6 min read
Relaxed at work: 5 simple things to lift your mood
In autumn and winter, the decrease in sunlight - which affects the "happiness hormone" serotonin -...
6 min read
Globalization, remote work and the many advantages of digital collaboration tools have opened up new vulnerabilities in cyber security measures. A new study by GBS asked companies how they deal with the new threats - and digital security innovations.
Content:
The study by GBS was conducted in April and May 2022 amongst companies who mostly used Microsoft solutions for their workplace infrastructure. However, some participants also mentioned Google, Dropbox, Slack and other solutions.
It's safe to say that the main issues that are being raised in the study are also relevant for companies who use other forms of digital collaboration channels.
GBS is a subsidiary of DIGITALL which develops innovative security solutions and our Cyber Security experts work closely together.
You can download the study here (the study is in German).
In the following, I will summarize the findings as well as the tips provided by the authors of this study.
About ten years ago when I started working in the digital sector, the cloud had a huge image problem regarding its safety. However, in the last decade, companies have come to realize that with the right setup, cloud-based solutions can actually offer more security than the classic (inflexible) on-premise solutions.
According to the study, 71% feel secure with their cloud environments with another 29% feeling medium secure. Not a single participant felt completely unsafe in the cloud.
Even with the new security threats of malware, ransomware, phishing and more, companies can't go back to a closed-off infrastructure. Modern work culture, collaboration requirements, and the need to be agile on the market demand for a digital infrastructure that can move with every new development.
This exact necessity is also the reason why cyber threats need to be taken seriously. Most attacks aim to disrupt a company's systems until it pays a ransom. Whether it pays or not, data usually is lost to the criminals and can even be leaked publicly. According to a collection of stats by IBM, every fifth cyber attack is a ransomware attack. In 2021 alone, the costs of these attacks are estimated at 20 billion US-Dollar overall.
The participants of the GBS study are well aware that different forms of attacks and risks exist and are especially concerned with the disruption of their cloud functions during these attacks for numerous reasons and only 14% state that they have alternative solutions implemented that could be activated within a few hours.
However, many companies feel challenged when it comes to adapting their security measures to the new threats, especially regarding:
Especially a complex infrastructure with many different stakeholders (and across different regions) can be difficult to set up due to different requirements, legalities, and workflows.
The GBS study asks different questions regarding measurements and plans to strengthen security and develop a fluid, modern security strategy. A main takeaway is the combination of technology, training, processes, and data transparency.
One third of all participants enforce specific user restrictions, so external users need approval from the company's IT. 15% don't allow any collaboration with external users on their digital platform. However, the latter might be slightly safer but can also hinder partner and customer management. Additionally, it is against the modern work culture of collaboration, team work and flexible communication. If employees have to share documents outside of the working infrastructure, it's not necessarily safer. Proper authentication as well as user restrictions to specific areas of the solution might be better solutions to enable collaboration and secure the platform.
Human error is still a huge component of security risks, especially since phishing attacks are getting more and more convincing with each day. It's therefore necessary to train every single user at a company (this includes management) and make them aware of typical phishing and hacking methods.
55% of all participants communicate within their organisation how to act responsibly and 46% train their employees. 16% stated that their technical measures are enough. However, there is no way to guarantee with technical measures only that users might not use open WI-FI, read sensitive information in public places, fall for a phishing mail or otherwise accidentally create a security risk. In fact, 56% of all survey participants state that their employees occasionally use private gadgets (smartphones, laptops, etc.) to do their work - and are therefore usually outside of the control of the secured company network.
It is therefore crucial to include training and awareness measures into your security strategy.
You can start with our Awareness Checklist which gives you a great overview on the most important measures that individuals and teams can do to reduce risks and risky behavior.
What should you do once your security has been breached? Do you have preventive security measures as well as response management in place that can help you make the right choices? Do you have a communication plan, do you know which stakeholders are responsible for next steps, do you have alternative infrastructure to rely on?
Only 23% of the survey participants have either alternative solutions or don't save any critical documents in their cloud solutions in case of a breach. It's additionally recommended to have clear next steps in place and people in charge who know how to respond in different areas of the company (e.g., internal and external communication, informing the authorities, activating alternative solutions to keep the operations going, tracking, identifying and eliminating the malware, etc.).
Although most cloud vendors have specific Cyber Security measures installed, circa 60% of all participants still prefer the support of third-party tools to further strengthen their collaboration platform's security. This makes sense if there are additional compliance measures (for example in industries that deal with a lot of sensitive data) or if teams are highly decentralized over different regions.
There are numerous, verified vendors out there who offer solutions that further secure collaborations tools such as Microsoft Teams or Salesforce Slack.
86% of all surveyed companies use European cloud services to ensure that the solution adheres to the compliance and data security laws. For 55% this is mainly necessary due to the strict GDPR regulations. However, 27% also feel that European vendors are more equipped to deal with sensitive data. 9% prefer vendors close to "home" for immediate and guaranteed service support in case of any breaches and 8% see more hacking risks in non-EU solutions.
When it comes to technical solutions to increase cyber security, most companies prefer automatic measures that adhere to all ingoing and outgoing data. That's why 46% encrypt their data and 32% automatically scan imported files to make sure that they don't contain malware.
Especially industries that handle a lot of sensitive data (e.g., finance, healthcare, public services) prefer to manage their data on a private cloud. A private cloud is dedicated to a company and usually is managed in collaboration with the internal IT and the cloud vendor's support.
Since a private cloud does not make sense for all data and workflows because it would hinder the flexibility of modern work, many companies use private clouds in combination with public cloud services. This way, users can collaborate freely but still ensure that all critical and sensitive data is secured.
DIGITALL offers a wide range of Cyber Security solutions, from a 24/7 360° Security Operations Center up to a first assessment to identify your security gaps and evaluate next steps. Take a look at our portfolio:
Dr. Thomas Bruse received his doctorate from the Chair of Information Systems at the University of Paderborn, under Prof. Dr. Ludwig Nastansky. He then held various technical positions at consulting companies. Today, his tasks are mainly management and the development of go-to-market strategies for cyber security and cloud products.
by Juliane Waack
In autumn and winter, the decrease in sunlight - which affects the "happiness hormone" serotonin -...
by Deniz Tourgout
We sat down with our Cyber Security expert Deniz Tourgout to talk about current and future trends...
by Juliane Waack
What does the future of artificial intelligence bring and how are companies currently dealing with...