This surge  in  cyber-attacks  creates  a unique sense  of  vulnerability  for  businesses.  With  heightened
            cyber-risks,  there  is  an  urgent  need  for  organisations  to  become  cyber-resilient.  The  Government
            department for Digital, Culture, Media & Sport (DCMS), along with Julia Lopez MP has urged businesses
            and charities to strengthen their cyber security practices now. This comes at a time when the National
            Cyber Security Centre has published guidance on the steps organisations can take when the cyber threat
            is heightened.

            It’s imperative for businesses to focus their attention on their cyber security efforts, starting with what has
            failed in the past and seeking solutions to address these failures. This will allow businesses to learn from
            previous mistakes and take ownership of their own network security, or risk being collateral damage in
            the cyber crossfire.



            Aligning digital transformation with cyber-resilience

            Many businesses fast-tracked their approach to digital transformation during the Covid-19 pandemic. As
            such,  organisations were  forced  to  ease  security  procedures  to help staff  adjust  to  remote  working,
            creating a variety of security issues. The emerging all-digital lifestyle and work-from-home environment
            will continue to complicate cyber security and give criminals new vulnerabilities to attack.

            In Deloitte’s recent article on the impact of Covid-19 on cyber security, it highlights a Swissinfo.ch report
            of  figures  from  the  NCSC  (National  Cyber  Security  Center)  for  June  2020.  These  figures  indicated
            individuals  working  at  home  do  not  have  the  same  level  of  inherent  protection/deterrent  measures
            compared to an office working environment.



            Reimagining traditional password security

            The  main  reason  criminals  easily  gain  access and command  over  a  network  is due  to  the  inherent
            weaknesses  apparent  in  the  traditional  approach  to  network  security.  In  the  office  workspace,
            organisations distribute passwords to their employees directly, rather than having an employee craft a
            key themselves. The power lies in the hands of the business, rather than the individual.


            But when companies went digital, they flipped that process around. Suddenly, they let their employees
            create their own keys to every system, transferring ownership and control of access to them. From that
            moment, organisations no longer knew or had control over when, where, and how employees would
            share, lose, or reuse passwords.

            The ability for employees to share, lose, and reuse their passwords without their organisation knowing,
            leads to tactics such as phishing, social engineering, credentials stuffing and password spraying to allow
            cyber criminals to get past unsuspecting users.










            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         114
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.