How cybersecurity of organisations in Europe will change and adapt with teleworking and the migration to the cloud
When 2020 arrived, no-one could have predicted nor expected the drastic changes that we are seeing in the light of the COVID-19 pandemic. Not only has the pandemic changed cybersecurity, it has also created a huge paradigm shift in the way that organisations work.
The pandemic caused a rush across Europe to get employees out of the office and working from home, creating a requirement to better secure the teleworkers. Prior to the pandemic, only 5.2% of people regularly worked from home across the EU. A Europe-wide push for people to self-isolate proved challenging for the majority of the continent’s population who typically hadn’t been working from home; however, now that this paradigm has shifted, organisations across Europe are turning their attention to how they will work in the future.
Creating the New Normal in the Cloud
There has been much talk in the media about the “new normal” and what that will look like when it comes to cybersecurity. With lockdown restrictions easing, the return to the office is firmly on the board’s agenda. Most European organisations are considering two options – allow their employees to work from home full-time or adopt a “hybrid” workplace approach, where employees will split their time between working in the office and at home.
The pandemic has helped many employees realize how much they enjoy the work/life balance and appreciate not having to commute to an office five days a week. They have also proven that they can work just as effectively from home as in the office. Research predicts that the number of UK employees working from home on a regular basis will double, increasing to 37%, compared to 18% before the pandemic hit.
In line with this change, many European organisations have reduced their real estate and have a decreased need for on-premise solutions. This is creating a shift to cloud-based solutions that will provide stronger protections for teleworkers. The growth in cloud computing has been massive and transformational – and quickly sped up with the pandemic.
Cybersecurity for Teleworking
If employees are going to work from home on a regular basis, their cybersecurity hygiene should be considered by the organisations they work for. There are a myriad of different challenges with securing teleworkers; for instance, employees might be more likely to fall victim to a phishing email or cut corners when it comes to backing up important company data.
Phishing attacks have grown by over 60% in the UK since the COVID-19 pandemic and are widely recognised as the top cause of data breaches. Hackers are getting much more sophisticated in their approach to phishing attempts and once an employee clicks on a malicious link, they may be able to gain access to the employer’s device or sensitive data.
Cybersecurity for home workers is very different than for the office. Employees’ home networks will often have weaker protocols (WEP instead of WPA-2, for example), which can allow hackers to access network traffic much more easily. To help with this change, many organizations are looking for upgraded security tools and services that can be entirely cloud based. It’s a good time to review remote access solutions and policies, to ensure your team is working securely while remote.
Securing the Cloud
With the transition of more employees working from home, it is not surprising that cloud technologies are being adopted at an incredible rate in recent months. Of the 250 IT leaders surveyed, 82% said they have increased their use of the cloud in direct response to the COVID-19 pandemic, with 60% saying their use of off-prem technologies have continued to grow post-pandemic. The same study also found that respondents believe that by 2025 only 22% of workloads will reside on-prem, compared to 35% of workloads that resided on-prem prior to the COVID-19 outbreak.
From a business continuity perspective, there has never been a better time to make the move to the cloud. The ability to allow employees to work from anywhere via a virtual desktop or remote infrastructure has been instrumental to keeping employees working, and business moving, during the COVID-19 pandemic.
However, now data sovereignty issues become more of a focus and risk, especially for Chief Regulatory Officers and General Counsels. This country-specific requirement states that digital data must remain within those country’s borders and is subject to the laws of the country in which it is collected and processed. Many countries have had data protection laws for decades, and with the stricter rules put in place by the EU’s General Data Protection Regulation (GDPR), the concerns have become much more prominent.
So while the migration to cloud-based technologies may be straight-forward, securing it may not. Some teams are well equipped to deal with the transition, but many teams find themselves struggling to secure their teleworkers. The cybersecurity skills shortage in Europe is expected to be nearly 350,000 by 2022, which means many teams will have to look for alternative ways to secure their cloud technology.
For many in Europe, the idea of a SOC-as-a-Service, or outsourced managed services, wasn’t a consideration prior to the pandemic. But given the swift changes organizations had to make, they have realized that partners can help to fill a gap with their IT security. Cloud-based SOC-as-a-Service providers offer a lot of flexibility for organizations and 24/7 protection that many organizations can’t fulfill in-house.
If you find yourself trying to build out a secure, cloud-based security program, here are a few principles that you should follow when transitioning data to the cloud:
- Monitor and secure your Office 365 implementation. Office 365 is continuing to be adopted at an exponential rate, especially since the global coronavirus pandemic hit earlier this year. While it allows businesses to be more efficient and productive when it comes to remote working, it is also a high-value target for cybercriminals. Properly monitoring your Office 365 environments for your remote workers can help to detect account compromises, identify phishing attempts or suspicious email patterns and detect password attacks, suspicious file sharing, permission changes or downloads. Protecting your organisation and having use cases to monitor your remote workers Office 365 environment is crucial, whether you have a hybrid cloud or multi-cloud model – is even more important if you have employees working from home.
- Make sure your data is secure. The encryption of data in transition should be end to end. In addition, all interactions with servers should happen over SSL transition (TLS 1.2). This will ensure the highest level of security. The SSL should only terminate within the cloud service provider network.
- Get a virtual private network (VPN) and virtual private cloud (VPC). Having a dedicated cloud environment gives you total control of your data. Customers can connect securely to your corporate data centre, and all traffic from and to instances in your virtual private cloud can be routed to their corporate data centre over an industry standard encrypted Internet Protocol Security (IPsec) hardware VPN connection. This should also be monitored 24/7 for suspicious activity.
- Look for partners who can help. If you’re struggling to secure your cloud environments, consider finding a partner to assist. Utilising SOC-as-a-Service or other managed security services allows you to not only fill a gap within IT security, but also offers significant cost savings through tailored service offerings. Their continuous detection, protection and response is a great option for organisations that do not have resources for a 24/7 in-house team.
- Ensure partners follow rigorous compliance standards. If you find yourself looking for partners, make sure their compliance standards are robust. Two of the most important are SOC 2 Type 2 and GDPR. SOC 2 Type 2 is good for internal risk management processes, regulatory compliance oversight and vendor management programs. It confirms that a cloud service maintains the highest possible level of data security. GDPR is the European standard when it comes to data compliance. You should ensure your partners are adhering to best practices that will achieve GDPR compliance.
There is a lot to consider during this time of uncertainty, but once the dust settles, migrating to the cloud properly will provide benefits to your employees and customers alike. If you’re looking for a partner who can help you with this transition, or if we can be of help in any way, please feel free to contact us.