Intercity Managing Director of Cloud and Security Phil Bindley discusses how to build cyber security resilience into post-pandemic hybrid working strategies.
The answer to post-Covid-19 security challenges does not reside in traditional measures applied to pre-pandemic working habits, which were largely focused on a commute to fixed office locations with work completed on work-owned devices and secured by the organisation’s network. The pandemic changed everything – and now the workplace is anywhere and everywhere. As we emerge from the impacts of Covid-19 more organisations are evaluating their ways of working and embracing a hybrid approach. According to Bindley, fewer people are asking how to facilitate the new way, and more are wanting to know about ramping up security and what they need to do differently.
“Furthermore, the cyber security skills shortage has increased the knowledge gap leaving many organisations at risk of a cyber security attack,” stated Bindley. “The key is for organisations to work collaboratively with third parties to ensure they get it right and protect the organisation and employees from cyber-attacks.”
In the context of hybrid working cyber security has become more about protecting people than protecting the infrastructure
Given that the pandemic has increased the danger level appropriate action is required sooner rather than later. Especially in light of the UK Government’s 2022 Cyber Security Breaches Survey which found that 39 per cent of businesses identified a cyber attack during the last 12 months. Phishing became the most common threat vector, affecting 83 per cent of businesses. “Working from home meant staff unwittingly made their organisation vulnerable to potential attacks through simple errors such as connecting to unsecured networks or downloading malware,” said Bindley.
Recognising that a cyber attack can come from anywhere, zero trust networks should be a key IT consideration, believes Bindley, emphasising that organisations must treat every user, even employees, as ‘hostile’ and a potential threat to the business. “Cybersecurity should first and foremost be treated as a business function,” he commented.
“In securing a mobile workforce, businesses should consider where corporate data is available on mobile devices. How are they protecting traffic going between providers? What do you do about protecting legacy data? How can you encapsulate data from devices and the cloud onto one?”
Bindley also pointed out that zero trust networks are easier to design, build, manage and architect. Using security brokers like Check Point – of which Intercity is a four star partner – is one way of ensuring secure traffic to and from endpoints. “Looking to the future, organisations should combine anti-malware, data loss protection, email filtering, protecting mobile endpoints, traffic to and from corporate centres, SaaS and cloud security needs,” said Bindley.
The rise of hybrid working will prompt more organisations to consider moving their systems to a cloud-based architecture. “The move to a multi-cloud strategy is across the board and provides organisations with something to think about as the multi-cloud infrastructure is typically owned by a third party, which raises the question of ‘security of the cloud’ versus ‘security in the cloud’,” commented Bindley.
“Hyperscalers such as Azure, AWS and Google Cloud are responsible for securing the ‘of the cloud aspect’. But security ‘in the cloud’ is the responsibility of organisations – this is where we are seeing a shift. In the context of hybrid working cyber security has become more about protecting people than protecting the infrastructure.”
Conventional thinking dictated that organisations should have multiple vendors of firewall technology. However, Bindley believes that having seven or more different services to manage risk requires a bigger team of IT security engineers, which SMEs don’t typically have the capacity for. “This can present businesses with high IT management costs, making further investment difficult to justify,” he added. “SMEs, in particular, should consolidate as much as possible, relying only on one or two security providers.”
Certain security providers are associated with high price tags, but to make themselves more appealing and affordable Bindley has noted a shift in their business models. “More providers are opting for pay monthly or per user models which help breakdown the costs and can make it easier to get sign-off on such investments from boards or business decision makers,” he observed. “IT departments should make the most of this.”
Such changes in business model, according to Bindley, demonstrate that security vendors are beginning to think more strategically and understand what the new world looks like. “It allows organisations to future proof,” he added. “Instead of creating the patchwork security solutions seen at the start of the pandemic, organisations are now thinking about a protection framework. Also, if you want to retire legacy applications or acquire new businesses, this forward looking holistic approach ensures a methodology is in place to protect both individual and business needs.”