As a former CISO I know that it is a challenge at the best of times to keep your organisation safe and secure. The Corona virus presents businesses with an unprecedented challenge, with companies now allowing – or mandating – their employees to work from home and access the organisation’s business assets from afar. This has put a huge strain on IT and Security teams, as they grapple with deploying VPNs and 2FA – which have become the standard security measures – to their entire workforce.
Attackers are exploiting the high volume of remote users. This makes it very hard to identify unusual remote logins and harder to detect credential theft; devices that are used to log in for the first time are no longer an anomaly, and so may not be identified. This is the new normal with user behaviour and access patterns that have never been seen before, so most security teams are experiencing unknown unknowns.
Additionally, moving away from the perceived safety of the office network can be unsettling, especially for employees who are working from home for the first time. Many are not security trained and can be attacked by quite simple social engineering methods. COVID weaponized emails, theft of remote user credentials, smishing and spear phishing attacks are on the rise.
So it is vital that security departments open up lines of two-way communication with the employees. Workers should be openly discussing their security concerns with their company and colleagues. The OutThink platform (SaaS) is helping large organisations (incl. FTSE100) to do exactly this, whilst also delivering our award winning, GCHQ/APMG-certified security awareness training to get users thinking of security when working from home.
From that point on, OutThink’s advanced AI and natural language processing (NLP) technology, automates understanding the employees and their concerns. The platform identifies who is not behaving securely and why, which departments, teams and individuals pose the greatest risk. This lowers the burden, equips security teams with the actionable human risk intelligence that enables them to fight the big fight against cyber attackers triumphantly.