SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
The future of work depends on cybersecurity
Fri, 21st Oct 2022
FYI, this story is more than a year old

 

Digital transformation has changed the way we work. Employees now expect flexible working, with the latest Australian Bureau of Statistics data revealing more than 20% of Australians were working from home on the 2021 Census day. Given technology is at the centre of this newfound flexibility, we cannot overlook a critical area of this modern workspace shift: cybersecurity. 

When most people worked from an office, the boundaries for cybersecurity were clear. Now, with work from anywhere, there’s a constant flux of proprietary data across clouds and remote environments. Consequently, your organisation’s potential attack surface grows. The more agile you want to become, the more you need to prioritise security; the recent high-profile Australian cyberattacks have illustrated just how vulnerable businesses are in this current work-from-home climate. 

But many organisations are uncertain where to begin. The Dell Technologies Breakthrough study shows a greater emphasis is needed on both cybersecurity awareness and technology processes. Concerningly, 57% of Australian workers admit they haven’t substantially improved their security awareness and behaviour, even after hearing about high-profile cyber-attacks.

With 69% of Australian respondents in the Dell Technologies Breakthrough survey answering that their employees are the weakest link in their security approach, it is clear that building cybersecurity accountability is critical. Cultural buy-in is key to modern security practice, and cultural change isn’t easy. Creating a culture of security and driving behavioural change requires a combination of technical processes and organisational training. 

Protecting data and systems

The first step to modernising your cybersecurity approach is to rethink how you protect your data and systems everywhere, whether on-premises, across clouds, or at the edge. 

Protecting personal devices and endpoints has historically consisted of identifying and reacting to known threats and, therefore, treacherous. Every device and process you adopt at your organisation should ideally be designed for security as a baseline. If modern security features are already built into the hardware, firmware, and security controls, then your foundation is ahead of the game. In parallel, look for ways to automate foundational security elements, reducing the need for manual involvement. 

While organisations depend on IT infrastructure to stay productive, it’s important to remember that each system can introduce vulnerabilities. Extending cybersecurity through your entire ecosystem is vital: servers, storage, networking, and even securing development lifecycles and the supply chain. Consider embedding dedicated security professionals across your products and services teams. They can advocate for elevated security postures and help integrate security controls consistently across your different systems.

Holistic security also means evaluating your internal processes and ensuring the highest level of security for your customers. Adopt an end-to-end approach with consistent objectives and scalable policy application. With these security safeguards architected into your environment, there’s less need to adopt, learn, and manage the dozens, or even hundreds, of third-party products typical in today’s environments.

Applying a Zero Trust architecture

Zero Trust is rapidly becoming the globally accepted best practice for cybersecurity architecture. Unlike past security models, which verify a user, device or compute task once or periodically, Zero Trust is based on the notion that no user or task is given implicit trust; instead, every interaction should be verified before proceeding. You can apply this authenticate-every-step model across your organisation’s network, IT infrastructure, software, and microservices. 

A virtual micro perimeter is created around every interaction with a Zero Trust approach. Each gateway a cybercriminal attempts to pass through requires authentication. Even if a threat actor crosses one perimeter, they cannot extend the breach further. Deny-by-default security protocols help protect your data, your employees’ trust, and your customer relationships. Zero Trust allows users or requests within a system the least privileged access, thereby reducing each interaction’s risk.

Achieving cyber resiliency

While every precaution should be taken to prevent a cyberattack, the sheer number and growing sophistication of today’s threats means organisations must have a robust plan to deal with an attack. Cyber resiliency means an organisation can quickly recover data and resume normal operations after an attack while limiting financial and operational impacts. A critical step for enhancing resiliency is isolating critical data into vaults that are segregated from networks. 

The complex, multi-cloud environment that most organisations run today can make this challenging. Solutions like managed services for cyber recovery can operate data vaults on behalf of their clients, reducing cost and the demands on the IT team. And if an organisation prefers to run its own data protection and recovery operation, various products and appliances are specifically designed for this purpose.

Building a security culture

Underlying all these important cybersecurity tools, it’s imperative you also improve your entire organisation’s awareness and accountability for dealing with cyber threats. Train your employees to understand that security is everyone’s job, not just a function of the security team. Arm your team members with the right knowledge and training so they can make the best decisions. 

Securing your business technologies and building trust with those that depend on them has never been more critical. Digital transformation keeps pushing us to move faster, but the price of leaving cybersecurity behind is high. 

Technology can make this task easier on you and your teams, and it starts with evaluating your current efforts. Take the time to check how you manage risks across your IT ecosystem. Cybersecurity and resiliency must progress at the same pace as digital transformation to provide a solid foundation for protecting your people and your business while embracing the future of work.