Modern Technology, Modern MistakesAs employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.
As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk.
Indeed, myriad innovations have made it easier for people to do their jobs more efficiently, says Todd Peterson, security evangelist at One Identity. At the same time, they've also made it easier for them to "play."
"Employees can now access any websites, such as fantasy sports, gambling, entertainment channels, and collaborate and share information using cloud storage tools easily with a single click," says Sai Chavali, security strategist at ObserveIT.
But with all that know-how and tech at their fingertips comes a trade-off.
"Technologies are making it easier for people to do their job, but generally security is not at the forefront of people's minds," Peterson says.
Much of that has to do with security's reputation of getting in the way of digital transformation. Peterson cites multifactor authentication as an example.
"Because of added security features, a user has to login with multifactor authentication, and now the user has another hoop to jump through," he says. "Then we are back to the old days of technology being cumbersome and hard to do."
Often that leaves employees making a choice between doing what's right and doing what's easy. As the computing landscape changes and businesses move to a more dynamic, cloud-delivered, self-service model, the attack surface their security teams have to defend increases.
Austin Murphy, VP of managed services at CrowdStrike, agrees with Peterson about the two sides of emerging tech. "The upside of users becoming more comfortable with emerging technologies has its benefits, but also comes with some attack considerations," he says.
For example, employees' adoption of social platforms for communications has drastically increased attacker's methods of social engineering. In response, enterprises are doubling down on scanning email for spam and malicious content, but "oftentimes they have no visibility into communications sent over Skype, LinkedIn, Facebook, and others," Murphy says.
Users are also installing their own software, which can infect their devices if they install an infected version from an untrusted source.
"It is common for attackers to find common utilities such as FTP clients or video conversion software, package or wrap malicious code into the installer, and then upload their packed installer to a free software download site, knowing that users may find their malicious version of the software installer before they find the legitimate original," Murphy says.
Additionally, employees are increasingly feeling entitled to work from anywhere and have access to anything at any time, according to Nick Bennett, director of professional services at FireEye Mandiant.
"Employees [also] feel entitled to use work assets for non-work activities, and they are bypassing protections that are in place, making themselves more susceptible to phishing attacks," Bennett says.
The issue is twofold. Employees are using corporate-issued workstations for personal use, even if they are at home. When they bring that workstation back to the enterprise, they are also putting the business at risk, Bennett explains. In addition, "employees are also using non-corporate assets to access the corporate network on a device that is unmanaged by enterprise," Bennett says.
Detecting User Behavior in a Modern Workforce
Adjusting to the behaviors of a modern workforce means expanding the security team's focus to include defending against insider threats. Early attempts failed to address this, says Joe Payne, CEO at Code42.
"Today, people want employees to collaborate more with data," he says. Early technologies, such as data loss prevention (DLP), were focused on prevention, which hindered the flow of data necessary for collaboration and led to the "zero trust" best practice.
What organizations can do is focus more on detection and response. "It's possible to track all the data movement in the enterprise so that you can build some basic rules and detect near real time when people are taking egregious amounts of data," Payne says.
Because the modern workforce can have a mix of full-time employees, remote employees, contractors, and third-party vendors, all of whom must have access to technology and data to do their jobs efficiently, organizations need to protect against both internal and external threats, ObserveIT's Chavali says.
"Organizations need to implement cybersecurity controls that not only keep the bad guys from coming in, but also proactively detect insider threats by gaining visibility into the users' behavior," he says.
Image Source: frender via Adobe Stock
Kacy Zurkus is a cybersecurity and InfoSec freelance writer as well as a content producer for Reed Exhibition's security portfolio. Zurkus is a regular contributor to Security Boulevard and IBM's Security Intelligence. She has also contributed to several publications, ... View Full Bio