In Digital Journal’s third review of how the world of work is morphing into something very different, due to the COVID-19 issues, the subjects analysed are cloud computing, bring-your-own-device to work schemes, insider threats and email scams. To gain an insight into the trends that these subjects are taking, we spoke with Bitglass’s Anurag Kahol (CTO and co-founder).
The third instalment continues these broad cybersecurity themes.
Cloud adoption has already been growing rapidly
Despite the growth in cloud computing solutions, Kahol states, this is going accelerates in the post-COVID-19 world: “We’ll see a sharp increase in adoption in 2020 as a result of the global pandemic. Recent events have impacted businesses all around the world, causing them to shift to remote work wherever possible.”
The advantage from cloud computing take-up is that it provides employees with the freedom to operate from the safety of their homes, offering ]remote access to critical data and support services.
Looking at the data further, Kahol says: “In 2019, 86 percent of organizations deployed cloud-based tools, but a mere 34 percent made use of single sign-on, a basic but critical capability for authenticating users and securing access to corporate cloud environments. This statistic suggests deeper underlying cloud security issues within organizations and indicates that data breaches will continue to arise around the world.”
Despite advances with security, Kahol is concerned that the shift to widespread remote work will increase the likelihood of insider threats. For example, Verizon’s 2019 Data Breach Investigation Report discovered that approximately 34 percent of data loss issues involved the activities, wittingly or unwittingly, of internal actors.
According to Kahol, this needs to be come a new area of business interest: “A recent survey conducted on Information Technology professionals about insider threats revealed that only half of organizations provide user training regarding insider threats. While protecting data from malicious external actors is typically top of mind for most organizations, the fact remains that they must also defend against employees, whether they are malicious or merely careless.”
Beware phishing attacks
Kahol notes that companies have generally taken measures to avoid phishing attacks, explaining that: “Phishing attacks are not a ground-breaking threat, and general employee awareness of these schemes has grown in recent years; however, hackers still find success with this tactic by taking advantage of major news. In fact, the United Nations’ health agency released an alert warning of an increased number of cybercriminals posing as World Health Organization representatives amid the current pandemic. During this stressful time, recipients of these messages are more likely to click on malicious URLs, open attachments, and give up personal data. Because of this, insider threats will spike and be a leading cause of data breaches in 2020.”
Businesses will implement changes to ensure BYOD devices are secure
With ‘bring your own device’ (BYOD) to work schemes becoming more popular, Kahol has found that a majority of organizations are somewhat prepared for remote work by enabling BYOD policies. Looking into these, he surmises: “On the flipside, not all companies that have adopted BYOD are doing so securely. For example, 43 percent of businesses do not know if the devices employees are using to access corporate data are infected with malware–demonstrating a disturbing lack of visibility. By the end of 2020, we will likely see even higher BYOD adoption rates–whether out of necessity for enabling remote work, or simply for BYOD’s many benefits, including enhanced mobility, efficiency, and employee satisfaction.”
However, companies do need to consider key security issues: “When companies enable BYOD, they must also implement agentless security measures that can protect corporate data on personal devices. With agentless tools, IT gains security and compliance without invading user privacy through agents on employees’ personal endpoints.”