2021: organizations will begin to focus on cyber resilience
- Published: Tuesday, 08 December 2020 08:41
Jon Fielding, Managing Director EMEA, Apricorn looks ahead to the cyber landscape in 2021 and predicts that it will be the year that organizations start to fully embrace cyber resilience...
“Cyber resilience is an organization’s ability to prepare for, respond to and recover quickly from any digital disruption,” says Jon Fielding. “Organizations will move beyond the mindset of ‘complete security’, to focus on strengthening their cyber resilience.”
Jon Fielding continued:
“We anticipate a marked rise in criminal attacks in 2021, as hackers take advantage of people continuing to work remotely – in particular ransomware, malware and phishing. Recognising that no business is immune, IT teams will shift focus to ensuring they have all their ducks in the row in the event of a breach. They’ll also prioritise planning to mitigate the impact of any future crisis that drives the workforce out of the office!
“We expect to see an increase in encryption, to protect data as it’s moved from office to home – mitigating risks such as targeting in the cloud – and keep information secure whatever’s happening around it. There will also be a rise in endpoint controls that enable employees to use their own devices safely. These measures give organizations the ability to demonstrate transparency and due diligence in the event of a breach.
“The use of secure, encrypted storage devices as a straightforward way of backing up data locally is likely to increase, supporting the ability to get up and running again fast.”
“Combined home and office working will set in as a long-term model, and doing this safely will demand a major culture shift. Lack of employee education was singled out as the biggest cyber security weakness during the first UK lockdown in a recent Apricorn poll. Companies must make urgent changes to improve awareness of the different security risks associated with hybrid working, and the knowledge of how to control them.
“Training employees in the ‘practical stuff’ won’t be sufficient. Everyone is accountable for protecting data in the new working environment, which requires a culture of information security best practice across the entire dispersed workforce. This isn’t something that can be enforced; employees need to buy in to it.
“This will require IT teams to build deeper engagement with staff, and devolve greater responsibility for security onto the individual. Education programmes must therefore explain the ‘why’, as well as the ‘what’ and ‘how’: the reasons data protection is important, and the specific risks and consequences to their company of a breach.
“Ultimately, businesses will want complete confidence that employees are working safely when they’re out of the office. Secure, encrypted storage devices can be used to protect company data offline, or quickly deploy a secure desktop environment to an entire workforce, by pre-loading them with the with the standard corporate apps and security settings. Employees can then boot this up on whatever device they're using.”