Empowering the human firewall against cyberthreats

Throughout the Asia-Pacific region, businesses are recognising the positive outcomes brought about by the implementation of remote and hybrid work models. These approaches have notably enhanced employees’ agility, resilience, and adaptability. Consequently, a significant number of organisations are expected to sustain these flexible work structures even in the post-pandemic landscape.

Highlighted in a study conducted by the Centre for Creative Leadership (CCL), it is remarkable that merely 1% of Singapore-based enterprises express an inclination for their staff to revert to exclusively on-site work. In parallel, an impressive 63% of companies have indicated their intentions to uphold hybrid work arrangements over the upcoming three to five years. These insights are consistent with findings from Fortinet’s Asia-Pacific Secure Access Service Edge (SASE) survey, wherein a substantial 92% of survey participants from Singapore have already embraced either hybrid or fully remote work models.

As a result, the workplace environment is evolving into a setting where users have greater autonomy to work from various locations on designated days. To ensure favourable experiences, organisations need to refine their approaches, especially in addressing novel networking and security obstacles that have emerged.

Challenges with securing the hybrid workforce

The main challenge is providing users with secure access to their devices. With remote or hybrid work, there is a very real risk that hackers can use unmanaged devices to gain access to companies’ entire infrastructure.

Our survey analysing the state of IT security in the Singapore hybrid workspace found that 30% of external devices connected to the network are unmanaged. This has caused concern among many security leaders, with 76% expecting cyberattacks to increase by 50%. Furthermore, our 2023 Global Cybersecurity Skills Gap Report found that 94% of Singapore organisations suffered a breach in the past year, with over 60% of these incidents causing more than SG$1 million in losses. If not handled effectively, these incidents will put additional strain on IT teams and take their focus away from more critical issues.

The three pillars of enabling a proactive security posture

Empowering human-led security requires organisations to focus on three key areas: technology, processes, and people. By building on these areas, workers will be better equipped to protect themselves and their workplaces from all forms of cyberattack.

  1. Technology
    Virtual private networks (VPNs) are designed to conceal users’ personal information and location data by routing internet traffic through a secured server rather than the public internet service provider (ISP). While this technology is crucial in strengthening workers’ privacy, it should be supported by enterprise-grade solutions designed to control access to corporate applications and cloud services.

    For example, zero-trust network access (ZTNA) is designed to allow access where necessary, essentially ensuring that workers can execute tasks efficiently and effectively without jeopardising enterprise assets. Access is not immediately granted until users can validate their identities, either by answering certain questions or accepting requests on a secondary device.
  2. Process
    It is critical that businesses assess their cybersecurity strategies and technologies for any exploitable weak points. Security teams should continually perform vulnerability analysis and penetration testing to ensure no security gaps remain.

    They should also establish and test incident response plans, which are crucial to mitigating security risks. An effective, tried-and-tested strategy can not only improve organisational resilience against current and future threats but can also shorten the recovery process so that employees can rightly focus on serving customers’ needs.
  3. People
    Employees are a central element in cybersecurity enforcement as threat actors can – and do – seek to exploit people’s lack of awareness about cyber hygiene. People today have become accustomed to mobile devices and use applications for various purposes, whether it is conducting their work or simply to unwind. Without proper security, these devices can act as entryways for cyberattackers to move into the corporate network.

    Managing endpoints is the first step towards safeguarding the remote workspace, but organisations also need to educate their employees so that they can protect themselves and their devices. In particular, users need to be able to identify scams or phishing attempts, including grammatical errors and typos, unusual requests, and inconsistent links. C-suite executives should also work together with security leaders to nurture a cybersecure culture by outlining and enforcing guidelines for users to follow. This way, employees can put the brakes on security threats before threat actors can achieve their objectives.

Strengthening the human firewall

Since the human firewall is the last line of defence against cyberattackers, employees need to be well-equipped to identify and report potential security breaches. For this reason, it is important to invest in cybersecurity skills and knowledge. Specifically, an organisation should ensure its people are informed on basic cyber hygiene practices that can be conducted by anyone, including not accessing or sharing information via a public network, ensuring the sites they visit are encrypted, and not clicking on suspicious links or attachments.

Finally, employees need to understand the nature and amount of the data they handle and the value of it, especially to cyberattackers. For example, sales teams use personally identifiable information (PII) to deliver unique experiences that can attract and retain customers. However, cyberattackers can also abuse this to identify potential targets or even impersonate users. There is also financial data, which accountants use to record payments and transactions but can also enable threat actors to steal money from their customers’ bank accounts or e-wallets. From there, users will need to determine what effective safeguards are necessary to reduce the risk of data theft.

Ultimately, enforcing cybersecurity is a team effort that requires the involvement of both managers and employees. By enhancing the human firewall, organisations will be better equipped to stop cyberattackers from achieving their goals and disrupting the overall digital transformation journey.