The digital transformation of companies, accelerated by the health crisis, has profoundly changed our ways of working, especially with the development of hybrid work. This flexibility is an asset to businesses, but it also creates new cybersecurity challenges that need to be fully considered.
Cybersecurity issues were of a different order as employees carried out their missions within the company. Today, the ability to work from anywhere generates a huge flow of data in cloud and remote environments and increases the attack surface for organizations. A company’s durability and agility undeniably depend on the security of its data.
According to a recent study, awareness of cyber security issues and various technological processes is essential. Indeed, 59% of employees surveyed admit they have not observed significant changes in training or awareness of cybersecurity best practices, despite the frequency of announcements of major cyberattacks.
Near two-thirds of respondents believe that a lack of employee awareness compromises safety, hence the importance of transmitting best practices in this area. Employees are the first line of defense against threats. One of the key elements in terms of cyber defense is instilling a culture of security in companies: a complex transformation whose success depends on the combination of different approaches.
Protect data and systems
The first step is to rethink data protection procedures and systems at all levels. Be it headquarterWhether in the cloud or at the edge, it’s critical that every device and process can be protected from risk. The policy is considered advanced when modern security features are already built into the hardware, firmware and controls. However, it is essential to automate the building blocks in order to effectively retain employees.
While the productivity of organizations depends in particular on the IT infrastructure, it is important to remember that every system can contain vulnerabilities. Information security extended to the entire ecosystem (servers, storage, networks, etc.) and integrating security experts at all company levels, allows for a non-negligible risk reduction. Promoting the implementation of advanced preventive strategies and the consistent integration of security controls into the various systems are also areas to be fully considered.
Taking a holistic view, taking an end-to-end approach with consistent goals and scalable policy enforcement, assessing internal processes, and ensuring the highest level of security for enterprise customers can also prove to be a significant competitive advantage.
Apply a “Zero Trust” architecture.
The approach “Zero Trust” it is now making a name for itself in the global landscape of information security architectures. Contrary to previous models that performed verification of a user, equipment or computer activity only once, or even periodically, “Zero Trust” is based on the principle that no user or activity should have an implicit trust. Each interaction must be verified before proceeding with the activity. This authentication model can be applied at every stage of the corporate network, IT infrastructure, software and microservices.
A virtual micro-perimeter is thus created around each interaction: each gateway that a cybercriminal tries to cross is erected as a bulwark as it requires authentication. In the context in which a hacker would have managed to cross a first perimeter, he will not be able to extend the breach thanks to this partitioning technique. Pre-built security protocols help protect data, employee trust, and customer relationships. Zero Trust also expects users or requests within a system to have the most limited access rights, which limits the risk of each interaction.
Achieve cyber resilience
The sheer number and growing sophistication of today’s threats make it essential to have a solid plan for dealing with a cyberattack. Cyber resilience assumes that an organization can recover data and quickly resume operations after an attack, while limiting financial and operational impacts. A critical step to maximizing business resiliency is isolating critical data in vaults, which are separated from networks.
The complex multi-cloud environment that most organizations manage today can make this task difficult. Data security solutions are now specifically designed to effectively protect customers’ digital assets.
Building a culture of safety
In addition to these cyber security tools, it is essential to improve the awareness and accountability of the entire organization in the face of cyber threats. Training all employees so they can acquire the knowledge needed to reduce cyber attacks is crucial these days.
Securing technology and building trust has never been more critical. As the pace of digital transformation continues to accelerate, its success requires new cybersecurity strategies. Cybersecurity and resilience must follow this dynamic in order to provide a solid framework for the sustainability of companies integrating new ways of working. The challenges of information security must be understood from multiple perspectives, from a technological point of view, through the choice of processes and from a human point of view, with the importance of training, both upstream and downstream, in terms of prevention or management of crisis .
[i] Based on 400 respondents in France.
By Stéphane Huet, SVP and GM France at Dell Technologies
<<< Read also: Employee training and cybersecurity: which strategy to implement? >>>