Why a holistic approach to security is the best way forward
As employees return to offices, what was a largely successful period of remote working for many businesses is now giving way to a hybrid working future. Flexibility for employees is now the norm rather than the exception, which promises to make for happier workforces in the long term. That said, there are still challenges to address. One of these is the need to protect company data and devices from the impact of ransomware attacks, which have become the modus operandi for millions of hackers in the last couple of years.
As businesses plan for hybrid working, connected devices such as mobile phones, laptops, desktop computers and printers are often earmarked for close scrutiny in the bid to shore up cybersecurity capabilities. To achieve this, organisations need to take a cautious approach to security, and ensure this is replicated across the entire IT estate. This is where a holistic zero-trust approach has merit.
The challenge
The hybrid working model brings several key challenges for employers, including the need to properly manage BYOD policies and staff using the same devices for work and personal activities, as well as encouraging responsible cyber practices without regular face-to-face interaction. Alongside all of this is the responsibility to ensure that all endpoints – whether remote or office-based – have the right security software in place to prevent attacks. Finally, this has to be done while minimising the impact on productivity.
Mobile phones, laptops and printers are often among the first devices mentioned when discussing security risks. There are legitimate reasons for this: these are highly recognisable pieces of home or office equipment, so it is easy to consider these devices as a likely route through which opportunistic hackers could try to gain access to sensitive data. Alongside these, the ubiquity of software such as email or cloud storage means cybercriminals have a huge attack surface to conduct their operations.
With so many areas to keep an eye on, a zero-trust approach to IT security makes sense.
The risk
To highlight the current cybersecurity state of play, recent research has found that 92 per cent of UK businesses suffered a cyberattack in the last 12 months, and 78% feel unprepared to deal with current threats. Despite the upsurge in cyberattacks, more than a quarter of UK companies do not consider IT to be ranked within their top three priorities as they plan for the next 12 months. This is concerning when considering the finding that cyberattacks cost nearly one in ten (8%) UK businesses over £1 million.
Plenty of work needs to be done across the entire IT estate, as not enough is being done to actively address these issues. Organisations need tools to cover all the bases, including multi-factor authentication to govern access to sensitive data, secure document management systems to ensure information is shared in a safe and compliant manner, and encryption capabilities that reduce the chances of stored data – whether on-premise or in the cloud – being compromised.
The reward
Adopting a zero-trust framework and applying it across all elements of the IT estate offers a variety of security benefits. Zero-trust presumes all applications and services are malicious and are denied access from connecting until they can be positively verified by their identity attributes. Therefore, this model reduces risk because it closely scrutinises what is on the network and how those assets are communicating. Further, as baselines are created, a zero-trust model reduces risk by eliminating overprovisioned software and services and continuously checking the “credentials” of all devices – whether they are printers, laptops, desktop computers, mobile phones or any other internet-enabled technology.
The future
Functioning efficiently and safely in a hybrid work environment all boils down to risk management. This means getting better visibility and understanding of the way people work, and by association, the way they interact with business systems and sensitive data. Zero-trust doesn’t have to be a complete change in the business working model or mean that existing security architectures need to be replaced. It simply provides a solution to gain more control within the network, creating an even stronger shield and barrier. It is the way forward for organisations that want to be confident that they have the necessary tools and support to combat evolving threats.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.