The rise of remote risk: Three trends increasing your threat profile
- 01 August, 2017 13:34
Technology has fundamentally changed the face of our workplaces.
Over the past decade, the introduction of collaborative tools like Google Docs, Slack and Dropbox enabled colleagues to work together on tasks from different time zones, working on complex and cumbersome files which are shared and updated almost instantaneously.
Similarly, radical advancements in the capabilities of mobile devices has meant that work is being completed by workers, clients and contractors on mobile and off-site, often personal devices. This is occurring not only across multiple office spaces, but by workers on the move and at home, completing tasks directly from their personal mobile devices, or home-office spaces.
Understandably, for organisations and workers alike, this has afforded more flexibility and greater levels of productivity.
However, for those in charge of protecting your organisational data, the IT workers and the CSOs who are the border-force of your networks - this means the threat landscape has substantially expanded and the perimeter that was previously protected is no longer as secure.
So what are the three biggest trends that have led to the rise of remote risk? And what can be done to reduce this risk?
1) Remote Employees Are Increasing In Number
The issue of how, when and where people work is forcing organisations to re-think their previously stable concepts of an organisational network. The number of employees working remotely is rapidly increasing. A survey of business leaders in 2014 found 34% of business leaders predict that more than half their company’s full-time workforce would be working remotely by 2020.
This comes as no surprise; given a recent survey found 58% of human resource professionals cite flexibility as the most effective way to attract new talent. Organisations and employees alike benefit from remote working; staff report increased morale and greater productivity, while businesses enjoy decreased operating costs and a reduction in staff turnover.
However, this trend towards increased worker mobility, has contributed to the development of a major concern for network security, an increased network ‘surface area’, where an organisation’s data is being held in an unknown number of places on potentially unprotected devices.
From workers using remote access to enter the server from a personal computer at home, to devices with removable media (like USBs) and other non-work sanctioned devices, the spread of critical business data is becoming a major concern for the modern enterprise without the right protection.
2) Lenient Organisational BYOD Policies
The bring your own device (BYOD) concept is a major staple among enterprises today, with the average organisation having approximately 23,000 mobile devices - including personally owned mobile devices - in use by employees.
Thanks to the Cloud, seamless synchronisation, smartphones, tablets and lightweight laptops, workers often decide — overtly or covertly — which devices to use, and when and where they will use them. Research by enterprise file sharing company Egnyte found that while 89% of employees’ mobile devices connect to corporate networks, only 65% of companies have policies in place that allow them to do so.
The ongoing popularity of operating a BYOD workplace is shifting the requirements of adequate protection for an organisation’s data. Previously sensitive data would have been strictly housed on devices owned and maintained by the organisation. Today, many organisations operate with data that lives on a range of devices, many of which are personally owned by employees, operating unmonitored and relatively unprotected.
3) Increased Use of Cloud Apps
Cloud apps and services provide tangible benefits to businesses by allowing organisations to reduce capital expenditures and elastically allocate resources for computing, processing and collaboration. This offers clear benefits to users, who are now able to access services anytime and anywhere, receiving a useful productivity boost.
Today, the average organisation uses roughly 13 cloud apps and 15% of businesses use both Office 365 and Google Apps, according to identity and access management startup Okta’s Business @ Work report. These figures highlight how many organisations embracing public cloud services, which cover fast-growing SaaS areas such as Office suites, digital content creation and business intelligence.
While many applications used by today’s enterprises are sanctioned and safe, others are not, and their pervasive adoption into standard operating behaviour means organisations are suffering from the covert use of ‘shadow IT’. Unsanctioned apps, which, whilst not used maliciously, are putting their organisation at risk for compromising the safety afforded to organisations which know, and monitor the perimeters of where their data is handled.
Securing a new and evolving threat perimeter
Throughout the history of cybersecurity, the industry has focused steadily on threats that arise from evolving technology infrastructure and environments. Years ago, when desktop PCs sat in most offices, employers might not have had absolute control over their workers’ use of technology and data, however, they could contain it (for the most part).
Today, the concept of a network has shifted dramatically — boundaries have expanded and now include everything from consumer social applications to hosted cloud infrastructure and employee-owned devices. In this porous security environment, security professionals are increasingly recognising the importance of the human point of security. Research conducted by Forcepoint this year found that an overwhelming majority of respondents (80%) believe it’s very or extremely important to understand the behaviours of people as they interact with IP and other data, and yet only 32% said they were very or extremely effective at doing so.
It’s clear we need to take a new look at how we defend our critical business data and intellectual property. This starts with addressing the human point of security. Businesses looking to improve protection will require a complete understanding of how, where and why people interact with confidential data. Only once this is properly understood will businesses be able to better focus their cybersecurity efforts and develop an adequate defence.
Guy Eilon is ANZ country manager of Forcepoint.