CYBERSECURITY FOR LEGAL AND FINANCIAL BUSINESSES
CONTINUED
it comes to accessing and sharing data,” says Fiona. “However, we are seeing a high rate of adoption of cybersecurity platforms that can significantly reduce these risks such as zero trust network access, end point detection and response, multifactor authentication, security awareness training for employees, especially around phishing and implementing robust access control policies.” Tyler Moffitt, senior security analyst at OpenText Cybersecurity, adds that hybrid working models have introduced complex security challenges, primarily around data access and network security. “Legal and financial firms have had to quickly adapt by implementing secure remote access solutions, such as VPNs and multi-factor authentication, to ensure that both on-premise and remote environments are secure. Effective cybersecurity now requires a layered defence strategy that secures endpoints, networks and cloud services, adapting to wherever employees are working.” Richard Hughes, head of technical cyber at A&O IT Group, adds that employees are more susceptible to social engineering attacks when working remotely. “There is far more reliance on endpoint protection solutions given the layers of defence that are not available remotely,” he says. “During the COVID pandemic, solutions for remote working were rushed in but organisation are revisiting these decisions and with hindsight deploying more robust solutions for their hybrid workforce.” Kevin Reed, CISO at cyber security company Acronis, agrees, adding that the social disconnect may affect people engagement and even loyalty. “I am not saying that employees will cooperate with criminals and become an insider threat, but for example, having a side gig may introduce software on the client, such as a VPN client, that would violate corporate policies,” he says. Agility is crucial With the threat landscape constantly changing and cybercriminals evolving their tactics, security measures need to be agile for legal and financial businesses. “But many organisations continue to take a reactive approach to security only fixing issues as they are discovered during testing and so security assessments once or twice a year can leave then exposed,” says Richard. “Businesses should look to work with security firms that will keep them appraised of new
Tyler Moffitt senior security analyst
threats as they arise and not wait for the next round of testing.” Spencer adds that a proactive and flexible approach to cybersecurity is required. “This should include regular security assessments, threat intelligence, vulnerability management and incident response planning,” he says. “It also requires ongoing training and awareness programs to ensure that employees are aware of the latest threats and best practices for cybersecurity. By maintaining agile and up to date cybersecurity arrangements, companies can minimise their risk exposure, detect and respond to threats more effectively, and maintain the trust and confidence of their customers and stakeholders.” Fiona warns that cybercriminals are harnessing the power of AI to deploy more sophisticated attacks. “So using next generation AI-based cybersecurity platforms will instantly put an organisation ahead of the curve as they are able to autonomous keep up with new threats,” she says. “In conjunction, regular pen testing is the only foolproof way to test that a cybersecurity solution gives the right level of protection and enables users to fix any weaknesses.” All this means that legal and financial businesses need channel partners. “More than ever, they are looking for partners that understand their business that can then expand current solutions to help manage the new threat vectors while at the same time providing new innovative technologies in place that address the challenges that AI and securing the software supply chain present,” says Scott. “For example, traditional software composition analysis must provide AI protections for licensing risks while at the same time expanding to support managing SBOMs. The preference being the evolution of tools to address the challenges versus the need to add in new point products.”
opentext.com
Richard Hughes head of technical cyber
aoitgroup.com
Kevin Reed CISO
acronis.com
28
Powered by FlippingBook