A new survey from AT&T found 55% of employees report being targeted by cyber attacks while working remotely. At the same time, 35% of those surveyed connect their work devices to smart home devices, increasing the risks of an attack. Popular connected home devices include voice assistants (14%), smart speakers (14%), fitness monitors (13%), smart lighting (12%), and smart kitchen appliances (12%). The same report found that one in five employees (20%) say there is no way they could be encouraged to care about cybersecurity risk.
These numbers reveal a startling truth often overlooked by the teams engineering the latest cybersecurity solutions. The workers who rely on endpoint technology, more so than the endpoints themselves, are extremely vulnerable to attack. An organisation cannot ignore the 20% of employees ambivalent to cybersecurity risks and expect to successfully avoid cyber attacks. The problem seems insurmountable; how can an organisation secure its technology, employees, and endpoint devices at numerous remote locations without active cooperation?
The Secret to Securing Everything
There is a two-fold method for successfully solving the problem of securing a remote workforce. Devices and technology can be reliably protected by taking a Zero Trust approach to accessing organisational resources. Likewise, employees can be protected through active measures that continuously assess their security risks, but remain out of their view. This non-intrusive form of personalised employee cybersecurity is possible through recent advancements in artificial intelligence (AI), and is called Zero Trust.
The idea behind Zero Trust is simple – anything wishing to interact with organisational resources must first acquire a certain level of trust. By default, everything starts with a trust score of zero. As interactions occur between the business infrastructure and another actor, trust levels may increase or decrease. The amount of access an actor is granted changes in real-time, along with their trust rating.
While the problem of personal technology connecting to workplace devices is solved with Zero Trust, the vulnerabilities caused by human nature must still be addressed. How does one create a secure environment when workers prioritise productivity over good security practices? How can the 20% of workers apathetic towards additional security measures be protected without their active cooperation? The answer is through implementing a Zero Touch approach to cybersecurity.
Zero Touch, as the name implies, seeks to give users immediate access to their productive assets without taking multiple intermediary steps. Workers who can do their jobs without entering passwords, experiencing timeouts, requesting special permissions, or multiple authentications are less likely to seek shortcuts or workarounds. When no additional security tasks exist for the user to perform, it does not matter if 20% of employees ignore new security measures.
The Zero Touch approach goes hand-in-hand with Zero Trust. Users establish trusted routines and interactions with workplace infrastructure. While performing trusted tasks, they experience no interference from cybersecurity related processes. When unusual activity occurs, trust must be gained or re-established with the system though minimally intrusive verification. The end result: organisational infrastructure is continuously secured while employee productivity continues without interruption.
Putting It All Together
Employees shifting to work-from-home arrangements has increased cybersecurity risks beyond the initial estimates of experts. The numbers revealed by the latest AT&T research should serve as a wake-up call to cybersecurity professionals worldwide. CISOs and security analysts must look beyond traditional EDR solutions and start thinking in terms of extended detection and response (XDR). While securing endpoints is critical for protecting the environment, today’s workplace demands holistic solutions that include network telemetry, behavioural analysis, and continuous authentication.
The threat landscape has changed with the mass adoption of remote work and BYOD policies. However, the fundamentals of cybersecurity remain sound.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.