Sunday, 20th September 2020

Security starts with trust

By Jesper Frederiksen, VP and GM EMEA at Okta.

Before the start of this year, many companies had not implemented flexible or remote working strategies, forcing them to put new measures in place for their workforces rapidly. This has put a lot of pressure on CSOs, who have been instructed to make this happen securely across complex digital infrastructures.

Increasing security concerns

One of the biggest current challenges that CSOs face is handling the sudden increase in the threat surface. Now, with entire workforces working remotely, IT security has to be top of the agenda as employee endpoints look increasingly vulnerable when used outside the office.

The CTI League, an online, global community of cyber threat intelligence researchers,

infosec experts and CISOs, examined the cybersecurity landscape in March 2020 and took down 2,833 indicators of compromise (IOCs) during this four-week period. The majority of these (99.4%) were malicious domains attempting to exploit the pandemic. Further, the group witnessed a large number of vulnerabilities - 136 per day on average - targeting the healthcare sector, along with a spike in the spread of disinformation, such as campaigns that associated the current pandemic with the rollout of 5G equipment, and others that encouraged citizens to break lockdown orders.

Proofpoint also found that threat actors are actively using COVID-19 social engineering themes to try to take advantage of remote workers, health concerns, stimulus payments, trusted brands, and more. Initially Proofpoint’s threat intelligence team were seeing about one campaign a day worldwide, they are now observing three to four each day.

Implementing Zero Trust

This increased threat level combined with more people working from home has put technology to the test at an unprecedented scale and speed. And while we’ve seen a lot of rapid success with firms spinning up remote working security tools, for many this short-term firefighting approach isn’t sustainable, especially as technology and business leaders expect changes like expanded work from home policies to persist long after the crisis. And that’s what workers want. According to Okta’s The New Workplace: Re-imagining Work After 2020 report, only one in four UK workers want to go back to the office full-time and 35% saying they’d prefer a flexible arrangement where they can work from home on a part-time basis.

As businesses look to securely enable a long-term remote workforce, they need a security framework that can provide support both today and in the future, keeping people, data and the infrastructure safe. That’s why the zero trust principle of “never trust, always verify” is essential.

Building employee trust

Businesses need to do more than implement a zero trust framework. They need to ensure that they are trustworthy to their employees in order to facilitate this new way of working.

Okta’s report found that less than a third of office workers said they were completely confident that the working from home online security measures implemented by their employer would keep them safe from cyber attacks, with just 4% saying they weren’t confident at all. This level of preparedness varies between sectors; while 58% respondents working in the IT industry trusted that their employer was completely prepared from a security point of view, just a quarter of those in the retail and education sectors had a similar level of confidence.

But the issue of trust extends beyond the technology we use. It is now certain that we will move towards a more distributed workforce, where communication and culture will move beyond the boundaries of a physical location so that everyone is included and engaged and working efficiently, regardless of where they live.

Re-imagining the workplace

Companies that want to succeed in this new era of working need to be secure, technologically-enabled and culturally-ready to manage the challenge. It’s not just about enabling remote working for those employees who thrive in that environment, it’s about focusing on providing the same quality of employee experience that the office life can give us.

This dynamic approach to work also offers bigger picture gains, such as improving the average employees’ work-life balance. Balancing these two worlds is often key to feeling happier, reducing stress and being more productive while at work, which in turn benefits any company. Businesses will get the most out of this new way of working if they focus on securing their workforce, ensuring that their employees trust them and by working together to fight off all threats.

How IT managers protect corporate networks from targeted attacks By Chris Connell, Deputy Vice Pre...
Why business decision makers should expand their network security strategy, By Chris Connell, Deput...
By Joseph Carson, chief security scientist at Thycotic.
By Miles Tappin, Vice President, EMEA at ThreatConnect.
By Dan Schiappa, Executive Vice President and Chief Product Officer, Sophos.
By Keith Banham, mainframe R&D manager at Macro 4, a division of UNICOM Global.
By Mikkel Stegmann, Principal Scientist at Fingerprints.