Earlier this year we witnessed a ‘stake-in-the ground moment’ from the Government as it enlisted the Queen to open the UK’s very own National Cyber Security Centre. And it’s about time too – the papers are littered with stories of cyber security breaches and hacking nightmares. From meeting room technology, to holiday planning applications, to sophisticated phishing attacks, the opportunities for the seasoned enterprise hacker are endless.
But the cases that hit the headlines only scratch the surface of the challenge that faces today’s enterprise environment. And more importantly, the challenge facing the IT teams employed to protect data, networks, reputations, and revenues from unscrupulous attackers.
Cyber security breaches cost British businesses £29.1bn in 2016 according to new research by Beaming. The survey also reveals that more than half (52 per cent) of British businesses fell victim to some form of cybercrime in 2016. Of course, it goes without saying that the list of breach types is endless. It makes little sense to try to understand and address them all in one go, but IT teams and decision makers must begin to evaluate where risks lie within the business if they are to stand a chance in protecting themselves from the threat.
The threat from within
It’s possibly reassuring news then, that while cyber-weapons, sophisticated phishing attacks and state-sponsored espionage grab all the headlines, it has been revealed that the biggest threats to a company's integrity lies much closer to home – its employees. Crucially, an employee doesn’t have to be acting maliciously to become that number one risk – often they simply don’t realise they are putting the company in jeopardy.
People are susceptible to introducing risk through meeting room technology apps, process and admin apps, even security and firewall apps for a variety of reasons. Sometimes they’re taken in by the lure of ‘something for nothing’. Sometimes, they cut corners to make their lives easier. Flexibility, experience, functionality and compatibility are common reasons a worker may choose to circumvent IT-approved cloud apps.
As globalisation sets in and the expectation for connectivity and the need for seamless, anytime, anywhere communication increases, meeting room technology is becoming ever more important to the modern business. That said, meeting room technology that does not work seamlessly is a huge hindrance for productivity.
In a recent survey, one of the biggest challenges cited by employees globally was the sharing of content and screens during conference calls, and finding the right cables to connect to in-room devices. In trying to deal with tech problems, staff are wasting significant amounts of their valuable time: 66 per cent try to fix problems themselves. So it makes sense that they may ditch the company approved technology and turn instead to apps they trust, to communicate with colleagues and clients effectively.
This application autonomy doesn’t just apply to individuals, sometimes departments within an organisation bypass company procedure to ‘cut red tape’ and get what they need more quickly. This is more likely in the case of new technologies as getting something approved, bought and rolled out by the IT department might be a lengthy process. It’s quicker to get something signed off by a departmental manager (and paid for as an operating expense).
Not only are employees keen to stay connected, and to bypass red tape, but we know that today’s young professionals want to use the apps they use in the private lives, in their place of work. Especially for communication and collaboration. It makes sense given that businesses are increasingly affording employees more flexibility and responsibility in their working lives. But this sense of empowerment is leading them to use apps that aren’t ‘company approved’ on the business network and so they are opening unexpected holes in the safeguarding processes. This is made even more dangerous because IT teams are often not afforded systems to administer and manage apps and therefore don’t necessarily have visibility of the problem until it’s too late.
Compounding the problem further, today’s generation of relatively new employees have grown up in a connected world. Our consumer existence centres on the ‘smart’ technology phenomenon. Communication apps such as WhatsApp, Skype and Facetime are the second screens to our television and follow us wherever we go in our pockets – there is an expectation that application autonomy should be mirrored in the workplace. This is worth considering when trying to understand why it is so important that IT directors of the here and now invest in cohesive and flexible application technology that suits the needs of the millennial.
It’s easy to see how these shadow IT applications create a risk for enterprises. They touch the corporate infrastructure and can communicate freely with the corporate cloud and software-as-a-service (SaaS) platforms as soon as users grant access through open authentication (OAuth). These apps can have extensive—and, at times excessive—access scopes. They must be managed carefully because they can view, delete, externalise, and store corporate data, and even act on behalf of users.
A technology revolution
But how on earth how have we got to the point where an employee poses a greater risk to the enterprise than the murky world of high-profile cybercrime? Simply put, it’s down to the technology revolution we are experiencing today. With an increasing number of employees using a variety of devices in the workplace, such as desktops, tablets, smartphones, phablets and wearables, the challenge for IT teams is greater now than ever before.
The world of digitalisation and virtual networks brings many benefits to the enterprise, but as always, there is a downside. As enterprises shift to the cloud, their security perimeter extends into the virtual realm. However, that security perimeter quickly dissipates with each connected third-party cloud application that employees introduce into the environment. The result is that technology can ‘creep into’ the company piecemeal, rather than in a planned (and tested) way.
It should worry IT managers that research shows that many employees who use cloud apps are careless, with 58 per cent of full-time employees citing having not been told the right way to download and use cloud apps. This can cause real problems. If technology isn’t ‘on the radar’ of the IT department – let alone managed by IT – it becomes harder to manage any negative consequences of the introduction of the technology.
Simplify, amplify, manage…secure
So what can employers do to harness this technology explosion and keep employees happy while protecting the business from unnecessary cyber breaches? Today it has become almost impossible to try to restrict employees and their application choices. But decision makers can make it their mission to understand and get involved with the technology their colleagues use. Understanding what technology, when and how, enables a company to satisfy the increasingly complex demands of today’s employees.
The challenge can also be addressed by decision makers through investment in platforms that offer a range of approved apps required for the business, that employees can be allowed to use safely.
In the meeting room, employees need technology they can trust for seamless, flexible solutions to video conference calls. Customers expect more improved service levels and the economic landscape is becoming more competitive by the day. So, it’s essential that individuals are equipped with meeting room technology that not only enables them to offer impeccable service, but that can be relied upon and that they feel comfortable with. But employers must balance that need for application autonomy with ensuring that the network remains secure and their IT team have visibility and control over applications used by the business and its workforce.
This approach enables the employer to offer flexibility to suit the communication needs of its workforce and customers without the security threat worry becoming a reality.
For addressing this vast cyber security challenge we face today, Government investment and support as well as awareness raising is critical. But all need to be in this together to tackle it head on and business leaders must play their part in that process too.
Roger McArdell, CTO and partner at Ashton Bentley
Image source: Shutterstock/Kzenon