Attributed to: Parvinder Walia, President of Asia Pacific and Japan, ESET
Password remains the most common form of user authentication despite biometrics identification and authenticator apps having been around for quite some time. This may change next year as the world’s largest software company, Microsoft, has recently announced that its users can completely remove passwords from their accounts.
From a cybersecurity perspective, passwords provide an avenue for cybercriminals to mask themselves as an authorised user, staying hidden inside corporate networks to perform malicious activities.
The work-from-home trend has added fuel to the fire. ESET’s recent Threat Report T2 2021 highlighted that cybercriminals continue to take advantage of the remote working arrangements to mount cyberattacks, as there has been a 104% increase in public-facing Remote Desktop Protocol (RDP) services brute-force password attacks in May - Aug 2021, as compared to Jan - Apr 2021.
On paper, going passwordless could help businesses improve their cybersecurity as claimed by a recent study that passwords were to blame for 84% of data breaches last year.
However, going passwordless is not the silver bullet as cybercriminals can adopt other attack vectors leverage on one-time passcodes (OTPs) and biometrics. For instance, SIM swapping attacks can redirect OTPs to bad actors. Deepfakes are also already being developed to bypass voice and facial recognition technology. This will pose more issues as users will not be able to reset their credentials like how they change their passwords because this would require them to alter their physical attributes.
Getting rid of passwords is a journey, and businesses must assess the pros and cons before jumping on the bandwagon.
The hybrid working arrangement is here to stay and will continue to fuel cloud-first strategy
Businesses are unlikely to return to the traditional model of work as the world recovers from the pandemic. Many companies have adopted a hybrid model, where most employees are allowed to work remotely, but are given the option to work in the office for some days during the week.
The benefits of the hybrid model include increased productivity, reduced costs, and improved employee satisfaction and culture. Moving forward, implementing the hybrid model will be key to improving staff wellbeing, retention and recruitment, driving productivity and re-energising the workforce. A recent survey also found that 84% of companies in APAC intend to make moderate to extensive hybrid work changes, and are actively promoting hybrid work to attract and retain talent.
Many large enterprises and technology companies are ahead of the curve in embracing hybrid working models, and are already implementing cloud-based technologies.
However, SMBs who may not have the resources to adapt to these trends will need to catch up, as these trends may soon become essential for businesses. For example, they may need to comply with new cybersecurity or data security regulations. As hybrid work becomes the new normal, it is imperative that organisations adopt a strong cybersecurity posture in tandem.
To support this hybrid working arrangement, many business and productivity tools have shifted to the cloud. By migrating resources to the cloud, they are made accessible from any location, which improves availability for employees. The cloud also reduces costs for businesses, eliminating the expenditure that comes with running servers, maintaining hardware, and patching operating systems and software. Many services and processes are now hosted in the cloud rather than physically present in the office.
To mitigate these risks from insiders, adopting the Zero-Trust security framework will be even more important, especially due to the prevalence of the bring your own device (BYOD) culture and remote working arrangements, which are expected to continue. With a Zero-Trust environment, organisations will also have control and visibility of all their data, allowing for rapid detection and response in the event of a security breach.
It is also crucial for businesses to harness the power of cloud computing to enhance their cybersecurity. This can be in the form a cloud-based sandbox to analyse never-before-seen threats or deploying a cloud-based security management console for managing security across their organisation.
Virtual reality (VR) workplaces
There is no doubt that the metaverse will be the next iteration of the internet. Facebook has even renamed its company Meta to mark the new tech frontier. Working in the metaverse is also in the not-too-distant future as there are already various VR workplaces under development, such as Horizon Workrooms and Mesh for Microsoft Teams.
The rise of VR workplaces means there will be more VR headsets deployed by businesses to enable their employees to collaborate in this new environment. We must not forget that a VR headset is essentially an IoT device that is capable of collecting, storing and transmitting sensitive information over the internet. Like any other IoT device, VR headsets are also susceptible to cyberattacks. VR hacking is not something new as it had been demonstrated in the past that it is possible to compromise VR headsets using malware. This serves as a stark reminder that secure-by-design must be a norm for developing VR headsets and platforms.
As for the users, some countries, such as Singapore, have established a cybersecurity label that helps to identify IoT gadgets that meet certain cybersecurity standards. I hope such certifications will include VR devices and soon be a common sight across Southeast Asia to assure businesses and consumers that the IoT devices they are using are secured.
0 Comment Log in or register to post comments