In the Age of Telework, Protection Is Prerequisite

The world heavyweight champion Mike Tyson famously quipped that, “Everybody has a plan until they get punched in the mouth.” Tyson’s statement rings true not just in boxing, but in cybersecurity as well. Even the strongest cybersecurity plans should be reexamined long before any punches are thrown — and this is more important than ever as a more hybrid approach to work is expected to continue for the foreseeable future. According to a CNBC survey of executives at main US firms, 45% of firms count on to guide with a hybrid workforce mannequin in the second half of 2021.

Organizations might really feel protected in opposition to cybersecurity threats with options resembling digital non-public networks (VPN) or digital desktop infrastructure (VDI), however these options are susceptible to frequent cyberattacks that may pack a devastating punch.

As hybrid work fashions change into the new regular, federal companies and industrial organizations alike ought to look at new approaches to cybersecurity, resembling steady, energetic monitoring and zero-trust entry to make sure their cyber defenses work reliably, regardless of the place their workers carry out their work.

Challenges With Standard Approaches to Security

Many organizations have turned to virtualization — VDI or cloud-native purposes — to scale back the quantity of knowledge saved on endpoints, thus decreasing the danger of knowledge exfiltration from bodily asset loss. Unfortunately, this strategy has supplied a false sense of safety on endpoint safety and residual danger to enterprise property. While knowledge extraction is a major danger, malicious injection of key loggers, superior persistent threats, and different coordinated assaults in opposition to broader enterprise assets are doubtlessly extra damaging to organizations.

Hybrid Work and Its Unique Challenges for IT Leaders

Teleworking eventualities compound enterprise safety issues by decreasing bodily protections, increasing consumer entry to compromised entry factors and/or networks, whereas offering organizations with fewer insights into consumer conduct when workers usually are not linked to company networks. Organizations lack perception into system standing and skill to regulate safety configurations till units are decrypted, totally booted, and linked to enterprise monitoring instruments — even then many instruments are solely used for post-event investigation. Users working in a “disconnected state” could possibly be topic to a quantity of malicious actions, deliberately or unknowingly, resembling a USB compromise, microphone and digital camera driver assaults, and community spoofing.

According to recent research from Gartner, by the finish of 2021, 51% of all information staff, or people whose jobs contain handing or utilizing data vs. bodily or handbook labor, worldwide are anticipated to be working remotely, up from 27% in 2019. However, teleworking presents a novel problem for CIOs and IT leaders as they try to make sure their workers stay productive whereas preserving delicate knowledge out of the improper arms. Providing workers distant entry to a company’s networks and knowledge creates a number of vulnerabilities and assault vectors, exposing delicate knowledge and growing danger. 

The problem with frequent safety instruments like VPN and VDI is that IT groups can’t see what workers are doing until they login. Of course, many occasions, they don’t. Even if workers do use VPN, they may nonetheless be in danger, as the National Security Agency recently warned that VPNs are susceptible to assault if not correctly secured.  

Threats to Organizations That Have Adopted Telework

Teleworking organizations face three frequent varieties of threats: human error, exterior assaults, and insider threats. Human error is a key vulnerability, which might present itself via spear-phishing, downloading unauthorized content material, accessing unsecure networks, not utilizing VPNs, weak password administration, and misplaced or stolen units. While these errors could seem minor, they will wreak havoc on the backside line.

In addition, workers proceed to fall sufferer to assaults by exterior actors. According to Verizon’s Data Breach Investigations Report, 70% of breaches in 2020 have been perpetuated by exterior actors. Phishing represented 22% of breaches and stolen credentials represented 37% of breaches in 2020. External assaults embrace unauthorized system entry via extortion, compelled breach or system hack, malware hyperlinks, keyloggers, air-gap-jumpers, and man-in-the-middle assaults. Insider threats embrace theft or misuse of organizational commerce secrets and techniques or mental property, disgruntled workers, and nation-state extortion.

Taking Cybersecurity Protection Measures to the Next Level

As organizations proceed to embrace a hybrid strategy to telework, they have to regulate their safety measures to guard in opposition to all of these threats. To accomplish that, CIOs at federal companies and industrial organizations alike ought to improve their safety methods to incorporate energetic safety and implement safe, zero-trust entry to their networks and knowledge, regardless of the place they do enterprise.

Actively defending knowledge, units, and networks requires automated and clever safeguards tailor-made to enterprise safety guidelines. This contains customizing units to dynamically react to safety threats in actual time primarily based on customized safety triggers and context from bodily location. Enforcing safe, zero-trust entry means making certain enterprise units are in a safe, trusted state earlier than permitting customers to entry delicate organizational assets.

As we glance to the future, uncertainty abounds. But one factor we all know for sure is that each malicious actors and harmless human error will proceed to pose important threats to organizations in all sectors and of all sizes. Now is the time to plan accordingly as a result of when the subsequent punch is thrown, it could be too late.

Beau Oliver is a VP at Booz Allen Hamilton. In his function, Beau helps drive the innovation and success of the agency’s proprietary options in digital, cyber, immersive, and synthetic intelligence to allow, differentiate, and broaden its current companies choices.

Jason Myers is a Principal at Booz Allen Hamilton. In his function, Jason helps drive product improvement round digital and cyber proprietary options together with the agency’s District Defend software program to assist meet Defense and Federal consumer’s hardest safety challenges.

The InformationWeek group brings collectively IT practitioners and trade consultants with IT recommendation, training, and opinions. We attempt to focus on expertise executives and subject material consultants and use their information and experiences to assist our viewers of IT … View Full Bio

More Insights