Security risks have increased for enterprises as any place and every place is being turned into an office with the pandemic forcing people to Work From Home (WFH).
With the continued focus on WFH and digital transformation kind of work being done at homes, companies need to adopt a perimeter-less security approach to gear up for the ‘new normal’, warns PwC.
“Applications, data, users and devices are moving outside the organisation’s perimeter. As a result, attackers on the outside can penetrate an organisation’s network through various means,” said Siddharth Vishwanath, Partner and Cyber Advisory Leader at PwC India.
ADVERTISEMENT
Moreover, under the ‘bring your own device’ (BYOD) policy, employees are increasingly using their own mobile and other semi-trusted and untrusted devices to access critical information, as per a PwC report, Securing the Future of Business.
“Organisations should move towards the ‘future of business’, they will no longer be able to address the changing threat landscape using conventional approaches,” Mr. Vishwanath added.
The report says, in the past, securing an organisation was about establishing walls around the data centre that housed the core data and applications.
ADVERTISEMENT
“But with the growing use of emerging technology coupled with mobile platforms, cyber attackers are resorting to attacks such as credentials hacking, targeted phishing and data mining malware in order to obtain credentials and gain access to an organisation’s network,” he added.
PwC report suggests organisations to adopt zero trust architecture (ZTA) to fortify their network architecture. ZTA principles are based on the concept of ‘always verify and never trust’ anyone. This approach requires every user, account or device attempting to gain access to the organisation’s infrastructure to undergo verification prior to obtaining access.
ZTA aims to enforce granular perimeters on data, user and location. This lowers the potential for data breaches, as per the report.
“It is important for organisations to foster a culture that is risk aware. Thus, there is a need for a comprehensive security awareness programme that encompasses virtual training sessions and phishing, vishing, and smishing campaigns for development, continuous adaptation and sensitisation around security practices,” Mr. Vishwanath who authored the report further said.