Wall Street Journal Predicts Dire Cybersecurity Days Ahead, Endorses Zero Trust
Let’s be honest for a second.
This is a corporate blog. Yes, we aim to provide our readers with actionable, educational information. And, yes, we strive for complete transparency. But, at the end of the day, we understand if you’re skeptical of some of what’s written here. We’re a business, not a news publication, and it’s impossible for us to be completely unbiased all the time. We might never be able to convince you of the full veracity of our original research or our predictions for cybersecurity in the coming years.
But maybe the Wall Street Journal can.
Published this week, “Why the Hybrid Workplace Is a Cybersecurity Nightmare” examines the vast array of cybersecurity concerns facing IT professionals as their organizations permanently transition to hybrid or remote workplaces. The report echoes a lot of what our experts have written here.
We encourage you to read the full article. But the highlights—or, more accurately, lowlights—include:
Workloads are only going to increase for already overburdened IT staffs
The WSJ reports that the perimeterless workplace has put tremendous stress on already understaffed IT departments, and it won’t be alleviated anytime soon.
“Security teams have been stretched thin by the demands of the pandemic. For the past year, they’ve had to make sure everyone is equipped to work from everywhere and can use critical tools such as virtual meeting rooms. Things will only get tighter now that businesses are hiring more workers and launching into new projects they had put on hold during the pandemic.”
Unsecured networks will continue to be aggressively exploited
Opportunistic threat actors, as we all know, are always searching for the path of least resistance. They struck gold this past year as remote employees logged onto unsecured networks in droves. The Everywhere Workplace isn’t going away, so something’s got to give, right?
From the report:
“Hackers were quick to realize that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates that cyberattacks jumped 238% globally between February and April 2020. Those attacks have continued to hammer corporate networks.
Effective, holistic patching remains hampered
The number of devices has made provisioning an almost insurmountable challenge. IT is now tasked with deploying hundreds and thousands of patches across scores of devices. And one missed patch can make all the difference.
From the report:
“Now security chiefs are wary of the number of devices that may have sat idle in offices for over a year—turned off and unable to download patches—while employees have been absent…and we’re not talking about just one patch, but potentially dozens or hundreds.
Of equal concern are devices that have been used by employees during remote working. Because of the extended time away from the office, users may have gotten negligent about installing patches, leaving machines vulnerable when they reconnect to the corporate network.”
Humans will remain…well…humans
The most frustrating thing about cybersecurity? People. It doesn’t matter how much you invest in training or how well-intentioned your employees are in their vigilance. Users inevitably make errors—like not recognizing sophisticated phishing attacks—that result in security incidents.
From the report:
“The usual ways of training employees to guard against hackers often don’t work, they say, so we should take that responsibility out of workers’ hands—and create defenses that work behind the scenes as much as possible.
So, what’s the alternative? One possibility is a concept called zero trust.”
Zero Trust is the future
After laying out the cybersecurity problems facing remote and hybrid workplaces, The Wall Street Journal concludes by endorsing zero trust.
“Systems that are more vigilant use multifactor authentication: Users might have to confirm their identity rigorously when they sign in to the network, such as entering a password along with something else, like responding to a message on their phone.
Zero trust takes that a step further. Even after users pass the authentications, security checks constantly exchange information in the background to verify whether users can access certain systems or files, rather than assuming that because they passed through the gateway, they should be allowed free movement.
By doing it this way, security staff assume hackers are already inside a company’s digital walls, and their job is to make it difficult for them to wreak havoc. And, because these processes are usually automated, zero trust doesn’t have to rely on users to make it all work.”
But you don’t have to take our word for it. You can read the full report here.