By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Wealth Beat NewsWealth Beat News
  • Home
  • News
  • Finance
  • Investing
  • Banks
  • Mortgage
  • Loans
  • Credit Cards
  • Small Business
  • Dept Management
Notification Show More
Aa
Wealth Beat NewsWealth Beat News
Aa
  • News
  • Finance
  • Investing
  • Banks
  • Mortgage
  • Loans
  • Credit Cards
  • Small Business
  • Dept Management
Follow US
Wealth Beat News > Small Business > How Organizations Can Prepare For Security Challenges
Small Business

How Organizations Can Prepare For Security Challenges

News
Last updated: 2023/09/15 at 4:05 AM
By News
Share
8 Min Read
SHARE

Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Board’s role in cybersecurity and technology.

Contents
Disengagement discourages secure behavior.Lack of identity verification can enable impostors.Digital nomads leave a trail of vulnerabilities.Some moonlighting microservice providers might profit from conflicts of interest.Lack of flexibility inhibits security recruitment and retention.Breakdown in security culture raises insider threats.Over-reliance on automation backfires.Outsourcing amplifies supply chain risk.How can organizations be better prepared to tackle these risks?

The fourth industrial revolution is here, and new technologies have the potential to change how people work in ways previously hard to imagine. On one hand, organizations are shifting to permanent or hybrid remote work setups since it provides opportunities to trim operating costs and weather an uncertain economic future. On the other hand, businesses are accelerating investments in artificial intelligence (AI) to boost automation, operational efficiency and business productivity.

AI presents big opportunities along with big risks. Let’s explore potential threats that emerge from the intersection of remote working and technology advancements:

Disengagement discourages secure behavior.

By embracing remote working, the lack of in-person contact among staff can have a less-than-ideal effect on corporate culture. Disengagement between staff and their employer will no doubt have an adverse effect on their attitudes toward the company and, consequently, heighten the risk of insider threats, either by accident, judgment errors or malicious intent.

Lack of identity verification can enable impostors.

As the organization now operates more “virtually,” technologies like deepfakes allow cybercriminals to impersonate employees, the C-suite and business partners, which puts the enterprise at an increased risk of security incidents. Furthermore, if employees begin to engage AI to circumvent standard security governance practices and automate work tasks, they could undermine the organization in ways similar to shadow IT, with its resultant lack of oversight. This lack of visibility and verification enables impostors to compromise information at will.

Digital nomads leave a trail of vulnerabilities.

The introduction of new and favorable tax rules for remote employees, especially those who fancy traveling the world, encourages them to change their location on a frequent basis. Since they log in to corporate resources from various locations, organizations can’t be sure what security controls are being used and what security protocols are being followed while transiting through public places such as airports, cafes, parks and other unsecured wifi locations.

Some moonlighting microservice providers might profit from conflicts of interest.

The gig economy is giving rise to new services being offered by the hour by people who work on a freelance basis, and these workers are not always required to clear sound background checks. Based on my observations, many of gig workers are full-time employees who use their spare time and weekends to take on second jobs. Some might be working for competitors, which can be a conflict of interest and might even violate non-disclosure agreements, which puts all parties at risk.

Lack of flexibility inhibits security recruitment and retention.

From my perspective, businesses that insist on returning to the office, especially for security roles that could be hybrid or fully remote, will likely see higher rates of attrition and longer-term unfilled vacancies. Lack of skilled talent affects staff availability and makes burnout of existing staff more likely. This leads to lower security performance by harried workers and raises information risk across the board.

Breakdown in security culture raises insider threats.

Employees who are disgruntled might stop respecting security protocols and show a blatant disregard for policies. Combined with high levels of attrition and gaps in critical skills across the business, the threat of a successful attack using an employee as a vector—either through apathetic behavior, being coerced by easy money offers or being an assailant themselves—increases significantly.

Over-reliance on automation backfires.

New security technology can streamline and bolster defenses, but in my experience, it often falls short. Without human interaction and experience, these systems lack the context they need to make accurate decisions. As a result, they might generate false positives or miss real threats. Security technology is often designed to work with little or no human input, which can lead to problems when the system encounters something it doesn’t understand, such as a new type of malware or a sophisticated attack. Security systems need to be regularly updated; otherwise, they’re at risk of becoming obsolete.

Outsourcing amplifies supply chain risk.

As offices are closed, some organizations might try to reduce costs by outsourcing as many essential services and tasks as possible. While this improves flexibility, it also heightens the risk of a major disruption as businesses lose control over key infrastructure.

How can organizations be better prepared to tackle these risks?

Organizations with remote employees will have to carefully weigh how this working model affects their security posture and security culture.

• Ensure data, information and security governance functions are equipped to oversee and deal with change. Keep control frameworks up to date to ensure security basics are always in place.

• Update security awareness programs to factor in the established working model for the organization (i.e., office, hybrid or remote). Deploy culture-building exercises for remote staff, such as a combination of frequent on-site and video sessions, to create and maintain a sense of togetherness.

• Establish clear protocols on the use of outsourced suppliers and services. Mandate a certain level of assurance and oversight, both pre- and post-contract. Include suppliers in business continuity planning as well.

• Introduce systems and processes for continuous identity verification, such as regular video chats, to confirm whether employees are who they say they are. Use deepfake detection tools to identify impersonators and fake content.

• Apply encryption to all sensitive data on employees’ devices, preferably at hardware level (e.g., whole disk encryption).

• Take a strategic view of the long-term risks associated with an increasing reliance on AI and automation and how that alters risk. Deploy review processes that routinely assess the accuracy and integrity of the intelligence and data that powers AI and drives business decisions.

Technology and workplace transformations must never be done hastily. It’s important to be fully aware of the risks as well as the opportunities that exist. It is also equally important to have a well-thought-out transition plan in place before moving ahead into the unknown, because uncertainty is the only thing organizations can be certain of.

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?

Read the full article here

News September 15, 2023 September 15, 2023
Share this Article
Facebook Twitter Copy Link Print
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Fast Four Quiz: Precision Medicine in Cancer

How much do you know about precision medicine in cancer? Test your knowledge with this quick quiz.
Get Started
Excelerate Energy: Nearby Best Energy-Source Cap-Gain Prospect (NYSE:EE)

The primary focus of this article is Excelerate Energy, Inc. (NYSE:EE). Investment…

Penske Is Steady, But The Road Ahead May Be Bumpy (NYSE:PAG)

Investing Thesis On Wednesday, Penske Automotive Group (NYSE:PAG) released a superficially encouraging…

Top Financial – No, Stop It, This Is Silly (NASDAQ:TOP)

TOP Financial Moves, yes, but why? TOP Financial (NASDAQ:TOP) was quite the…

You Might Also Like

Small Business

Marketing Versus PR: What’s Really Different?

By News
Small Business

Fundraising Strategies For Businesses Scaling Beyond $100 Million

By News
Small Business

The Power Of Personalization In Marketing And Website Design

By News
Small Business

Brilliant Or Lucky? 4 Key Insights For Ventures & Angels

By News
Facebook Twitter Pinterest Youtube Instagram
Company
  • Privacy Policy
  • Terms & Conditions
  • Contact US
More Info
  • Newsletter
  • Finance
  • Investing
  • Small Business
  • Dept Management

Sign Up For Free

Subscribe to our newsletter and don't miss out on our programs, webinars and trainings.

I have read and agree to the terms & conditions

Join Community

2025 © wealthbeatnews.com. All Rights Reserved.

Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc.

I have read and agree to the terms & conditions
Zero spam, Unsubscribe at any time.
Welcome Back!

Sign in to your account

Lost your password?