The first quarter of 2021 is about to end. The pandemic and its implications on business continuity and risk management have kept the corporate boards preoccupied since the last 12 months. IT risk management has become more complex amid a sudden shift in IT operations. In this article, we will discuss the top 5 IT risks in the ‘New Normal’. By overcoming these risks and challenges, organizations can ensure resilient IT infrastructure.
1] Remote access in WFH conditions
To ensure uninterrupted business process, organizations are mandating employees to work from home. However, employees around the world are now using personal devices and insecure home networks. What it means is that remote workers are the weakest link—especially those end-users requiring privileged access to target systems.
On an average, every organization had to ask 58% of their workforce to work remotely. In this scenario, the organized cybercriminals are exploiting IT vulnerabilities associated with remote work processes. Surprisingly, almost 42% organizations have admitted that they do not have any concrete IT security mechanism to defend against modern cyber threats.
2] Penalties for non-compliance with regulations
Regulatory bodies are extremely stringent on data privacy now that hospital chains and clinical laboratories are dealing with a large amount of health-related data and personal information. Many countries such as Brazil, Canada and New Zealand introduced new legislations on data privacy, which is on the lines of EU-GDPR. Meanwhile, the number of total reported fines for not complying with the GDPR almost doubled to $332 million by January 2021.
3] Increasing number of data breach incidents
About 22 billion data records were compromised last year, making 2020 as one of the worst cybersecurity affected years. Insider threats, endpoints’ misuse, password theft, identity thefts, cyber espionage, malware incidents have increased exponentially. Inadequate end-user validation process, uncontrolled privilege elevation to target devices and applications, lack of endpoint security measures such as DLP and application restrictions have increased data vulnerabilities.
4] Absence of governance framework
Three security mistakes to avoid are as follows:
- Non-enforcement of IT policies and controls
- Ambiguity over end-users’ roles and responsibilities, IT processes and IT procedures
- Absence of adequate IT safeguards to manage and monitor people and processes
All these mistakes can shake the IT foundation of any organization.
5] Inadequate funding for cybersecurity
Cybersecurity in the aftermath of the pandemic tops corporate boardroom discussions. Data center security, endpoint security, network security, identity security, and privileged accounts security are some of the areas that require urgent attention. Inadequate security and funding can open the gates of data vulnerabilities. Security enhancements are a need for the hour.
The bottom line
The sudden shift in the IT operating environment has the potential to inflict heavy financial and brand repercussions. Organizations will have to plug the IT security gaps to ensure effective risk management and business continuity.