Over the past couple of years, CISOs have witnessed a mass migration of professionals. Hybrid and work-from-home environments have emerged to offer employees more safety, flexibility and work-life balance. In fact, nearly 63% of high-revenue growth companies have implemented these new practices.
As we wave goodbye to the five-day commute era, hybrid employers realize the significant benefits of more flexible work environments, such as attracting top-tier talent without geographical constraints.
However, the growing blurred lines between working environments and devices have made organizations and individuals more susceptible to cyber-attacks and are leaving companies to grapple with more data risks than ever before.
Why? It is no exaggeration to say that every business has become a digital business. According to the UK Department of Culture, Media and Sport (DCMS), nearly 92% of businesses in the country have ‘some form of digital exposure.’
That begs the question, how can CISOs balance the financial and reputational costs of enhanced security while stretching their protective arm around their office and remote workers in this age of cyber peril?
Businesses are Outgrowing their Armor
Zero trust is becoming the gold standard for architecting modern security. Enhanced risk of threats and fraud has required businesses to introduce a myriad of new policies and procedures to adapt and bolster enterprise security.
Many UK businesses now use VPNs to facilitate remote access, nearly 32%, according to the DCMS. However, consumer IoT devices, from WiFi routers to smart speakers and health-focused wearables, have undermined businesses’ security as the ‘enterprise’ becomes the worker’s home.
According to the DCMS, 39% of businesses in the UK have suffered at least one breach in the last 12 months. Not only have organizations become more vulnerable, but malicious actors have also become more determined, making those once impregnable businesses far less so. Against this backdrop, zero trust has been adopted in droves. In the same way we all finally consigned our old Blackberries to the bottom of the drawer, it’s time for CISOs to look for a new solution.
With Disruption the Norm, Flexibility is Key
Remote work and the general pandemic response have forced businesses to accelerate the adoption of supporting technologies and applications. The cycle of opening and closing national economies has tested many organizations' resiliency, continuity, and adaptability when it comes to modern digital business.
This tug of war between new technologies isn’t new – and it is something many security leaders have become adept at dealing with – but the prospect of further disruption, and seemingly endless cycles of disruption, is. As new COVID variants emerge, or even as workforce preferences continue to evolve, businesses and their security perimeters need to be ready to evolve too.
Flexibility will be key. Organizations will see added benefits, including a greater desire for employees who want to continue remote/hybrid work – at least for the time being. This has the potential to end the battle between usability, cost and security once and for all. Investing in the technologies needed to enable remote work is well worth the investment, especially if you consider the high price paid by organizations that need to repair their reputation and earn back trust after a data breach.
The path to zero trust will not be the same for every organization. CISOs should look at their whole IT stack and focus on the applications and measurements adding value in more ways than one. Like any other transformational project, success will hinge on executive buy-in, an understanding of different zero trust approaches and associated mechanisms, a thorough assessment of organizational readiness, and the capabilities needed to optimize outcomes and benefits (from flexibility and security to business continuity).
We should have confidence in zero trust as costs balloon, cybercrimes rise, data regulations proliferate and business pressures compound. To get ahead of the curve, an extensive assessment of a business’s pandemic-related tech stack with a critical lens focused on a flexible zero trust-based approach to security and resilience, is crucial. Or, to put it another way, if ‘cyber-attacks are the Trojan Horse, don’t be Troy.’