Brent Johnson, CISO at Bluefin, discusses with Digital Journal how the priorities for CISOs have shifted since the start of the pandemic to where we are now. He notes that, six months in many companies have no end in sight for remote work. Johnson has been considering ways by which security professionals have mitigated the uptick in social engineering and phishing attacks, against which remote workers are especially vulnerable.
Johnson says that organisations need to put in place strong measures in order to secure their data as employees continue to work remotely.
Johnson explains to Digital Journal how the rate of attacks have been increasing during the coronavirus era: “Social engineering and phishing attacks have accelerated during the coronavirus, and 2020 is already on track to reach a record number of data breaches.”
As a consequence, many firms have needed to shift their focus: “Addressing these attacks has emerged as the main security priority amid the pandemic — and will likely remain the priority even after it has passed — requiring a focus on end-user training and security awareness to mitigate cyber threats.”
Companies that put in place measures, says Johnson, can overcome an array of cybersecurity challenges: “While breach attempts are inevitable, they are preventable and mitigated with training and proper management of security technologies like encryption”
However, to do so requires firm leadership on the part of the CSIO, as Johnson outlines: “In a post-coronavirus world, CISOs can further training efforts and maintain employee vigilance by implementing targeted phishing campaigns on end-users, sending security best practice reminders, and providing relevant security training programs based on the business and employee role.”
Despite these good measures, there remains complications due to the considerable expansion in home working.
Johnson outlines this risk succinctly: “Home networks and personal systems being used for work purposes is another primary concern thus far, and while some employees will return to office in the near future, we anticipate the majority of the workforce will stay remote after the pandemic has passed.”
This means, Johnson concludes, that “In addition to security training efforts, CISOs should prioritize acceptable use policies in conjunction with VPN hardware/software checks to ensure hardened and monitored systems are used for work purposes. These are effective first steps in controlling potential vulnerabilities that accompany new remote work setups.”