By Hyther Nizam, President Middle East and Africa, Zoho Corp
The pandemic has drastically changed the workplace as we know it; companies have discovered plenty of benefits of embracing hybrid workplace models, distributed workforce or fully-remote. With that being said, the change came with a hefty burden on security teams as existing protocols and firewalls were no longer sufficient to prevent cyberattacks.
Two years into the pandemic, and the Middle East is still facing one of its biggest and costliest security challenges in modern times. According to an IBM report, the Middle East region ranked second highest average data breach cost amongst 17 regions in the study.
As entities started shifting operations to the cloud, more vulnerabilities opened up for cybersecurity criminals to exploit, that were harder to contain and took a major toll on government entities, educational, financial and diplomatic institutions as well as businesses across MENA countries— specifically UAE, Saudi Arabia followed by Egypt, that became the region’s biggest targets.
A Kaspersky report revealed that the UAE experienced a 130% increase in cyber attacks in 2020 as many companies were forced to shift to remote working. In 2021, cyber attacks continued to increase and while, on one hand IT teams were taking newer measures, attackers, on the other hand, were getting better at manoeuvring around security loopholes.
The core problem lies in lack of clear cybersecurity hygiene policies, employee awareness and shadow IT. To root out these issues, companies must embrace a holistic approach towards cybersecurity. This includes:
1- Clearly-defined frameworks and policies: Not many organizations in the MENA set a clear policy for their cybersecurity. Building a framework for security helps set the stage for critical stakeholders in the organization to make decisions. To do that, IT teams should analyze the existing threat scene, benchmark current practices against industry’s best practices then build an end-to-end strategy. Needless to say, goals, processes, and accountability must be clearly identified in order to measure the success of the security policies and standards.
2- Endpoint security as the frontline of security: With perimeter-based security no longer being proof, instituting a Zero trust model is imperative for IT teams to ensure a definite level of compliance to security standards. Based on IBM’s Data Breach report, organizations in UAE and KSA that modernized their strategy with a mature zero trust approach had 35% less of data breach cost. As such, endpoint protection platforms must be built with the ability to configure, patch and manage operating systems and applications remotely. Implementing strict endpoint management and control protocols for corporate devices helps continuously monitor activities and raise any flags that come about, for both office and remote workers.
3- Good cyber hygiene practices: Employees are a key part of the strategy towards combating cyberattacks. Therefore, employees must be educated on the types of threats they can face, including APT attacks, ransomware, risks of phishing, and vulnerable home/public networks. New employees must also be inducted on the company’s security protocols as part of their onboarding. With the right and continuous training, remote workers can understand how data can be compromised, and learn good cyber hygiene to practice to work more securely.
4- Strict access control: As a best practice, employees accessing the workplace platform remotely must undergo strict access control. This means setting multi-factor authentication that deliver location-agnostic security and offer myriad secondary authentication such as push notification, TOTP, QR code scanning, face recognition access or finger print ID.
5- Remote access and VPN access: Cybercriminals have found a way to bypass firewalls and email protections. Firewalls were previously built around the perimeter of the workplace premise as a protective layer to either allow or block certain traffic movements, but within employees’ under-protected home or public networks, these firewalls cannot fully control inbound traffic. As such, IT and security teams should activate security protocols such as data encryption to minimize the risk of data breaches, theft or damage. VPN access and remote access over encrypted channels are ways that allow a degree of control over in- and outbound traffic. These tools must be monitored and introduced by IT teams only, ensuring these tools are legitimate, compliant and secure.
With the hybrid workplace model becoming the new reality, it is ever more important to be prepared on the security front, making sure to institute holistic cybersecurity measures that extend beyond the IT department. This enables companies to continue reaping the benefits of the new workplace model, while maintaining the highest security in line with industry’s best practices.