How is 2022 going so far? 

From tighter regulations for public sector to ransomware and the continued rise of the remote workforce, the senior management team at NetUtils offer their observations on how businesses are adapting to the evolving working landscape.

The ‘great return to the office’ has not materialised as expected by most, with more organisations opting to have more staff working remotely as a permanent option.

The first of the studies that have looked at issues such as productivity and mental wellbeing are starting to emerge and, in many instances, home working seems to be on parity with office working and, in some cases, proving a benefit. However, organisations are now looking at the often-temporary measures rushed out to support home workers that are now becoming standard.

Where masses of laptops were hurriedly deployed, and cloud based filesharing systems were utilised to help teams collaborate – these devices and platforms need to be audited for security and compliance to standards such as GDPR. This will inevitably trigger more use of cyber security as a service – especially as the current shortage of skilled IT and Infosec staff grows.

Although Ransomware isn’t new, the last year has seen its meteoric rise in the public consciousness and indications show this year is, unfortunately, more of the same.

However, the move by AXA, one of Europe’s largest insurers, to stop offering new insurance policies that cover ransom payments to criminals for French policy holders may be the start of a wider trend across the region during 2022.

The logic is that ransom payments encourage more ransomware attacks and drive up the cost of cyber security insurance policies. Although UK companies can still gain insurance policies  that will pay ransoms – assuming you can prove no liability, it’s likely that AXA’s position might spread.

The whole market for insuring against all forms of cyber-attack and outage is an interesting area and I suspect that this will gain a great deal more attention from enterprises.

Tighter regulatory oversight for the public sector.

The NHS is already going through Data Security Privacy Toolkit (DSPT) processes and several recent tenders for large public sector organisations have made compliance to Cyber Essentials Plus a mandatory requirement for every supplier.

If the NHS is a template, then more public sector organisations will be required to adhere to CE+ within a few years. I’d expect these requirements to spread to anybody that supplies into the public sector.

The framework is not onerous, but it is audited which means that organisations need to do more than just a “check box” exercise so it’s wise to start looking at these optional processes now and before they become mandatory.

These are just some of the issues faced by organisations big and small, public or private sector. SMEs are often particularly vulnerable if they lack the skills and resources to adapt at the pace required.

Article featured on the MYREDFORT community: https://www.myredfort.com/managed-security-services/cyber-security-check-in/