Page 114 - Cyber Defense eMagazine December 2022 Edition
P. 114
This surge in cyber-attacks creates a unique sense of vulnerability for businesses. With heightened
cyber-risks, there is an urgent need for organisations to become cyber-resilient. The Government
department for Digital, Culture, Media & Sport (DCMS), along with Julia Lopez MP has urged businesses
and charities to strengthen their cyber security practices now. This comes at a time when the National
Cyber Security Centre has published guidance on the steps organisations can take when the cyber threat
is heightened.
It’s imperative for businesses to focus their attention on their cyber security efforts, starting with what has
failed in the past and seeking solutions to address these failures. This will allow businesses to learn from
previous mistakes and take ownership of their own network security, or risk being collateral damage in
the cyber crossfire.
Aligning digital transformation with cyber-resilience
Many businesses fast-tracked their approach to digital transformation during the Covid-19 pandemic. As
such, organisations were forced to ease security procedures to help staff adjust to remote working,
creating a variety of security issues. The emerging all-digital lifestyle and work-from-home environment
will continue to complicate cyber security and give criminals new vulnerabilities to attack.
In Deloitte’s recent article on the impact of Covid-19 on cyber security, it highlights a Swissinfo.ch report
of figures from the NCSC (National Cyber Security Center) for June 2020. These figures indicated
individuals working at home do not have the same level of inherent protection/deterrent measures
compared to an office working environment.
Reimagining traditional password security
The main reason criminals easily gain access and command over a network is due to the inherent
weaknesses apparent in the traditional approach to network security. In the office workspace,
organisations distribute passwords to their employees directly, rather than having an employee craft a
key themselves. The power lies in the hands of the business, rather than the individual.
But when companies went digital, they flipped that process around. Suddenly, they let their employees
create their own keys to every system, transferring ownership and control of access to them. From that
moment, organisations no longer knew or had control over when, where, and how employees would
share, lose, or reuse passwords.
The ability for employees to share, lose, and reuse their passwords without their organisation knowing,
leads to tactics such as phishing, social engineering, credentials stuffing and password spraying to allow
cyber criminals to get past unsuspecting users.
Cyber Defense eMagazine – December 2022 Edition 114
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.