard
Cyber Pulse: Edition 142 | 18 January 2021
CISOs should prioritise the “human firewall” during Covid-19
Cyber Pulse: Edition 141 | 11 January 2021
Cyber Pulse: Edition 140 | 4 January 2021
Cyber Pulse: Edition 139 | 18 December 2020
Cyber Pulse: Edition 138 | 8 December 2020
Cyber Pulse: Edition 137 | 13 November 2020
Cyber Pulse: Edition 136 | 5 November 2020
Cloud Native Security – Accelerate Left or Get Left Behind
Cyber Pulse: Edition 135 | 27 October 2020