How Security Technology Enables the Digital Workplace
Enterprise leaders rank cybersecurity among the biggest threats to their organizations, and for good reason. Ransomware attacks have been on the rise in recent years.
In January, Forbes reported that in 2021 critical infrastructure and supply chain security weaknesses were targeted and exploited by adversaries at higher rates than in the past. Lurking even closer to home are insider threats. Ponemon Institute's Cost of Insider Threats report, published in January, shows a steady rise in insider threat incidents — and the cost of these incidents is also increasing at a rapid pace.
Tackling this rising risk is critical in the digital workplace, where collaboration across multiple systems and silos is essential to productivity. Remote and hybrid work makes it even more complicated.
The Cost of Insider Threats
According to the Ponemon report, malicious, negligent and compromised users are a serious and growing risk to organizations. Insider threat incidents have risen 44% over the past two years, with costs per incident up on average by 34% to $15.38 million, from $11.45 million in 2020, the last time the report was published. Of note in the research:
- Negligent insiders are the root cause of most incidents. Fifty-six percent of reported insider threat incidents were the result of a careless employee or contractor, costing on average $484,931 per incident.
- Malicious or criminal insiders were behind one in four incidents (26%), at an average cost per incident of $648,062.
- It now takes an average of nearly three months (85 days) to contain an insider incident, up from 77 days in the previous study.
Organizational size affects the cost per incident. Large organizations with a headcount of more than 75,000, for instance, spent an average of $22.68 million over the past year to resolve insider-related incidents. Their smaller peers, those with a headcount below 500, spent an average of $8.13 million.
Risk of Data Leakage in Employee Collaboration
The risk of data leakage increases in a remote world. Allan Degnan, CTO at UK-based software company Epos Now, said it's one of the biggest concerns with external collaboration.
Sensitive information can easily be shared with the wrong people if proper security measures aren't in place. Companies that don't provide their employees with secure servers or systems risk big consequences — as do those that don't have (and enforce) strict policies to protect the organization's most sensitive assets.
Unauthorized access to company data is frequent among employees using unsecured networks or devices. For example, an employee may access Slack from a public Wi-Fi network, which could allow an attacker to intercept communications and access sensitive data. Similarly, an employee may log into the company's cloud-based system to work from a personal or non-secure network, leaving the company data fully exposed.
To protect against these risks, companies may want to consider encrypting data and restricting access to certain network areas, teams or channels, using two-factor authentication. Degnan said companies should also have a comprehensive data security plan in place that includes monitoring for malicious activity, implementing security patches and creating incident response plans. This can help reduce the risk of data leakage and protect confidential information.
Related Article: Now Is the Time to Replace VPN With Zero Trust
Have a Clear Cybersecurity Policy
Cybersecurity policies help companies reduce their vulnerabilities to both external and internal attacks. According to Travis Lindemoen, managing director of Overland Park, Kan.-based IT staffing company nexus IT group, having a policy that lays out the rules, methods and resources for the organization can also help employees better understand their role and responsibility in safeguarding and handling sensitive information.
Some best practices in implementing a cybersecurity policy:
- The policy should identify potential threats to the company. They can be hackers, vandals or employees who inadvertently or purposely leak data.
- The policy should outline controls and management of platform and vital resource access. Regular users submit their unique credentials to access a platform, but system administration or access to certain areas or files should require special permissions.
- Passwords must be updated often, and they must avoid using obvious phrases and unusual characters. Passwords repeated across other accounts should also be forbidden.
“The recommendations should not be difficult or require users to be tech-savvy,” Lindemoen said, but they should be clear and enforced.
Related Article: Enterprise Data Security Still Has a Long Way to Go
Security in the Remote and Hybrid Workplace
The risk of cyberattacks or insider threat incidents grew with the proliferation of remote and hybrid workplaces. The development of new technologies and a reliance on modern cloud architectures have also made it significantly more difficult to protect all entry points into an enterprise.
According to David Ratner, CEO of Canadian software company HYAS, the production network in many cases has almost gotten out of control, with the use of a number of cloud services in the same enterprise a common occurrence. The growing use of shared libraries and the move from on-premise servers to the cloud also means key visibility controls have been lost.
“The attack surface has never been larger, which means it’s impossible to monitor — much less protect and block — all possible entry points,” he said. “Instead of trying to strengthen the wall around the enterprise, why not monitor communication that is happening inside your enterprise?”
Monitoring communication inside the organization helps prevent the success rate of attacks. Bad actors cannot complete an attack unless they can communicate out from the enterprise network to their command and control (C2), Ratner said, so if an enterprise blocks the ability to communicate with C2, the attack is stopped before it can even get started.
Protective DNS solutions can identify these anomalies in communication and alert and block them in real time. Meanwhile, enterprises gain valuable information about their adversaries and vulnerabilities. This provides a great opportunity to strengthen defenses for the future by highlighting risks that could increase an enterprise’s exposure.
Related Article: A Zero Trust Security Primer
Add-on Technologies to Support New Ways of Working
Since the onset of COVID-19, the work-from-home infrastructure has grown significantly. Cloud services like Amazon's AWS, Microsoft's Azure and Google Cloud Platform (GCP) are being used by organizations of all sizes to ensure their employees remain productive.
While these platforms have provided additional security by maintaining many of the same ISO, SOC, PCI and FedRAMP compliance security frameworks, said Schellman Senior Assessor Andy Rogers, remote work has also made it necessary to bring in additional technologies to support the work model.
Tools like Slack and Teams can pose a threat to data integrity. Wikis like Confluence have provided companies with online knowledge bases for remote employees to access and share information from a central place. Learning management systems to train new employees and prepare them for their new remote employment are also growing in popularity. Many of these productivity tools existed before the pandemic but were more widely adopted when the virus hit.
“Organizations can take a proactive approach to mitigating some of this risk, which is not 100% foolproof, but it can go a long way to preventing the data loss or a compromise,” Rogers said. Here are five ways he said organizations can offset the risk:
- Policies, procedures and security awareness training: Create a solid security awareness training program, with clear policies and procedures so remote employees know what is expected of them and the implications of the information at their disposal.
- Data Loss Prevention (DLP): DLP provisions package up a number of technologies that include host intrusion protection or detection systems (HIPS or HIDS), full drive encryption and mobile device management.
- End Point Protection: End point protections include things like anti-virus, anti-malware, web filtering and a host firewall. These provisions may seem dated, but they have a place in the remote workforce.
- Mobile Device Management (MDM): MDM is mostly associated with corporate phones but in today's workplace this is used to manage laptops as well.
- Security Information and Event Manager (SIEM): This provision is a single pane of glass companies can use to monitor security provisions as well as remote employees' web traffic.
Related Article: Here's Where to Start With Your Information Security Program
Invest in Data Backup
With more employees working remotely than ever before, greater use of digital tools can put organizations at risk of vulnerable data being shared outside their premises and firewall. To thrive in a hybrid future, businesses need the capability to back up and protect data across cloud, virtual, physical storage, SaaS and Kubernetes.
Rick Vanover, senior director of product strategy at Columbus, Ohio-based Veeam, said he typically advises companies to keep at least three copies of data, stored on at least two different forms of media, one offsite and one offline, because it's important that businesses understand what data they have on their hands and how it is being stored. By doing this, organizations have an insurance policy against data breaches should they fall victim.
In addition to this, business leaders should establish a culture of transparency and responsibility about how data is accessed, used, stored and shared.
“There is no silver bullet when it comes to protecting against cyber threats like ransomware, and businesses have seen the full force of its impact in recent years,” he said. “Cyber criminals are well versed in exploiting weaknesses in enterprise IT systems, such as digital networks; it only takes one vulnerable entry point to expose a business to crippling cyberattacks."
In other words, be prepared and educate employees on how they can help safeguard the company's assets.