5 things cybersecurity leaders need to know to make hybrid work safe

In “co-father of the internet” Vint Cerf’s eyes, the web always had the potential to be a big part of people’s lives. But even the man who spent more than 50 years working on the internet could not have predicted some of the major events that have turned the web into the lifeblood of modern society.

“The surprise for me was the amount of content people pushed into the internet,” Cerf, now chief internet evangelist at Google, said in conversation with Fahmida Y Rashid, executive editor of VentureBeat, during the Transform 2021 virtual conference today. “It was just enormous amounts of information sharing — not to make any money, it was simply to know that something you knew was useful to someone else.”

A whole ecosystem has emerged since, exposing security flaws and vulnerabilities companies now coach their employees through avoiding. The advent of a hybrid work model, where part of the workweek is spent in-office and part is spent working from home with residential networks, will prove tricky for companies. Work machines and home internet could be a security nightmare, even if the employers use a virtual private network (VPN).

To overcome that, companies need to buy into zero trust, or the philosophy that organizations should not trust anything inside or outside their network. Even the savviest internet users are targets for phishing scams and require constant education to sidestep hackers targeting vulnerabilities, Cerf said.

Zero trust can manifest as a suite of programs to prevent phishing. Web users must keep up-to-date on common scams, such as suspicious links and misspelled email addresses, to avoid putting the workplace at risk.

Companies can install software to block downloading external software and monitor how devices can be used. Google’s programs can detect when a user mistakenly types a password for an enterprise account into a personal account, for example, and alert the user to change the password in case of a breach.

In a hybrid work world, employers must “insist on more control” over their employees’ devices, Cerf said. If people are not using company-supplied devices for work, IT teams are leaving their workplaces vulnerable to exploits, even when requiring a VPN to connect to the enterprise ecosystem.

Cryptographic systems such as two-factor authentication (2FA) could be key to staying secure, Cerf and Rashid agreed. That could take the form of an app on a smartphone or a physical cryptographic device.

Employers can also apply these principles to working in the office. There may come a time where the corporate network is compromised, and it is crucial that security teams assume their networks could be exposed.

Good security teams will log and audit information to trace where a breach originated. They should also stay aware of potential malware and monitor incoming traffic to minimize damage, Cerf said.

Cerf predicts 2021 will bring expanded internet coverage in rural areas and increased 5G speeds and capabilities. By maintaining a strong framework, companies can stay safe and avoid falling prey to cybersecurity exploits.


Source: Read Full Article