Securing Today’s Hybrid Remote Workforce
By CISO T.J. Minichillo
Work may never be the same again as the world continues to grapple with the global pandemic — pivoting from office-based business environments to fully remote home-based work and now to a hybrid of the two. Just 11% of companies expect all of their employees to return to the office fulltime, according to a survey by the National Association for Business Economics. The new normal is a hybrid model with over half of knowledge workers working remotely at least part of the week.
Risky Business
The impacts on security have been far-reaching, with COVID-19 accelerating what had already been a growing threat attack surface. Cybercriminals know many home environments are insecure, and the new data pathways between office and remote workplaces multiply their chances of success.
Last year, Google detected a record 2 million phishing websites, and phishing breaches increased 11%, according to Verizon’s 2021 Data Breach Investigations Report. Ransomware attacks doubled.
Attacks are also getting more expensive. In 2021, data breach costs rose to their highest average in the 17 years since IBM and the Ponemon Institute started producing their Cost of a Data Breach report. Not surprisingly, breach costs were more than $1 million higher where remote work was a factor.Ransomware demands have skyrocketed astronomically, with cyber gangs insisting on payments not only to decrypt files, but to stop selling data they stole during the attack – an agreement victims have no assurance they’ll honor. Acer was reportedly slammed with a $50 million ransom demand. JBS paid $11 million, while Kia Motors was hit up for $20 million.
With more and costlier breaches, the price of cyber insurance – if you can get it at all – is likely to rise sharply or even double in the next couple of years, industry insiders say.
Despite these ominous threats, employees routinely downplay the need for security. Nearly half of workers in a global 2021 HP Wolf survey complained that security measures waste their time. Thirty-six percent said meeting deadlines was more important than the risk of exposing their organization to a data breach, and some admitted they tried to bypass security policies . As security professionals, it’s our responsibility to help protect employees from themselves.
Even more harrowing were the responses from IT security teams, who are operating under tremendous strain to keep their firms’ security intact and believe (correctly) that their concerns are being ignored. Seventy-six percent of IT pros said security took a back seat to business continuity during the pandemic, and 91% felt pressure to compromise security for the same reason. Eighty-three percent said working from home has become a “ticking time bomb” for a network breach.
A New Approach to Data Security
Clearly, traditional data protection measures aren’t cutting it in the age of hybrid work. Leaky connections to corporate networks and applications are growing exponentially, and it takes just a single click on a phishing link by an employee to cause a security breach, a ransomware attack, or both. For cybercriminals, the rewards have never been greater.
While regular security training can help educate employees and raise their awareness, organizations need a more foolproof way to protect their vital information.
Imagine if data could be its own fortress against cybercriminals by protecting itself. What if data was infused with so much intelligence that it would automatically refuse to open if it found itself in an unauthorized place or in the hands of an unauthorized user on an unauthorized device? What if it could stay continually aware of its surroundings and report back to its owner in near-real time – everywhere and anywhere it went in the world? And what if a data owner had powerful controls to allow, revoke or deny access to their information, no matter who had it, on any platform or device where it was stored or however many copies existed?
Self-protecting, intelligent and self-aware data represents a massive security paradigm shift that is preventive rather than reactive or remedial. Automated, granular controls like these frustrate threat attackers and drive them away, while sensitive data stays safe without relying on overburdened workers or IT staff.
Keyavi launched this groundbreaking technology last year because, in the era of hybrid work, the stakes have become too high to give cybercriminals the upper hand.
To learn more, visit Keyavi Data.
About the Author
T.J. Minichillo is Keyavi Data’s chief information security officer (CISO) and VP of cyber threat & intelligence. He is a nationally renowned cybersecurity and intelligence expert, helping to detect and thwart many of the world’s significant cyber threats. He has held strategic intelligence roles in financial services, the military and energy, including global head of threat intelligence at both National Grid and Morgan Stanley, deputy director at Citigroup’s Cyber Intelligence Center, chief cyber intelligence officer at Merrill Lynch, and senior intelligence special agent at the Department of Defense. Follow him on Twitter and LinkedIn.
Feel we could add something like … Given this, as a security profession we need to help employees protect themselves from themselves.