COVID-19: Productivity at the cost of securityJuly 15, 2020
In the RSA Conference APJ 2020 session “Getting the security and flexibility balance right in a COVID-19 world”, Magda Chelly, co-founder of Responsible Cyber shared her insights around digital transformation and security risk considerations in current times.
It’s ultimately about productivity
Improved and continuous productivity is a key driver of digital transformation for companies. It is less about regulatory or cybersecurity reasons. “In terms of APAC, I noticed that digital transformation adopted by companies are very much related to a sense of speed, to allow productivity to continue for employees.”
Amid COVID-19, health measures around the world have made remote work a necessity rather than an option. This need in turn pushes for digital transformation for many companies.
The perimeter is dead: Security without boundaries
With COVID-19 accelerating digital transformation, enabling employees to work from anywhere, cybersecurity risks are emerging with increasing prevalence of cyber attacks due to this flexibility of working.
There are COVID-19-themed attacks (link) in the form of phishing, malware and others, all of which exploit what makes us human, and contribute to an increased number of enterprise attack vectors. “As usual, the weakest link is the human factor,” Magda shared. Human fallibility remains to be the enemy of control, especially with phishing attacks.
On endpoint management, she cautions that companies might still be exposed to different risk scenarios. She cited an example on passwords. “We have seen new policies that passwords should not rotate, for example, but if your employees are working from home, and eventually working from their own devices, they are using those devices to perform business activities. They might be using
the same password for their social media and corporate accounts.”
And there are other unpredictable risk scenarios. Besides their own home WiFi, employees could be on insecure and uncontrolled networks in quarantining hotels, and VPNs may not work here. They might also have technical difficulties with work email and end up using their personal email, another bane of security.
New approaches to security
Magda urges cybersecurity professionals and leaders to go out of their comfort zone and adopt a data-driven mindset when it comes to assessing emerging cyber risks. “Have your 3, 5, 10 new emerging cyber risk scenarios, and then quantify them.” She recommends cross-collaboration with other business teams like IT and compliance to uncover factors for quantifying data, particularly those that make sense and matter to stakeholders.
When it comes to cyber resilience and awareness building, cybersecurity professionals need to increase their visibility and reachability within the business, not just through traditional means of communication like newsletters which can seem distant.
And as they say, the perimeter is dead. The future of security lies in a non-perimeter-based approach – and zero trust, which places users at the centre of the security strategy.
Magda is a thought leader and frequent speaker at cybersecurity forums and events. She is a valuable member of the ICE71 community, and her start-up Responsible Cyber is both an ICE71 Accelerate alum and an ICE71 Scale company.
ICE71 is a proud community partner of RSA Conference APJ 2020. Watch conference content on demand here.