The convergence of IT (Information Technology) and OT (Operational Technology) is a strong example of how connection opens the door for a plethora of capabilities that increase business value; from remote access and cloud services to enterprise resource planning (ERP). The problem? True connectivity can leave organisations vulnerable to cyberattacks, not only giving hackers access to restricted data, but enabling them to make operational changes to hold organisations at ransom.
Organisations have a choice in how they respond to this growing risk. Do they choose partial connectivity, with fire breaks that air-gap high-risk networks (which limits connectivity, can result in operational silos, and can lead to employee experience drawbacks), or do they tackle cybersecurity head on?
Protecting your networks starts with knowing the risks. Here are five major cybersecurity challenges that connected organisations need to know about, and how Nymi’s solution can help you solve them.
Some 85% of data breaches involve a “human element”
We need to secure the point at which humans connect to technology, reducing human error and fool-proofing identity.
“The human element” encompasses a range of actions that individuals are tricked or manipulated into giving to malicious actors. This can include phishing, business email compromise, stolen credentials, downloaded malware, and other human errors or misuse of data.
Most of these attacks target open-web and web-adjacent interfaces. Furthermore, 96% of compromised mail servers were cloud-based. But what has this switch to the cloud have to do with the human element? Prior to cloud-based working, the focus was on securing the computer or device itself, but having devices connected to a network has changed the game. Employees are not just protecting their personal data, but potentially their entire organisation.
Now more than ever, the focus of organisations must be shifted to securing the human and the point at which they connect to systems. Physical boundaries are no longer a reliable security control as the workplace perimeter becomes redrawn to move with the employee in our increasingly mobile and digital world.
Working from home pushed phishing cases in security breaches to 36%
We need solutions that bridge multiple environments.
For a lot of people, the Covid-19 pandemic meant that working from home became the new normal. Changes in the way we work meant that hackers adjusted their attack methods, and this was demonstrated in the jump in phishing attacks.
Phishing attacks most often aim to steal credentials using a variety of methods, including encouraging people to click on links or download documents that give the hacker access to saved credentials information, or by tricking people into handing passwords through social engineering.
Without the physical workplace perimeter, organisations need to consider solutions that allow their employees to connect securely to their workplace systems, that may span multiple environments.
Over 60% of breaches involve credentials
Traditional credentials, such as passwords and identity cards, must be scrapped.
While it’s obvious that the individual’s data is at risk if their credentials are stolen, connected networks mean that it can be the skeleton key they need for further attacks. Hackers can access mailbox information, push further phishing campaigns (using a trusted individual’s access to gain credentials from co-workers), and even begin ransom campaigns.
Earlier this year, the cyber-attack on Colonial Pipeline temporarily shut down the fuel supply for the entire Eastern United States through a compromised credential that allowed initial entry into an organisation’s system.
Systems house an organisation’s most valuable assets digitally. Traditional credentials, like passwords, open the front door for adversaries to enter. Trust relationships within those networks facilitate an adversary’s lateral movement to inflict damage, such as stealing data or holding operational systems for ransom. It’s time to close the front door by moving to a more secure approach, such as biometrics, continuous authentication, and Zero Trust.
Most ransom campaigns involved Denial of Service (DoS) attacks
DoS attacks aim to shut down a device or network to make it inaccessible. This can be particularly catastrophic for connected networks if hackers are then able to shut down multiple elements of the business, such as IT/OT attacks.
Particularly in critical infrastructure sectors where the potential for liability expands to the population at large, it’s more important than ever to resolve IT/OT convergence in a way that allows organisations to reap the tremendous benefits of being connected while mitigating its threat.
One way to do this is to reframe workplace connectivity with a Zero Trust model through continuous authentication of the worker and least privileged access. Nymi packages these functions into a workplace wearable that blends biometrics, On-Body Detection, and cryptography that makes strong security for the organization easy to use by its employees.
Money talks: Organised crime is behind most hacking attacks
What is the financial cost of proactive solution versus reactive payment?
Ultimately, most cyberattacks are financially motivated and carried about cyber espionage groups. Examples include REvil (allegedly behind the Harris Federations attack) and Hafnium (allegedly behind this year’s Microsoft Exchange server cyberattack). Shut down an organisation’s operations or hold their data ransom, and hackers are looking to make a lot of money.
In 2020, the median amount lost to ransomware was $11,150, with the potential to be much higher (for example, Merck’s notorious $1.3 billion loss in 2017). Taking ransom and loss of business into account, in 95% of attacks the loss for victims ranged from $70 to $1.2 million.
The average cost of the Nymi Connected Worker Platform (CWP) that unifies the organisation but protects against lateral movement is pennies a day per worker. Compare that to the real potential of billions lost and the case for proactively addressing this challenge is financially smart as well.
Can organisations reap the benefits of complete connectivity while staying secure?
Given the risks, it is understandable that organisations choose partial connectivity, or none, but both impose limits. For secure technology experts Nymi, the key is transforming workplace connectivity to be safe, secure, and simple – with no trade-offs.
Nymi is experienced at protecting large companies in critical sectors without compromising connectivity. The Nymi BandTM, a first of its kind wrist-worn Connected Worker Platform (CWP) enables new levels of secure agility, flexibility, and scalability for connected workforces, as well as improving on unsecure credential processes with a biometrically-enabled workplace wearable.
The Nymi Band consolidates workplace connectivity onto one platform. It brings the workplace together across multiple environments by securing the point at which the worker and technology converge. By moving identity to the secure edge, organisations can eliminate silos and gain a complete view of their business, using new applications enabled by the connected worker approach. Not only is this better for a business leader’s objectives (such as security, productivity, agility, health, and safety), it is entirely preferred by the business’s major stakeholder group – its employees.