Take a look at yourself from the outside in.
Cyber-security challenges and opportunities can unfold in a business at any time, delivering additional complexity to an existing tech footprint. Right now, as we move to better understand the new normal, while organisations are reviewing budgets and project commitments with a laser eye on cash flow, cyber adversaries plot to undermine our plans.
The ever-present cybercriminals have rapidly seized the opportunity to expand their operations, leveraging the Covid-19 crisis. Analysts at Atlas recently reported on the thousands of rogue Coronavirus internet domains that have emerged over the last six weeks, as quickly as the authorities take them down. Meanwhile, dozens of well-known attack scenarios including systematic phishing operations have been reimagined and released into the wild. To combat the fear and uncertainty, a national response has been mobilised by the NCSC to raise cyber awareness during the pandemic.
Home-working can make your business vulnerable
Home-working and remote communication at scale have changed the attack surface of almost every business. Personal devices connect to unwitting company platforms, many with ransomware lying dormant from previously shielded corporate firewalls, now free to activate. Our corporate edge has been extended deep into the home, with insecure devices sharing and now responding to opportunistic reconnaissance calls. VPN clients are being deployed, many upgraded in a hurry to match growth in remote-working and attempting to track malicious traffic.
The remote working-from-home community has exposed those still approaching security behind an enterprise firewall. There is an increasing likelihood of a security breach impacting organisations ill prepared to respond, with no muscle memory of cyber crisis planning. This is compounded by reporting inertia due to a lack of insight into the type and scope of the data impacted by this new way of working.
From a network security to a cloud service mindset
Moving the network security perimeter mindset to the cloud service edge will help with the scale and complexity of emerging technical debt, and focus on the whole picture. This will include considering insecure cloud application configurations, privilege creep, and data discovery blindness to insider threats.
Walk on the wild side and start to look at yourself from the outside in – has your network sensor opportunity just got bigger? Consider the best time to take appropriate risk mitigation steps, practise and plan ahead with what you will learn, balancing performance and availability. Risk tolerance within the business, at the board, will vary by industry and individual organisations' appetite.
Fixing the talent shortage
Securing what matters is one of the most pressing issues, but there's a talent shortage across the security landscape. Upskilling and cross-training into cyber and tech has never been more of a national imperative, as recently confirmed in this report by government.
We know that by this time next year, there will still be hundreds of thousands of cyber-security vacancies. Only by training the right people, learning the right skills right now, can we look forward positively having taken the right steps to protect our businesses together in these unprecedented times.
Get in touch
Speak to your sales contact or email firstname.lastname@example.org to see how QA can help your business plug that cyber skills gap right now. We have solutions ranging from individual training and bespoke training solutions to re-training your workforce through digital apprenticeships and seconding our tech specialists to your business – all virtually, of course.
Richard BeckRichard Beck is Director of Cyber at QA. He works with customers to build effective and successful learning solutions tailored for business needs, helping to solve business problems. Richard has designed and architected numerous enterprise and nationwide cyber programmes for QA customers. Responsible for the QA cyber portfolio, products, proposition and cyber partner community. He has over 15 years' experience in senior Information Security roles.
More articles by Richard
Cyber Pulse: Edition 184 | 13 May 2022
Cyber Pulse: Edition 183 | 29 April 2022
Cyber Pulse: Edition 182 | 22 April 2022
Cyber Pulse: Edition 181 | 13 April 2022
Cyber Pulse: Edition 180 | 04 April 2022
Cyber Pulse: Edition 179 | 18 March 2022
Cyber Pulse: Edition 178 | 10 March 2022
Cyber Pulse: Edition 177 | 4 March 2022
Cyber Pulse: Edition 176 | 24 February 2022
Cyber Pulse: Edition 175 | 17 February 2022