Cybersecurity in the "Work from Home" scenario

Cybersecurity challenges in 2021 and how to address them

During the course of 2020 and now into 2021, attitudes towards working from home have dramatically shifted the world over. The rise of the remote worker at such scale has shifted so much that it's triggered a change from the standard "corporate perimeter concept" (i.e. perimeter security) to a need for "micro-office security certification" (i.e. creating more secure hybrid environments). That, in itself, is but one of the hurdles and challenges IT and security teams are currently working to solve.

Outsourcing of IT and cybersecurity functions may thus be crucial to solve expertise shortages and save budgets. "To coordinate managed service providers along with using multiple cloud services, cloud security and management skills will become a 'must have'. According to a new Kaspersky report entitled "Plugging the gaps: 2021 corporate IT security predictions"¹, these and other cybersecurity challenges and trends will be among those that businesses will have to manage this year," says Charl Ueckermann, CEO of AVeS Cyber Security.

"A shift to remote work, financial constraints due to economic recession and the growth of cyber threats due to the global pandemic is already affecting the day-to-day role of cybersecurity professionals in 2021. Understanding the challenges but also perceiving opportunities in IT and IT security management is key for companies to maintain an adequate level of data protection," he adds.

4 Cybersecurity trends to watch

The recent Kaspersky report entitled: "Plugging the gaps: 2021 corporate IT security predictions" suggests advice for each role related to cybersecurity within an organisation; including that of CEOs or business owners, CISOs (Chief Information Security Officers), SOC (Security Operation Centre) team leads and IT managers.

Here are some of the main trends to monitor:

1. Protecting the perimeter is no longer enough - home office assessment and protection will be needed.

   There should be tools to scan the security level in a workplace - from the presence of software vulnerabilities to connecting to an unreliable or unprotected Wi-Fi hotspot. It will also require:

   • wider adoption of VPN (Virtual Private Network)
   • privileged access management
   • multifactor authentication systems
   • the implementation of more proactive cybersecurity monitoring, and
   • the updating of existing contingency and emergency plans.
2. Transition to a service model that will better enable the necessary IT and IT security levels with lower investments.

   According to Kaspersky's survey¹, seven-in-10 (72%) of businesses in the META region (i.e., Middle East, Turkey and Africa), said they already plan to use a managed services provider (MSP) or managed security services provider (MSSP) in the next 12-months.

   "This is for good reason as the service model helps to minimise capital investments and transition business costs from CapEx to OpEx," says Ueckermann.

3. Training for internal IT security specialists should incorporate management skills.

   Cybersecurity professions split into very narrow specialisations. As a result, hiring staff for each specific role may become too great an expense for some organisations and companies. For smaller businesses, in particular, this may be too expensive. Professional development is something to consider as market demand for specialised professionals continues to outgrow the supply of specialist skills. For larger enterprises or corporations, it has become unprofitable to insource and develop large groups of specialist teams.

   "This is where outsourcing can help to plug the gap," he adds to this point. "However, businesses that outsource key cybersecurity components still need to focus on developing management skills for their in-house teams to handle those outsourced functions."

4. There will be an increased reliance on cloud services, making dedicated management and protection measures necessary.

   The survey¹ showed that in 2020, employees in 91% of enterprises and 95% of SMBs in the META region used non-corporate software and cloud services such as social networks, messengers or other applications. For the foreseeable future, this is unlikely to change when staff return to the office.

   "To ensure that any corporate data is kept under control, better visibility over cloud access will be necessary. IT security managers will need to align themselves with this cloud paradigm and develop skills for cloud management and protection," says Ueckermann.

How to stay safe when working from home

Before the global outbreak of COVID-19 swung us all into a new way to live and work, the level of cyber threats was already affecting businesses at an incredible rate. The dramatic shift in employees' need to now work-from-anywhere has also multiplied the number of remote networks requiring intensified protection. The home office is now very much a part of any organisation's physical premises - and it's a vulnerable space.

Strengthened proactive actions are all the more necessary and can only be sufficiently structured when organisations can understand how specific threats are being deployed. Key responsible employees need to fully understand where such threats originate from to equip a business's remote-working employees with the most effective security solutions and policies. It has become imperative to have an airtight cybersecurity plan - gauging from the Kaspersky report1, it's ever more important as we live and work through 2021.

Along with the introduction of new and improved cybersecurity practices, the quality of tools that enable these changes will be equally important. Quality of protection and seamless manageability are critical when choosing cybersecurity solutions.

Discovery Business Insurance is perfectly primed to offer holistic business risk protection and includes a cybersecurity offering relevant to today's challenges. In partnership with AVeS Cyber Security, Discovery Business Insurance offers your organisation the most pertinent and knowledgeable base of security specialists to help you withstand any form of cybercrime.

Watch this short video for a full overview of the Discovery Business Insurance offering:

^References:

1.  ^{AO Kaspersky Lab, 2021. "Plugging the gaps: 2021 corporate IT security predictions". Retrieved from https://www.kaspersky.com/blog/it-security-economics-2020-part-3/}
2. ^{Google blocked 100 million phishing attack emails every day, in April 2020. 18 million of those blocked emails were scam emails related to the coronavirus pandemic. https://www.bbc.com/news/technology-52319093}