How COVID-19 changed the future of work
COVID-19 forced businesses across the globe to rapidly adopt remote work in order to adhere to social distancing and stay-at-home orders. For some companies, this transition was seamless, especially those that already implemented cloud and the necessary supporting tools within their organizations. Others struggled to adapt their workforces to this highly remote, cloud-first environment. In fact, 41 percent of enterprises have not taken any steps to secure access for their remote workers despite the fact that 65 percent enable personal devices to access managed applications.
To quickly support remote work, organizations were spurred to adopt cloud and allow employees to access the corporate network from unmanaged devices. However, cloud and BYOD environments call for specific security solutions, and organizations that failed to simultaneously implement the necessary controls also expose themselves to more risks, including insider threats. Even once stay-at-home orders are lifted and some businesses choose to return to the workplace, COVID-19 had such an impact on the way we work, making it likely that the following post-pandemic predictions may occur.
Cloud adoption has already been growing rapidly, but we’ll see a sharp increase in adoption in 2020 as a result of the global pandemic.
Recent events have impacted businesses and schools all around the world, causing them to shift to remote work wherever possible. Cloud adoption gives employees and students the freedom to operate from the safety of their homes by granting remote access to needed data and services. However, even before the outbreak, cloud adoption was outpacing the adoption of the tools needed to properly protect data in cloud environments. In 2019, 86 percent of organizations deployed cloud-based tools, but a mere 34 percent made use of single sign-on (SSO), a basic but critical capability for authenticating users and securing access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues within organizations and indicates that data breaches will continue to arise around the world.
The shift to widespread remote work also increases the likelihood of insider threats.
Verizon’s 2019 Data Breach Investigation Report found that approximately 34 percent of breaches involved internal actors. Additionally, a recent survey conducted on IT professionals about insider threats revealed that only half of organizations provide user training regarding insider threats. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against employees--whether they are malicious or merely careless.
Phishing attacks are not a groundbreaking threat, and general employee awareness of these schemes has grown in recent years; however, hackers still find success with this tactic by taking advantage of major news. In fact, the United Nations' health agency released an alert warning of an increased number of cybercriminals posing as World Health Organization (WHO) representatives amid the current pandemic. During this stressful time, recipients of these messages are more likely to click on malicious URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a leading cause of data breaches in 2020.
Businesses will implement changes to ensure BYOD devices are secure.
A majority of organizations (85 percent) were already somewhat prepared for remote work by enabling bring your own device (BYOD) policies. On the flipside, not all companies that have adopted BYOD are doing so securely. For example, 43 percent of businesses do not know if the devices employees are using to access corporate data are infected with malware -- demonstrating a disturbing lack of visibility. By the end of 2020, we will likely see even higher BYOD adoption rates--whether out of necessity for enabling remote work, or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction.
Regardless, when companies enable BYOD, they must also implement agentless security measures that can protect corporate data on personal devices. With agentless tools, IT gains security and compliance without invading user privacy through agents on employees’ personal endpoints. As organizations increasingly realize that cybersecurity must be a top priority, we predict that the use of agentless security solutions will rise alongside that of BYOD.
Anurag Kahol is CTO and co-founder, Bitglass. Before joining the company, he was director of engineering in Juniper Networks’ Security Business Unit. He received a global education, earning an M.S. in computer science from Colorado State University and a B.S. in computer science from the Motilal Nehru National Institute of Technology.