The IT security challenges that the spread of the Modern Workplace poses to organizations today are far more complex than in the past, when it was basically a matter of defending the perimeter of the corporate network with firewalls, gateways, or proxies.
The idea of the impenetrable fortress has fallen in the face of new demands: data is not only growing, but also everywhere, on servers, in the cloud, on personal devices, on collaborators’ smartphones and laptops. We must deal with a coexistence of physical and virtual environments, platforms and collaboration environments never seen before.
Traditional security perimeters no longer exist. We must deal with fluid, flexible, shifting boundaries. The figure of the attacker is no longer necessarily that of an external criminal trying to break into our homes: anyone, in fact, is a potential threat, even a collaborator unaware of his actions.
As a result, the attack surface is growing larger and thus the degree of vulnerability increases. Many realized this forcedly (and often too late) in the pandemic period, when improvised models of working remotely created quite a few problems. Indeed, the lack of a proper security culture within the company and the use of personal devices -not secure, let alone up to date- through which to access corporate resources led to an exponential increase in successful cyber-attacks.
Today, as hybrid work is a stable part of our “new normality,” the task of those who manage the security of the enterprise IT compartment is therefore increasingly difficult. There is a need to renew from the ground up the approach to security, so that the needs for sharing and collaboration, go hand in hand with careful risk assessment.
Increased awareness (and the help of Artificial Intelligence).
This new approach to security starts with a radical shift in focus from the device (PC or other) to the user.
In fact, most attacks today seek to profit not so much from technological leaks, but from human failures or inattention: from overly simple passwords to risky user behavior, often caused by poor security training or lack of detailed instructions to avoid dangers that may come from the outside.
The biggest mistake companies make is feeling secure and leaving too much freedom and autonomy to users without security awareness. Cyber criminals are always one step ahead, and every day we witness the breach of companies that assumed they were safe and based on this perception failed to promote more security-aware behaviors among their employees-at any level.
The strategy to be adopted is therefore very different from the previous one. Without neglecting device and perimeter protection, which cannot be missed in any case, new tiles and a holistic view of security must be added, focusing on the user and his or her habits, for example, imposing complex passwords, adopting multi-factor authentication, and more.
However, all this is not enough. A secure Modern Workplace needs to integrate protection solutions from external threats that are becoming more sophisticated every day: this is where the central role of constant monitoring of systems emerges, and especially that of Artificial Intelligence, which is the real strength in the evolution of cybersecurity.
Today’s cutting-edge security solutions-such as those from Microsoft that we will go over later-use AI to prevent attacks but also to react in a timely manner, relying on analytical tools that in real time intercept a possible attack or breach and automatically alert us to impending danger.
Culture and technology are the two major pillars on which the new idea of Security for the Modern Workplace must rest.