Insecure personal devices, according to Deloitte, connect daily to networks in more than 30 percent of U.S., U.K., and German companies. The potential increased tempo of insider threats, given that most breach incidents originate from employees themselves, has brought IT interventions in sharper focus. As IT departments scramble to enable remote work productivity while looking to avoid excessive risk, this has created a slate of data security issues.
Companies have limited control, indeed in some cases no control, over the remote computing environment of employees, partners and customers who have access to their networks. Consider the reported spike in brute-force attacks against remote desktop protocol (RDP) amid the Covid-19 crisis, and “Zoom-bombing” as workers began relying to a much greater extent on video conferencing and collaboration tools. Cloud-based unified communications and collaboration platforms such as Microsoft Teams and Cisco are targets for large-scale attempts to gain access to credentials using stolen or compromised identity details.
As enterprises looks to modulate and adapt their IT environments in the post-Covid era, where enablement of secure remote access will be a standard and integral aspect of a “new normal,” security teams will need to institutionalize many of the policies and processes which they hastily rolled out in the early weeks of the pandemic.