The “next normal” world of remote working looks like it would persist into the post-pandemic era; short-term tactics need to transform into long-term security strategies.
The implications of COVID-19 for businesses are far-reaching, and we have observed a clear shift in digital transformation priorities, with IT leaders moving quickly from long-term cybersecurity strategies to shorter-term tactical measures to solve immediate business needs.
COVID-19 has resulted in at least one in four workers working for home, leading to a tremendous increase in online transactions and employee logins to virtual workplaces on unsafe networks – and cybercriminals are taking advantage of this, with up to 60% of cyberthreats in January to April 2020 comprising of phishing scams.
Organizations are faced with a formidable task: keeping data safe and ensuring digital trust is maintained, especially in a world of remote everything.
To rise beyond COVID-19, IT leaders will need to quickly gain perspective of the new digital landscape characterised by a highly distributed workforce and adopt a “Zero Trust” cybersecurity approach, supported by intelligently adaptive defence measures.
In the past few months, Micro Focus has been offering free software packages to customers across Asia Pacific, providing them with advanced digital resources to secure and strengthen business continuity capabilities.
DigiconAsia caught up with Stephen McNulty, President, APJ, Micro Focus, for his insights into securing the distributed workforce in a rapidly transforming new workplace reality that would continue even in a post-pandemic world.
How has COVID-19 reshaped the risk landscape for both businesses and consumers?
McNulty: The “next normal” for consumers and businesses in Asia Pacific (APAC) is characterised by online identities, virtual interactions, and data. With more people spending time at home due to the global COVID-19 pandemic, there has been an increase in the volume and frequency of online activities, spanning across consumer digital habits and corporate telecommuting exercises.
COVID-19 caused businesses to react and change in many ways. It touched enterprise workforces, supply chains, liquidity, and provided many other opportunities to pivot in response to risk. It is no surprise that criminals are attempting to capitalise on this period of disruption, with fraud emerging as a key issue for both businesses and individuals.
Fraud has increased in the last 12 months for three in five businesses worldwide, with the volume of fraud cases in APAC 60% higher than the global average. South-east Asia is the heaviest hit region, especially Malaysia, Indonesia and Thailand.
We’re also seeing a decline in digital trust, which spells serious implications for organisations that strive to build customer loyalty. COVID-19 has brought gaps in identity management to the forefront – Google has seen up to 18 million daily malware and phishing attempts related to COVID-19, in addition to more than 240 million COVID-19-related spam messages.
We are supporting our customers in navigating this novel set of challenges: to identify and contain cybersecurity issues, optimise the online consumer experience, fortify corporate networks, all while increasing digital readiness to support business continuity agendas.
What are some key security areas organizations should look out for to support a remote workforce?
McNulty: Remote working will likely remain the default option for many organizations across APAC as the impact of the pandemic continues to expand.
In light of this, we have been working closely with our partner and customer communities since February to facilitate the adoption of digital best practices and smoothen their adjustment process, with a special focus on strengthening their cyber resilience, which is the ability of an organization to enable business acceleration by preparing for, responding to, and recovering from cyber threats.
Taking into account that detecting fraudulent activities and malwares has become trickier for organisations as the number of data sources and access points increases, Micro Focus have been supporting businesses across the following areas:
Employee email encryption: protect employees and the corporate network against potential threats stemming from unsecured email systems and phishing attempts. Organizations need to strive for end-to-end email security—with encryption and decryption features, and compatibility with desktop, web, and mobile platforms—while still offering ease of use.
Multi-factor authentication: secure employee access to the data and systems required for their job with a centralized, standards-based framework. Organisations need to adapt authentication configuration across cloud, on-premise, and hybrid environments to ensure consistent authentication across all entry points.
Security and scalability of applications: ensure the scalability of organisations’ internal and external applications to handle the unprecedented influx of online traffic. The goal is to build capabilities that offer real-time, online and offline anomaly detection to quickly identify any performance issues that may arise, and ultimately ensure continuity of service.
In the digital economy, and with a hybrid remote-cum-office working environment becoming the new reality, what advice do you have for businesses on adopting a Zero Trust security approach?
McNulty: Today’s multi-cloud, multi-device, multi-access point environment is a fertile ground for cyberattacks. Traditional security models, which focus on blocking external threats from penetrating the corporate network, have been rendered inadequate for failing to account for internal security gaps and the rising number of entry points.
Zero Trust is a rigorous identity-based cyber defence approach that requires strict and constant authorisation and verification for all personnel and device access. Taking into account the current work-from-home trend, where employees are virtually logging in and out of corporate email accounts, systems, and applications, Zero Trust takes away the assumption of a fully secured network and demands that every access request is thoroughly checked.
To effectively implement the Zero Trust approach, organisations must first identify critical data assets, systems, and applications, to which additional layers of protection and monitoring must be applied. Security experts and the cyber response teams need full visibility of a network’s analytics to control access, detect anomalies, and calibrate risks.
A properly implemented Zero Trust infrastructure puts a prime focus on identity to verify access privileges and employee day-to-day responsibilities that involve critical business applications. Whether handled by in-house experts or outsourced to managed security service providers, policies and processes designed to conquer authentication challenges will play a key role in enabling organisations to deliver the right resources and data to their employees anywhere, anytime.