Threat Intelligence & Threat Hunting Manager, Deloitte
Cyber Security Partner, Deloitte
National Leader, Legal practice of cybersecurity and data privacy, Deloitte Legal Canada
Last year, society’s understanding of ‘normal’ changed. For cybersecurity professionals, the shift in both personal and professional habits have another layer of significance.
Organizations are collectively trying to establish what the ‘new normal’ looks like for employees at work and at home — especially now that they’re often the same. It’s time for professionals to think proactively and more deliberately about how they can keep themselves safe from a malicious digital attack or privacy breach, while also benefiting from the technological and social evolution.
“The new normal is a digital enhancement,” says Paul Hanley, Cyber Security Partner, Deloitte Canada. “Technology is making our lives simpler, faster, and ultimately better. When embraced properly, our workflow, time management, and productivity are all enhanced.”
Check your footing when taking a step in the right direction
Some people who previously thought they couldn’t do their jobs remotely are discovering they actually work better from home. But when the shift is rapid, and new technologies are adopted without time for thorough security reviews, vulnerabilities can happen.
“Most organizations were already heading in this direction, but they’ve been forced to get there at a speed for which they were not prepared,” says Adrian Cheek, Threat Intelligence and Threat Hunting Manager, Deloitte Canada. “When everyone is jumping onto a new technology, the established criminal elements are moving quickly to research and compromise it. The bad guys have big budgets, no borders — and a lot of experience, while many organizations under threat don’t have a sizeable security budget until after a security event happens.”
Moving into a better future with open eyes
Now more than ever before, there is broad awareness concerning data breach and cybersecurity incidents impacting organizations. “The privacy offices across Canada are being more vocal and active. The Federal government and even some provinces are introducing bills to increase corporations’ obligations in the case of a data breach, including fines that can go up to $25M,” said Helene Deschamps-Marquis, National Leader, Legal practice of cybersecurity and data privacy, Deloitte Legal Canada . “This is now a key consideration for organizations as they loosen the controls around operating in what were once privately held, secured networks.”
Deloitte recommends that responsible organizations focus on gearing their security awareness campaigns toward protecting workers at home and securing home networks. “New technology can be implemented safely, but companies need to ensure that their in-house security posture is transplanted into these new, extended environments,” added Cheek. “Companies playing catch-up are experiencing security events at an increased volume and being taken to task by regulators and the media because of it. This erodes public trust, which can take a long time to rebuild or cause irreparable brand damage.”
After all, if an insecure home router is the weakest point in the communications chain, bad actors will use that vector. The pandemic has allowed for more creativity in how people are targeted, with phishing attacks masquerading as vaccine information, and novel techniques to track individual behaviour patterns, such as monitoring home energy use.
However, this isn’t cause to avoid new technology. Deloitte’s cyber professionals encourage organizations and individuals to be cautious, vigilant and educated about the risks they are navigating online, and how to mitigate them. Organizations looking to implement new technologies or enable increased remote capabilities should also glean insights from a third-party who is well-positioned to see any blind spots or threats before it’s too late.
“Blocking employees from doing something new or innovative because it poses a security threat is an old-school way of thinking,” says Hanley. “I try to consider the perspective of enabling the business via security. I want to hear what the company is looking to achieve and then figure out how to enable that in a secure manner. When you go into a new technology with your eyes open, you can do it safely and reap significant business benefits.”