Work patterns are undermining traditional security methods, reports TechRadar.
Enhancing the employee experience
Long gone are the days of every worker being a nine-to-five commuter. While some employees (opens in new tab) retain a preference of working in the office (opens in new tab) all the time, many are embracing the willingness of employers to offer flexible alternatives such as remote and hybrid (opens in new tab) models. Research shows that UK staff went to the office 3.8 days per week on average pre-pandemic, this having dropped to 1.4 days per week in 2022.
While the new normal is undoubtedly improving workplace cultures and driving forward a new frontier that centers around enhancing the employee experience, in the case of security (opens in new tab), it has had dramatic implications. No longer are staff members all accessing the internet behind a cybersecurity (opens in new tab) perimeter – where applications (opens in new tab) were all controlled, and VPNs (opens in new tab) could be used on a remote basis where necessary to replicate safe sessions. Today, employees can readily use the internet to access corporate networks housing sensitive and personal data within key applications and SaaS platforms from a range of devices in a variety of locations. And as a result, the web browser has now become the biggest attack surface and target for threat actors, many of whom are leveraging and exploiting it successfully.
These changes in working patterns have undermined the methods that security practitioners traditionally relied upon to secure their organisations. Indeed, firms have been forced to re-evaluate their business needs and develop entirely new strategic roadmaps, leaving CISOs scrambling to find ways in which to bake in security best practices.
Understanding of modern security requirements is improving
During the past three years, the picture has thankfully become somewhat clearer. Today, organizations typically require a consistent set of security policies for all users – be it an employee in the office, or an engineer commuting and using a cellular network. Regardless of the device they are using and app (opens in new tab) they need to use, there needs to be a clear security framework that guides universal best practice across the board.
Unfortunately, firewalls and VPNs simply aren’t designed to deliver that. Instead, organizations are now tapping into cloud services that can effectively manage comprehensive security permissions and deliver key insights, detailing exactly who each user is, and what they can respectively access on the corporate network. This has become a highly intelligent process. More advanced security setups can manage privileges and assess the security posture on an ongoing basis, adapting permissions based on the type of user, location of that user, what systems they’re trying to access, and when they’re trying to access them.
It is critical that companies adapt in this way. Not only has security become a more complex undertaking with many different moving parts, but the threat landscape has also changed dramatically. According to Statista’s Cybersecurity Outlook, the global cost of cybercrime was estimated to be $8.44 trillion in 2022 – over seven times the $1.16 trillion reported in 2019.
Resultantly, security has fundamentally become a boardroom issue. It cannot be an afterthought. Instead, the CISO now needs to be a major part of business decision making. CISOs are there to add value, applying security as an integral part of the technology stack. To achieve this effectively, they must have an ongoing understanding of each new product, how customers will consume them, and the inner workings of the architecture underpinning each solution.
Responsibility isn’t solely on the CISO, however. A culture in which security becomes a leading priority needs to be instilled throughout the organization – every enterprise will have different models and workforce structures, and there are many roles that need to be thought about security more actively. Interestingly, a Gartner study found that 88% of boards regard cybersecurity as a business risk rather than solely an IT problem. The threat of ransomware and nation-state-backed threat outfits has changed cyber perceptions, with those at the top table becoming increasingly aware of the challenges.
Did you subscribe to our Newsletter?
It’s Free! Click here to Subscribe!
Source: TechRadar
