Connect with us

Hi, what are you looking for?

HEADLINES

Cybersecurity experts identify threats as work-from-home becomes the norm, calls for businesses to protect themselves

The remote setup had employees bringing home their workstations, taking devices out of the protection of cybersecurity systems found inside offices and leaving them vulnerable to threats.

Restrictions brought by the COVID-19 pandemic lurched businesses towards the digital space, and as work-from-home continues to be the norm, there is also an increased awareness in cybersecurity. Enterprises both big and small are faced with cyber threats, and the need to adopt security measures is more critical than ever.

“Almost 97% of Asia Pacific organizations made changes to their policies to shift for remote working. All of a sudden we went from business continuity planning to execution,” Kerry Singleton, Managing Director for Cybersecurity Cisco APJC, reported during the fourth episode of the tech company’s webinar series, Navigating the Shift.

The series goes on a deep dive on the pandemic’s impact across industries, and in this episode titled Cybersecurity Today: Addressing the New Threat Landscape, Singleton, along with other experts in the field, examined changes in the cybersecurity landscape as businesses went online.

“There are a lot of breaches happening. There were breaches early [in 2020] and it increased with remote work,” GIAC Information Security Expert DefCon Black Badge Raymond Nunez observed. The former Security Consultant of the Department of Information and Communications Technology (DICT) mentioned that these include SMS- and voice-based phishing, also known as smishing and vishing. While automated spam filters are available in emails, SMS and voice services rely on users to determine scams. 

Nunez also reported breaches due to weak credentials in user accounts, stating that attackers are still able to penetrate organizations using passwords as easy as “1234”. This shows a certain level of vulnerability currently present among the online community, including businesses that could be negatively impacted as work-from-home is foreseen to be here for the long haul. 

“I’ve spoken to customers across the globe. They’re all thinking about how do we return to work, and a common theme that I’m seeing is that they are going to leave a percentage of their workforce working remotely,” shared Singleton. He pointed out that a few large tech companies in the US have even gone for a 100% work-from-home policy. 

Advertisement. Scroll to continue reading.

The remote setup had employees bringing home their workstations, taking devices out of the protection of cybersecurity systems found inside offices and leaving them vulnerable to threats.

“The threats are not getting any smaller – they’re getting bigger and more maverick,” Emmanuel Caintic, Assistant Secretary of DICT, commented. “Now more than ever is the time to invest in your network security. It’s an insurance and it doesn’t cost much. It’s actually more expensive to remediate after an attack.”

Aside from cost implications, successful attacks can result to client loss and business shutdown due to bad reputation from having been breached. Thus, the speakers called for businesses to take security measures, with educating staff on cyber hygiene habits as the first line of defense. These include being vigilant when opening attachments, clicking links, and providing information.

Another recommendation is for businesses to invest in endpoint security and visibility now that endpoint devices like laptops and phones are deployed in employees’ homes. Technologies such as multi-factor authentication or MFA was also raised as a way to ensure a person’s identity. “That inconvenience of a few seconds of having to check your phone to log in to that two-factor authentication could spell a lot of difference,” Caintic mentioned. According to Nunez, Google and Microsoft have also deployed MFA to prevent breaches and were rewarded with good success rates. 

“We’ve seen online banking, government applications, and a lot of social media and email platforms move down that path, but the corporate environment and businesses [also] need to look at multi-factor authentication as the first step in their process,” Singleton agreed. 

Cisco offers Duo MFA which requires users to push a token to their smartphones – a technology that the company uses itself for security. “So we’ve got the username and password, and then we’ve got the multi-factor authentication piece that sits over the top of it as well,” Singleton added. 

The highly-esteemed tech company offers other cybersecurity solutions that are used by enterprises around the globe, but are still scalable from small- to large-sized businesses.

“When you’re in a small business, if you can afford to invest in device systems and secure the devices that you give to your employees or you station in your business, that’s the best solution,” said Caintic. As an alternative, he suggested investing in a virtual private network (VPN) service and in malware protection programs – which have to be kept updated in order to safeguard systems from evolving cyber-attacks.

Meanwhile, for bigger enterprises and those in public service such as telco companies, Caintic recommended flawless business continuity programs on top of robust cybersecurity technologies to ensure minimal disruption in business and service when an attack occurs.

Advertisement. Scroll to continue reading.

Big or small, experts agree that businesses urgently need to look more into the cybersecurity landscape as industries continue to shift online in the new normal. It may seem intimidating and complicated with the various systems and jargon, but there are tools like Cisco SecureX that give businesses a single comprehensive platform to view threats and respond to them. 

“[Cybersecurity] has to be foundational and has to be built into our digitization strategy and everything that we do today,” Singleton said. “It doesn’t matter if you’re a one-person company or if you’ve got tens of thousands of people. Potentially, everybody is vulnerable; attackers don’t discriminate.”

Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Globe tapped Curvalux to enable the telco to deliver cost-effective, high-speed broadband services to urban, suburban, and rural areas using an innovative ‘phased array...

HEADLINES

PLDT’s clean-up drive, which consists of preventive maintenance activities, complies with congressional bills as well as resolutions and ordinances from local government units (LGUs)...

HEADLINES

Lazarus is one of today’s most prolific threat actors. Active since at least 2009, Lazarus has been involved in large-scale cyberespionage campaigns, ransomware campaigns,...

HEADLINES

NTC’s failure to act on NOW Telecom’s application for more than a decade, according to the ARTA, is a violation of Republic Act no....

HEADLINES

Cybersecurity policy makers stressed the need for cybersecurity capacity building and investments in education in achieving cybersecurity preparedness to combat cyber threats.

HEADLINES

Canalys has found that Kaspersky improved in overall performance in the last 12 months, achieving a 12% year-on-year score increase. In the 2020 Canalys...

HEADLINES

This year’s research looks at the impact of the pandemic on Filipinos’ access to opportunities. More importantly, it spotlights the gender gaps that continue...

HEADLINES

While stalkerware is sometimes targeted at jealous partners for spying on their spouse and for employers to spy on their staff, the findings show...

Advertisement