Disruption in the way we work has exploded in intensity and breadth since the onset of 2020. As India starts to see some semblance of normality, businesses need to think about what the future of work looks like and how to secure it. According to a Forrester study commissioned by Tenable, 80% of Indian organizations plan to have employees working from home at least once a week in the next 12-24 months. This hybrid work model, however, isn’t without risk.
By Kartik Shahani, Country Manager, Tenable India
Fast-paced Tech Adoption has Atomized the Attack Surface
With employees splitting time between the office and offsite locations, it will become even more challenging for organizations to protect enterprise data as employees connect to public Wi-Fi at the local coffee shop, and access enterprise information on their mobile devices while commuting. These changing conditions will require organizations to take a much more adaptive approach to evaluate how users are configured and managed.
What’s more, over the next two years, organizations in India are enhancing their digital platforms (63%), moving non-critical business functions to the cloud (62%), and expanding the software supply chain (49%) to ensure employees have the right tech stacks to work efficiently in a hybrid environment.
Fast-paced digitization surely facilitated business continuity but also increased the number of cyberattacks. There was an average of 27,966 records breached between May 2020 and March 2021 in India. Organizations with hybrid work models took 271 days as the average mean time to identify a data breach, 63 days longer than the average mean time to identify a data breach in organizations working out of perimeter office.
It’s therefore evident that changes are taking place at light speed but security leaders in India are unprepared to secure workforce strategies. This is a clear sign that tech adoption to facilitate a hybrid work model is outpacing the speed of security in India.
So, what can organizations do?
Redefining What a Vulnerability Is
The hybrid work model has shattered the corporate network into numerous devices across cloud and on-premises. It’s impossible for organizations to rely on yesterday’s tools to secure this new reality. Instead, organizations must adopt a zero-trust model where no one is trusted and everything must be validated. It’s built upon cyber best practices and sound cyber hygiene, such as vulnerability management, proactive patching and continuous monitoring. Identifying each and every user in the network provides full visibility into the attack surface including IT, OT, and IoT. Once security teams know how data flows within the organization, identifying critical assets that need to be secured becomes easier. Limiting access to these assets reduces the attack pathways and allows ease in monitoring the attack surface, identifying end-point vulnerabilities, and patching them regularly.
To prevent another SolarWinds incident from taking place, organizations need to consistently evaluate third-party and contractor access to enterprise data, scan for unmanaged assets to effectively stop attackers.
The future of work is without perimeters and organizations must be prepared to secure their new reality. Also importantly, organizations must ensure that the lessons learned from the past 18 months are reflected in their disaster response and business continuity plans for the future.
About the Author
Kartik Shahani is the Country Manager for Tenable in India. Based in Mumbai, India, Shahani has over 30 years of experience in the IT industry, driving momentum for enterprises. He spearheads initiatives for Tenable in the enterprise security market, manages operations, and continues efforts towards channel activities in India.
He has extensive experience in the telecommunications, finance, and government sectors. Along with his innovative sales strategies, he is instrumental in driving growth in India. Shahani previously worked in RSA Security, a division of Dell EMC, where he was Director for Channel in the Asia Pacific and Japan. Prior to this, he was the Executive Director of Integrated Security for India and South Asia at IBM.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.