By Manoj Bhatt, Head of Cyber Security Advisory and Consulting at Telstra Purple EMEA.
One sure thing the COVID-19 pandemic has fundamentally redefined is how we view work and the nature of the workplace. Offices are finally opening their doors after more than a year of lockdowns, but it is unlikely the workplace will be reverting back to how it was before.
The remote working revolution may have been forced upon us, but it is being seen as a culture shift that was overdue: businesses embracing remote working are seeing productivity gains and cost savings, while employees are enjoying a flexible work-life balance and most are not missing the daily commute.
Indeed, remote and flexible working is now a key component of the digital transformation strategies being implemented by major companies across Europe.
This was evident in our recent survey of senior IT and business decision-makers across Europe, which we conducted to understand what industry leaders were identifying as the main enablers of business agility.
The most common top enabler – cited by about 40 per cent of respondents – was ‘flexible working’. Other ‘enablers’ that were cited as most important include employee access
to the company cloud (35 per cent) and a ‘mobile first’ strategy (28 per cent). All these enablers speak to a new reality of a flexible and remote workforce.
Adopting a Zero Trust Approach
But making such a seismic shift in working patterns and behaviours over such a short period brings risks. As we have discussed previously, cybercriminals have seized upon this period of uncertainty and remote working, and are now doubling down on their targets. Without making the requisite improvements to their cybersecurity practices, protocols and culture, organisations embracing workforce flexibility will leave themselves exposed.
The 2020 Internet Crime Report highlights an increase of 300,000 complaints in suspected internet crime over 2019 – with reported losses exceeding $4.2 billion. Telstra Ventures discussed these threats at length in a recent episode of its ‘In Conversation’ series.
A separate study by vArmour – a cybersecurity firm in the Telstra Ventures portfolio – also concluded that COVID-19 (and the resulting distributed workforce) has introduced new and complex challenges for businesses. Some 45 per cent of IT decision-makers surveyed in its study reported increased pressure at board level concerning the security of their organisation
More worryingly, the research revealed that 76 per cent of employees have access to sensitive company data that they don’t need to carry out their day-to-day tasks. As a result, as CISO’s grapple with identity projects, the shift to untrusted networks as part of homeworking as accelerated. CISOs have been forced to rapidly adopt a so-called ‘Zero Trust’ approach – the assumption that anything either inside or outside the company’s perimeters should be distrusted until proven otherwise.
“Many of our customers are asking us how we can accelerate their Zero Trust journey,” said Keith Stewart, SVP Product at vArmour. “A Zero Trust strategy starts with organisations understanding the relationships users have with applications through real-time visibility, in order to manage and control user access across their entire enterprise IT estate.”
When dealing with a remote workforce, this Zero Trust approach must also extend to the mobile devices that employees are using, increasingly using the same device for both personal and business use.
“As enterprises increasingly adopt Zero Trust architectures, they must also normalise mobile device security,” says JT Keating, SVP of Product Strategy at Zimperium, another Telstra Ventures portfolio company. “The past year has proven that as mobile endpoints continue to be part of the larger, evolving attack surface, the number of threats against them continues to rise as well.”
Zimperium is a specialist in mobile device and app security, believing that enterprises must look beyond conventional IT security tools to protect against today’s advanced mobile threats. According to the firm, the number of reported cyber-attacks targeting mobile devices has more than doubled every six months for the last three years. And with remote work and bring your own device (BYOD) practices becoming a permanent fixture, the attack surface for an enterprise is on pace to grow exponentially.
Mind the Gap
Another challenge to ensuring Zero Trust lies in the cloud, where another attack surface has emerged as a result of mass digital transformation and remote working.
Telstra Ventures portfolio company CloudKnox calls this threat the ‘Cloud Permissions Gap’ – which occurs when an enterprise has a dangerous delta between permissions granted and permissions used.
While an identity – be that a human or a machine – should only have the permissions needed to do its job, CloudKnox research found that in most organisations 95 per cent of privileged identities were grossly over-permissioned, a state that could leave an organisation’s cloud infrastructure significantly exposed.
“Overworked security and cloud infrastructure teams are being asked to keep up with the proliferation of new human and non-human identities with roles that give them permissions (in the tens of thousands) to access high-value resources,” says Raj Mallempati, Chief Operating Officer of CloudKnox.
“Organisations continuing to prioritise digital transformation and cloud-first strategies are not complete without a robust, scalable Cloud Infrastructure Entitlement Management platform, especially as they strive to implement a zero-trust architecture.”
Securing a Flexible Future
Remote working trends may have already been evident in some sectors pre-pandemic, but there’s no doubt that they have been dramatically accelerated during COVID-19. And companies clearly understand that that the ability to support remote and flexible working will be key to becoming modern, agile organisations in the post-pandemic era.
But businesses must now address areas such as how employees are using mobile devices and accessing the cloud away from the office, if they are to fully succeed in embracing new ways of working.