Remote Working in 2022
In the earlier days, IT Security would implement technical programs and defence infrastructure in PCs and servers in the earlier digital phase. They would then train their staff on the security policies implemented and how to follow their implementation.
By 2010, workers would have their company issue laptops for privately owned mobile devices as information was being stored in cloud and could be accessed using applications available in the app store. Eventually, they would stop coming into the office, preferring to work from home. This increased the attack surface to cyber-attackers, making the security team's task more complicated.
The Verizon report quotes a survey that says 68 percent of people have started working from home full or part-time. This suit people's work-life balance, but it is not suitable for enterprise security. The changes to working practices had adversely affected organization's cybersecurity. The 'bring your own device' factor is a big challenge. Securing BYOD devices is much more complicated than securing company-owned devices with a mobile device management (MDM) solution.
Cloud services have undoubtedly made it easier for people to work remotely by mobile. But to access the cloud, they must connect through home or public networks. This offers a new vulnerability for attackers to exploit. They can intercept traffic through man-in-the-middle (MitM) attacks or lure employees into using rogue Wi-Fi hotspots or access points.
Even with good policy to put technical protection in place, it's arguably more important to train staff. Regrettably, 44 percent of organizations don't give employees security training regularly. With many successful cyber-attacks arising from human behaviour, 82 percent of breaches happen in a year because of stolen credentials, phishing, misuse, or human error.
Resignation is a security nightmare as departing employees uses personal cloud storage apps to take company information. A few employees also appear to harvest vast amounts of employer data before they leave.
Companies are learning that good cyber security can be approached using a series of technical practices. ZTNA assumes every device, app, or system can be compromised. So, it grants users access only to the apps they need to perform their jobs. It also isolates devices, apps, or systems to certain parts of the network, which remain inaccessible via the internet.
82 percent of the respondents in the report said they had adopted or were actively considering adopting a Zero Trust approach to security.
The article considers a Verizon survey aimed at helping Chief Information Security Officers assess their organization's environment and defence system. The survey's target population includes people responsible for security strategies, policies, and management.
About the Author
Captain Errol Gonsalves FICS