Organizations around the world are quickly adapting to today’s fast-changing business environment. More employees are working remotely. And industries of all kinds are finding new ways to stay productive with business disruption and a suddenly dispersed labor force.
But are their cybersecurity controls keeping pace?
To help address new security risks in an era of remote work, we’re joining forces with three other cybersecurity leaders to create the Spectra Alliance. The alliance—which includes Proofpoint as well as Okta, CrowdStrike and Netskope—is teaming up for a first-of-its-kind integrated solution to secure remote work at scale.
Executives of each of the four companies recently discussed the modern cyber risks in a webinar August 13.
The risk to at-home workers and the organizations that employ them is changing. “Cyber criminals are targeting people working for an enterprise rather than enterprise infrastructure,” said Proofpoint CISO Lucia Milica.
Milica identified three types of cyber security risks:
- Behavioral. Many people are working from home for the first time. They may not realize that they don’t have the same security at home as they would have at the office.
- Technical. Remote workers may not grasp the security risk associated with this more widely distributed workforce using a variety of devices such as personal laptops, tablets and smartphones. These devices may not be well protected.
- Operational. In remote work, many devices share sensitive and proprietary information over outside networks. Companies may not understand the operational risk of these “people perimeters.”
“People are the new enterprise edge,” Milica said. “We have to start thinking about security from that perspective.”
As enterprises extend their networks to employees forced to work from home, some of them too quickly embrace usability over security. That’s the fear of Okta Chief Security Officer David Bradbury. The company is a leader in identity and access management tools.
“One of the biggest threats I’ve seen is from organizations turning on the new best-of-breed collaboration tools, like Zoom and Slack, without really thinking through all of the security implications for employees,” Bradbury said.
He cited the noteworthy—and embarrassing—example of a recent Zoom video conference hosted by British Prime Minister Boris Johnson. Like many users, he inadvertently shared his Zoom meeting ID with the entire world.
“There are some faux pas here that we need to learn—and an obligation on security teams to push those messages home,” said Bradbury.
In other situations, competitive pressure to extend IT to home-based workers prompted companies to deploy remote technology and new software without running them by security.
In this environment, businesses must rely on third, or even fourth, parties to secure remote workers. The risk is further complicated by the many children of employees who are using the same home network because their schools are closed.
Going forward, IT security professionals need to improve their visibility of the home environment where employees do their work on the corporate network.
The pandemic exacerbated work-from-home security worries. It has also enhanced the number of cyber scams threatening the public.
“That has exploded,” said Amol Kulkami, CrowdStrike’s chief product officer. The company provides endpoint protection, threat intelligence and cyber attack response services.
Reports of pandemic-themed robo calls, suspicious emails and other such schemes rose by 300 percent in the March to May timeframe vs. the year-ago period, Kulkami said. That’s when Covid-triggered lockdowns began sending workers home.
To thwart future cyber attacks, enterprises need to embrace a cloud platform that extends the security wherever it’s needed,
“Any way we can use cloud-native architectures that are built natively for protecting work from home—from the get-go, not something as a bolt-on—is key,” Kulkami said.
Subscribe to the Proofpoint Blog