The past few years have been ablaze with digital transformations, innovations, and opportunities. But with those opportunities came increased risks from online criminals, ransomware, and supply chain attacks. Paired with the new pressure for telecommuting and a figurative explosion of technological connectivity during the COVID-19 pandemic, CISOs have more responsibility than ever to protect their systems and assets.
Fred Cobb, CISO and Executive Vice President at InfoSystems, encourages CISOs to prioritize the most significant security threats that come with the rush to digital transformation and pivot toward remote and hybrid work environments.
Weighing the Risks of Hybrid Work Environments
Transitioning work to remote or hybrid environments has exacerbated the challenge of securing the organization well beyond the traditional “castle model” of centralized IT assets.
“Many organizations made hasty decisions in the last two years when transitioning to telecommuting,” Cobb says. “Some can argue that the business risk necessitated that speed and operational continuity were more important than properly securing the telecommuter’s work space. This new way of doing business, for many companies, has left them even more vulnerable to cyberattacks.”
As IT assets are decentralized, so are the people that use these assets to perform work. People continue to put themselves at risk. Companies are relying more and more on their employees to follow good cyber hygiene while in a less secure, telecommute model. This places an even greater burden on CISOs trying to keep the cybercriminals at bay.
Ransomware and Compromised Cloud Services
Remote workers present increased security vulnerabilities. As such, the major concerns for CISOs in 2022 should be the continued threats to employees through phishing attacks containing ransomware and other nefarious pay loads, cloud service compromise due to the growth in use of SaaS and PaaS technology, vendor supply chain attacks on what should be trusted technology (remember SolarWinds), and email fraud.
Cobb encourages even greater training measures for a dispersed workforce through simulated phishing campaigns and regular security training. Additionally, companies should do a much better job of vetting third-party vendors than just a simple security questionnaire sent to prospective business partners.
“These threats and new challenges aren’t going away — many of the 2022 concerns will be with us well beyond the calendar year,” Cobb says. “The telecommute workforce is here to stay for so many companies. Securing the organization in a business model that is new for many organizations will continue to be a major challenge.”
InfoSystems provides a full-spectrum approach to securing enterprise technology, developing security protocols, administering topline employee training, and recommending risk-mitigation strategies to combat new security threats.
For over 25 years, InfoSystems has provided reliable IT solutions to build and maintain strong and secure systems for both SMB and enterprise organizations. Headquartered in Chattanooga, TN, our trusted team of experts specialize in traditional infrastructure, IT optimization and cybersecurity services, as well as next gen solutions such as hybrid cloud and automation, from partners such as IBM, Red Hat, Dell Technologies, Microsoft and VMware.