Improving security: it’s a question of trust
Millions of people throughout the country are now working remotely. To some, this new way of working comes as a welcome relief; no more commuting, no more distractions and a noticeably improved work-life balance. For others, however, this overnight shift to remote working has caused issues.
About the author
Jesper Frederiksen is VP and GM EMEA at Okta.
It has also led to challenges for businesses. Many companies, across sectors, have not implemented flexible or remote working strategies and are having to put in place new measures for their workforces rapidly. This puts a lot of pressure on CSOs, who are instructed to make this happen securely across complex IT infrastructures.
Rising security issues
In nature, sudden and sizable migrations attract the inevitable attention of predators looking to take advantage. This is exactly what is happening now. The sudden increase in the threat surface, with entire workforces working remotely, has pushed IT security to the top of the agenda as employee endpoints look increasingly vulnerable when used outside the office.
The CTI League, an online, global community of cyber threat intelligence researchers, infosec experts and CISOs, examined the cybersecurity landscape in March 2020 and took down 2,833 indicators of compromise (IOCs) during this four-week period. The majority of these (99.4%) were malicious domains attempting to exploit the pandemic.
Further, the group witnessed a large number of vulnerabilities – 136 per day on average – targeting the healthcare sector, along with a spike in the spread of disinformation, such as campaigns that associated the current pandemic with the rollout of 5G equipment, and others that encouraged citizens to break lockdown orders.
Proofpoint also found that threat actors are actively using COVID-19 social engineering themes to try to take advantage of remote workers, health concerns, stimulus payments, trusted brands, and more. Initially Proofpoint’s threat intelligence team were seeing about one campaign a day worldwide, they are now observing three to four each day.
How Zero Trust can help
This increased threat level combined with more people working from home has put technology to the test at an unprecedented scale and speed. And while we’ve seen a lot of rapid success with firms spinning up remote working security tools, for many this short-term firefighting approach isn’t sustainable, especially as technology and business leaders expect changes like expanded work from home policies to persist long after the crisis.
And that’s what workers want. According to Okta’s The New Workplace: Re-imagining Work After 2020 report, only one in four UK workers want to go back to the office full-time and 35% saying they’d prefer a flexible arrangement where they can work from home on a part-time basis.
As businesses look to securely enable a long-term remote workforce, they need a security framework that can provide support both today and in the future, keeping people, data and the infrastructure safe. That’s why the zero trust principle of “never trust, always verify” is essential.
Building employee trust
Businesses need to do more than implement a zero trust framework. They need to ensure that they are trustworthy to their employees in order to facilitate this new way of working.
Okta’s report found that less than a third of office workers said they were completely confident that the working from home online security measures implemented by their employer would keep them safe from cyber attacks, with just 4% saying they weren’t confident at all. This level of preparedness varies between sectors; while 58% respondents working in the IT industry trusted that their employer was completely prepared from a security point of view, just a quarter of those in the retail and education sectors had a similar level of confidence.
But the issue of trust extends beyond the technology we use. It is now certain that we will move towards a more distributed workforce, where communication and culture will move beyond the boundaries of a physical location so that everyone is included and engaged and working efficiently, regardless of where they live.
Reaping the rewards of a new, dynamic way of working
Companies that want to succeed in this new era of working need to be secure, technologically-enabled and culturally-ready to manage the challenge. It’s not just about enabling remote working for those employees who thrive in that environment, it’s about focusing on providing the same quality of employee experience that the office life can give us.
This dynamic approach to work also offers bigger picture gains, such as improving the average employees’ work-life balance. Balancing these two worlds is often key to feeling happier, reducing stress and being more productive while at work, which in turn benefits any company. Businesses will get the most out of this new way of working if they focus on securing their workforce, ensuring that their employees trust them and by working together to fight off the inevitable attention of the circling predators.