their home office, often from unsecured
personal devices. This can provide an
open door for attackers. VPNs are often
used to access corporate systems and
these have become popular targets
for attackers who are looking to take
advantage of insecure connections.
Moreover, many workers will be allowing
their corporate laptops and other
devices to be connected to the Internet
by a family member while working from
home. So the good security habits that
might allow an employee to recognise
and avoid a malicious website or
phishing mail can be bypassed by this
kind of behaviour.
Collaboration
carries an element
of risk, but it can
be addressed by
taking a consistent
approach to security.
Finally, in the shape of Coronavirus,
attackers have a subject that is top
of mind that they can use to their
advantage. This means when, for
instance, attackers try to get people to
click on malicious websites or phishing
emails to compromise credentials and
gain access to corporate systems, they
have a better chance of success.
What should organisations
look for in a privileged access
solution for third parties and
remote workers?
Businesses can improve their risk
posture by managing employees and
applications’ access permissions once
in the infrastructure and making sure
third parties have trusted entry points
into the organisation.
Then it’s a matter of keeping an eye on
data flows, training the people who have
access to these systems and having
a clear overview of security practices
across the supply chain. Ultimately,
collaboration carries an element of
risk, but it can be addressed by taking
a consistent approach to security,
replicating good practices among
partner companies and reducing risk
by ensuring greater visibility into activity
during secured sessions, and having the
ability to take an action to mitigate risk.
Privileged access management provides
greater visibility of – and control over –
remote access to enterprise networks, as
more and more employees work remotely.
Businesses should look for platforms that
employ biometrics, Zero Trust and just-intime
provisioning to reliably authenticate
remote vendor access to the most
sensitive parts of the corporate network.
In the current environment, where
endpoint devices have disparate levels
of security and the office environment
can be a café, car or home office,
cybersecurity needs to match the
flexibility of modern working to best
ensure Business Continuity.
How can organisations secure
the ‘new normal’?
Staying ahead of known and emerging
threats in this new landscape has
added even more levels of complexity
to an already complicated job. CIOs
www.intelligentciso.com | Issue 26
75