Is a new approach to cybersecurity needed?
70% of security professionals say remote work means a new approach to cybersecurity is needed.
A poll conducted by SentryBay, the UK-based cybersecurity software company last week has found that 69.1% of professionals with security responsibility believe a rethink is needed to deal with the threat of cybersecurity now that devices and applications have moved outside the corporate network.
The poll, which was conducted on Twitter amongst cybersecurity professionals, aimed to assess attitudes to cyber threats and methods of protecting vulnerable devices. It found that 58.3% of respondents believed that a zero-trust approach to security was essential, and 19.9% thought it was important. When asked if their organisation had adopted zero-trust, however, only a third (33.6%) said they had.
One barrier might be the difficulties that companies are experiencing in implementing BYOD models, for which zero trust is the recommended approach to securing corporate perimeters. Over a third (33.5%) said that adopting BYOD was too complicated. The role of enterprise users has also been a BYOD challenge with user privacy concerns being cited by 28.1% of respondents and user engagement/friction cited by 19.9%. Management overheads were a challenge for 19.9%.
“BYOD offers enterprises huge CAPEX savings, but these are worth nothing if adopting the model opens the organisation up to the risk of a cyberattack,” said Dave Waterson, CEO at SentryBay. “The key to security in this scenario is proactive protection that is delivered through a software solution that specifically focuses on preventing sensitive data loss or leakage from the remote endpoint, and it should be an integral part of a zero-trust approach.”
The poll indicates that while 47.7% of organisations have still not adopted zero-trust, 8.5% are already in the process and 10.6% plan to do so in 2022.
The appetite for a change in cybersecurity methods and practices as devices and applications move away from physical offices and controlled networks is clearly important to almost 70% of those working in security, but this does not mean that it is always easy to achieve.
“While cybersecurity should be a priority for all enterprises, it can be a daunting prospect to specify and deploy the right solutions for the company’s specific needs,” continued Dave Waterson. “Culture change is often required, the knowledge and experience of security experts should be sought, but most importantly, endpoint devices – the most vulnerable element in the technology stack – need to be protected by proven software.”