With today’s connected world, no organization or individual is immune to cyber threats. Cyber adversaries are seeking ways to profit from multiple sectors – financial, healthcare, state and local governments, educational institutions, insurance organizations, non-profit groups, among others. And, the weakest link is often the initial target to gain access.
Merely being connected causes risk. It’s your responsibility, and those you connect with, to be “cyber aware” and understand how personal online activities – emails, social networks, online shopping, etc. – can crossover to impact professional accounts and even corporate networks. While there’s no way to predict a bad actor’s next move, we do know that people are the first line of defense, and they can significantly help prevent an attempted attack from becoming a successful one. For instance, according to Verizon’s 2022 Data Breach Investigation Report, 82% of breaches involved a human element in 2022, whether due to the use of stolen credentials, phishing, misuse or simply an error.
As Cybersecurity Awareness Month 2022 comes to a close, Palo Alto Networks looks back on a month of educational events hosted for its customers, partners, community and employees. As we continue to focus on our vision of a world where each day is safer and more secure than the one before, it’s key that everyone understands the holistic impact they have on their own security and others', given the interconnectedness we experience in our daily lives. This is especially true as corporate perimeters continue to fade, and work can be done from any location on multiple devices.
Here are a few tips for organizations as they think through their cybersecurity approach, whether they’re focusing on prevention, protection or recovery.
According to Gartner’s report of Top Network Practices to Support Hybrid Work, 75% of workers will continue to split their time between home and the traditional office by 2026. This is only down from 77% at the peak of the pandemic in 2021, emphasizing that strong cyber posture will continue to be foundational in supporting workers as they choose where and how they want to work.
To minimize risk against threat groups and actors that are better funded and more sophisticated than ever before, adopting a platform approach to security is key for organizations as it helps identify initial indicators, such as changes in the attack surface, and allows for accountability of those behaviors. Possible tools that can support this approach: always-on security with threat prevention, URL filtering, malware analysis, DNS security and enhanced security controls for remote collaboration. Additionally, adopting a Zero Trust approach to security is a necessity and requires eliminating implicit trust, recognizing the way we trust and work with our machines, as well as how we’re using them in our personal and professional life.
Cloud adoption has accelerated, yet cloud security practices typically haven’t kept pace. In fact, recent Unit 42 research indicates that 65% of known cloud security incidents were due to misconfigurations and nearly all (99%) of the evaluated organizations lacked proper identity and access management (IAM) policy controls to remain secure.
The cloud provides a way to achieve speed and scale, but it can also open up the potential of new cyber threats, which haven’t existed before and are not addressed by default in the shared security model cloud offers. So, you have to ensure proper controls, but what does that entail? In a multicloud setting, it’s essential to bolster visibility with detection and response capabilities, threat intelligence, next-generation virtual firewalls and secure access for mobile and remote users. Also, in order to sustain the growth of cloud-native services, it’s crucial to implement cloud policy and governance, container security and cloud micro-segmentation.
We’re all familiar with the shift-left concept of software development (also known as security by design), in which security is injected as early as possible into the software delivery process. Intrinsic, built-in security protections are vital to scaling businesses and supporting the evolving workplace. When you build secure applications from the start, it not only enables lower risk and greater agility, but also allows for a more efficient price point.
Technology gives us the capability to build customized solutions to fit the specific needs of our ecosystems or value chains. Being able to orchestrate use of APIs, containers, DevSecOps, microservices and infrastructure as code (IaC) to respond quickly to business needs is key. Done correctly, applying security and removing implicit trust enables a solid foundation of Zero Trust and security by design. This helps foster a secure environment that’s no longer bound to the limitations of off-the-shelf tools. With a more customizable approach, organizations can truly differentiate their employee and customer experience.
Although there are various ways to set up flexible work, a secure centralized platform is optimal for expanding applications around employee choice and engagement. Work is no longer just a place, but a shared mission where global workforces engage at various times and locations, communicating over different platforms. This dynamic, compounded with how interconnected we are, emphasizes the need to have a security strategy and framework that supports being flexible, as well as responsibly providing choice within your workforce.
At Palo Alto Networks, for example, we created FLEXWORK to drive employee choice in everything, from location preference and benefits, to individualized learning and collaboration spaces. We’ve placed emphasis on providing a user experience with baked-in simplicity and personalization. Giving employees an incredibly easy way to choose where they want to work and ensuring equal access to ongoing opportunities for development and growth.
The pandemic helped influence many of us into a new way of thinking about work; one that is less about the office and employer mandates, and more about the best ways to support, secure and empower employees. Central to these rising expectations are flexibility and trust. But, we must remember it’s just as important to ensure our cybersecurity protection techniques are evolving just the same.
Change isn’t slowing down in workplace technology or in our daily lives. Hybrid work is here to stay; the cloud is here to stay; and modernization is happening. The all-important role that cybersecurity plays in our society is being prioritized more than ever before, and for good reason. This is the environment that we must continue to embrace and improve as we look towards a more secure future.
To learn more about the benefits of a platform approach to security, read our white paper, Realizing Cybersecurity Value: The Business Benefits of a Platform Approach.