Presented by Field Effect
Hybrid work environments create new cyber risks, no matter the size of your business — especially with a spike in cybercrime. Join this VB Live event to learn about the new risks, and how to effectively protect your networks, cloud services, and endpoints.
Reserve your spot here for free.
The pandemic proved that a hybrid work environment is a tremendous boost for employee wellness and productivity — but it’s also a tremendously increased risk for companies. In the 2021 Cost of a Data Breach study, the average total cost increased by nearly 10% to $4.24 million, the highest ever recorded. Costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million.
Employers are faced with a whole new security landscape, now that they’re facing a risk factor multiplied by all the ways their employees connect, says Andrew Milne, chief revenue officer at Field Effect.
“Employers need to take on the new zero trust model,” Milne says. “Rather than having it be ‘How do you protect everything?’ it’s going to be ‘How do you respond internally?’ You’re looking at the holistic view of the network, versus looking at a singularity or the points of interest.”
The problem, as always, is that new technologies create new risks, and the shift to remote work has made it easier for malicious actors to identify vulnerabilities. En masse, they preyed on the opportunity when work went mostly remote in the COVID era. IT teams were forced to start responding on the fly to new threats, opening up new vectors that didn’t previously exist. On top of that, the rise in cybercrime as a service and malware automation has put IT leaders in a bad spot.
Plus, the more people working, the bigger the risk. But no matter how many employees you have, there’s a clear correlation between human activities and the risk within an environment. Employee actions, like falling for a scammer’s social engineering, or mechanical errors, like forwarding an email accidentally and so on, can lead to security incidents.
Responding to the risks
There are a number of ways to respond to the elevated risks, Milne says. More complexity requires more sophisticated threat detection, more holistic views, and employees pitching in.
“We talk about education, training, and vigilance around the ability to reduce the likelihood of a mistake,” he says. “And while we tell people to be vigilant, we need to give people tools to respond with vigilance, to be part of the overall security vector.”
It’s also important to take preventative measures.
“We keep talking about the same things over and over again, which are the easy things people can do,” he says. “We can enable multi-factor authentication. Again, educate employees about cyber security and share responsibility across the business. And invest in security solutions that offer more in-depth monitoring, like MDR — manage, detect, and response — across the entire environment.”
Yet, the biggest problem, he says, is that most companies have skipped over so many basic things in the rush to move to a new hybrid environment. Many haven’t updated security plans and policies, or appoint an individual internally to make sure that there’s someone in charge to oversee the whole process.
“It can’t be a shared responsibility in totality,” he explains. “It has to be focused. Somebody has to be ‘the’ person. And then finding tools to keep evolving and be holistic, with a 24/7 monitoring approach. That’s very important.”
Too many security tools are endpoint solutions for just a specific portion of the solution, but they’re not the totality of the solution. Mitigating risk is about seeing it through a holistic view, not just a singular lens, and finding a solution that takes a holistic, end-to-end approach for monitoring, detecting, and responding to these elements. That’s what takes the risks out of your entire IT environment, by adding a level of support.
As we head into 2022 knowing that hybrid is here to stay, Milne’s biggest reminder for security leaders is You don’t know what you don’t know. Knowing your network, knowing your threats, and knowing how to respond to those threats is everything.
“People are still coming in and dealing with the cleanup versus moving into a defensive state,” he says. “It’s not enough anymore to say that they didn’t know. You must be in the know constantly. Once you’re in the know you can take action.”
To learn more about the risks that are waiting for companies moving to hybrid solutions, how to secure your data no matter the size of your business, and how to go from reacting against breaches to acting to prevent threats, don’t miss this VB Live event.
Register here for free.
- The biggest cyber risks associated with hybrid environments
- Emerging threats for start-ups, scale-ups, and mid-sized businesses
- Steps for creating a secure infrastructure for new work norms
- How to mitigate risk and maximize defense (even if your IT is outsourced)
- Andrew Milne, Chief Revenue Officer, Field Effect
- William H. Dutton, Oxford Martin Fellow, Global Cyber Security Capacity Centre (GCSCC), University of Oxford
- Ernie Sherman, President, Fuelled Networks
- Seth Colaner, Moderator, VentureBeat
Source: Read Full Article