Millions of people in South Africa have been working from home – or outside of the traditional office environment – for 18 months now. Although it undoubtedly required an adjustment, it has largely become a norm and even a preferred way of working for the flexibility it offers in terms of when and how work gets done.
This shift was supported by cloud services and connected devices in many ways, which meant that people could stay fully connected with their teams and continue to access the resources – data, documents, databases and networks – they needed to do their jobs.
Even though being in the cloud potentially offers greater levels of security for businesses because of end-to-end security that is both automated and intelligent, the reality of the move from a corporate environment to a home – or remote – environment meant that it opened up an entire new security paradigm and risk landscape for businesses to think about and act on.
The reality is that home networks are not set up to be as secure as corporate networks. They, traditionally at the very least, do not have the same layers of security built in to them. Add to that the growth of IoT and the explosion of connected devices and smart, voice-activated virtual assistants, and there is another security consideration.
These assistants, for example, are trained to listen, and this could pose a potential threat: Employees are part of more teams than ever, and in a remote working environment need to have virtual meetings – where sensitive or confidential company information may be shared.
There is also the element of human error. People working from home are now more likely to have confidential or sensitive data stored on their laptops or other devices – even unknowingly. This presents a risk if the laptop is lost or stolen.
Likewise, there is a risk of cybercriminals gaining access to critical company data or systems if employees haven’t been trained properly to be security aware, and unwittingly click on links or download attachments in phishing e-mails containing malware or ransomware.
A big phish in a small pond
Phishing attacks have grown in volume and sophistication since the onset of the pandemic as the move to remote work created a target for cybercriminals, with many employees working from home using unsecured personal smartphones and computers.
A survey by one of Microsoft’s partners, Liquid Intelligent Technologies, found that 57% of IT professionals in South Africa had seen an increase in threats since the start of the pandemic – with phishing or social engineering attacks the biggest concern locally.
Another report revealed that more than half of business leaders said clicking on phishing e-mails was the highest risk behaviour they observed, with a full 28% admitting that attackers had successfully phished their users.
A survey by Liquid Intelligent Technologies found that 57% of IT professionals in South Africa had seen an increase in threats since the start of the pandemic
This shows that security is only as good as its weakest link. Making a mistake could be costly, as attacks are increasingly financially motivated. This is likely why protecting against harmful attacks through anti-malware or anti-ransomware emerged as one the three top security priorities in the next six to 18 months, with 45% of leaders surveyed in the recent IDC Cybersecurity survey commissioned by Microsoft identifying it as a focus area.
The ability to protect against these attacks means rethinking how businesses approach security. The traditional thinking was to liken it to home security, where, just like people employ security companies as an additional level of security for their homes, they still need to take responsibility for securing their house by closing windows and locking doors.
This thinking is outdated, because in the age of the cloud, “home” sits everywhere and the network the way we knew it, doesn’t exist anymore. That makes it more critical than ever for businesses to take responsibility for securing their entire environment end-to-end.
At the centre of this lies identity and access management, threat protection, information protection – and, critically, cloud security, which is now increasingly both automated and intelligent. There is a growing pool of automated tools and solutions that enable proactive, real-time monitoring, threat detection and incident response. These tools enable security professionals to focus on security strategy and culture rather than sitting behind a computer watching and managing incoming signals that indicate attacks or zero-day vulnerabilities.
Modern security officers have to deal with a security landscape that is deeper and wider than ever before because of how people work. Increasingly, this means they need to position security as the business fundamental it is, to secure the right level of investment to protect against a growing number of complex threats.
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organisation on the planet to achieve more. Find Microsoft South Africa on Twitter or Facebook.
- The author, Colin Erasmus, is Modern Workplace and Security Business Group lead at Microsoft South Africa
- This promoted content was paid for by the company concerned