Working within the new cyber normal: Marsh
Organisations have rapidly shifted to semi-remote working arrangements and thus they must be equally speedy in mitigating the cyber risks created by the expanded “attack surfaces” that have accompanied the “work anywhere” operating models. To take on the new cyber security challenges of this virtual working environment, organisations must understand the changes in their cyber security risk profile and revamp their strategies, training and exercises to address these changes.
Marsh Africa CEO Spiros Fatouros discusses four key factors that drive the cyber security risk implications in this new, likely semi-remote, working environment. Organisations should keep these factors in mind when defining how to adjust their cyber security risk programmes.
1. Increasing number of cyber attacks
Since the COVID-19 outbreak began, the number of cyber attacks has soared as hackers have exploited a greater number of weakly protected back doors into corporate systems as well as the human distraction caused by COVID-19-related events. Hackers continue to target key industries. Banks are now fending off nearly three times as many cyber attacks as cyber criminals flood employees’ inboxes with COVID-19-related phishing e-mails, often attaching seemingly innocuous files designed to lure unsuspecting employees into executing malware.
2. Changing attack surfaces
The shift to using new teleworking infrastructure and processes may lead to the undetected exploitation of vulnerabilities in existing remote work technologies. Security agencies have warned that a growing number of cyber criminals are targeting individuals and organisations with malware. In addition, cyber risks via business partners and third parties are increasing as well. It is hard enough to prepare internally for a semi-remote working environment, but even harder to verify the preparedness of vendors ranging from IT service providers to business process outsourcing firms to law firms.
3. Distracted workforces
A vast number of successful cyber attacks are caused by human error. Increasingly preoccupied by greater personal and financial stress at home, employees are more vulnerable to cyber threats and “social engineering” cyber attacks designed to trick them into revealing sensitive information.
4. Multi-stress environment
Security teams are operating in an unprecedented environment in which multiple crises are constantly arising, each demanding significant attention from cyber security and management teams. COVID-19 related challenges will be the baseline for the foreseeable future. Moreover, organisations still have to manage through other crises and stress events, like hurricanes, forest fires or widespread protests.
Much of the operational shift that has occurred as a result of the pandemic will outlast the immediate crisis and aftermath. To adapt securely, organisations need to understand how their cyber risk profiles have changed and must revamp their strategies, training and exercises to address threats and minimise risks.
Marsh participated in the ITWeb Security Summit on 31 May and 1 June 2022.