A lot has been discussed over remote workforce and WFH challenges in the last two years. The faster acceleration of WFA (Work From Anywhere) or hybrid work environment of late has enhanced productivity but at the same time created new challenges for the IT security workforce. In addition, there are several non-IT resistance that create severe hindrance inside the organizations while they toil hard to ensure security and business productivity. Hence, as new risks evolve, the attack surface expands and the security is compromised. 

The Non-IT Challenges

Some recent cyber incidents in the public sector and other industries have triggered warnings regarding non-IT threats among organizations.

• Data breach in one APAC aviation organisation leaked thousands of passenger details due to malicious insiders
• Details of Covid-19 positive patients were leaked online last year in Indian subcontinent
• One of the Nationalized banks in APAC region suffered data breach of millions of customers due to password hack

All these incidents apparently pinpoint security vulnerabilities inside the organization. However, in the back stage, there could be reasons like cultural resistance and administrative hindrances that lead to data security uncertainties. When we talk about Non-adherence to the IT security policy or lack of robust password management and multi-factor authentication, the first thing that strikes our mind is ‘the organization lacks robust IT security infrastructure.’ Rarely do we think about the employee resistance to upgraded policies or non-acceptance of new technologies by the employees that might have resulted in data breach incidents.

Let us brainstorm the non-IT challenges that could stop organizations from an uninterrupted business process.

Obstacles from Non-IT Threats

The IT department in the organizations directly or indirectly face the non-IT challenges as a part of work culture. What has been observed from the trends, many organizations, especially from the public sector are challenged time and again by the workforce and administrative policies like allocation of budget on time, limited skill set and non-acceptance of challenges, resistance of  adoption of the right technology, reluctance to take ownership of new technology/ policy, confidentiality of the adoption of new technologies and more. These typical challenges elevate the IT risks to a new level and eventually it impacts the reputation of the organization.

• Non-Acceptance of New Technologies: Requirement-based adoption of new IT technologies is very often prevented by the workforce. Resistance to any kind of changes, even if it is required, is a fundamental human tendency and it plays a big role in preventing implementing new technologies. As a result, the IT security infrastructure lags behind and the vulnerabilities increase in no time.
• Limited Skill set: Many organizations face this quite frequently and commonly. Adoption of anything advanced and new completely depends on what kind of skilled IT personnels the organization has in its team. For instance, if an organization plans to adopt cloud infrastructure for maintenance of data, they need to adopt necessary security measures for the IaaS environment as well. However, if they do not have an adequate workforce with the necessary skill set, then technologically the organization falls behind. Eventually, the chances of cyber incidents aggravate.
• Reluctance to take Additional Responsibility/ Ownership of the New Technology: This is a highly common constraint faced by organizations globally. An individual or a team who is habituated to handle a predefined set of responsibilities, denies to take any additional task even if it is critically required from IT security perspective. Hence, it creates an obvious set back in implementation of new technologies in the organization and subsequent chances of cyber catastrophes. 
• Altercation among Employees due to Change of Roles: The changing dynamics in the IT landscape have increased access control challenges. As a result, there is a change in the roles and responsibilities of the employees. This alteration leads to friction among employees and hence there is resistance from the employees whenever any change is required. A candid and prolonged talk with the employees/ end-users delays in decision making and eventually the implementation is also delayed.
• Non-Availability of Resources: Adoption of any new technology requires additional resources to understand it, deploy it, and train the functionalities among the team. Hence, non-availability of the required resources forces the organization to either refrain from adoption or keep the decision of adoption on hold. As a result, even if the organization is aware of what to be done to improve their IT security measures, they can’t act fast enough. 
• Frequent Change of Management: If the governing bodies of an organization change frequently, then any kind of decision gets delayed. This is quite a common corporate challenge but it is critical for IT security. Change of person means change of mindset, altar of thought process and thus, the overall repercussions fall on the decisions. In case of adopting IT security measures, it heavily delays the process of adoption and eventually IT risks increase.
• Diversity of Nationalities: This is an occasional challenge for large MNCs. When the governing bodies have multiple people from multiple nationalities and industries, the decision making is affected. Different opinions about necessary IT security measures vary a lot as geography and area of experience results in too many options on the table. For instance, a person handling IT security in the BFSI or Telecom industry might not give the same level of importance to IT security compared to that of other industries. Eventually, the critical IT decisions get postponed repeatedly or at times go nowhere. 
• Outsourced IT Team: Many organizations count on Managed Service Providers (MSPs) or outsourced IT security teams to manage their overall IT infrastructure. As a result, any kind of alteration in the policy or any ad hoc requirement of IT security requires boardroom discussions or team meetings which at times delays the new technology adoption processes.

Conclusion

Organizations in the post-pandemic era have hastily embarked on advanced digital transformation to survive the cut-throat competition. The malefactors are continuously threatening them with evolving threats time and again. Every organization is ready to shield their digital assets from cyber criminals and thus counting on prompt adoption of new, relevant and adequate IT security measures. However, if the employees are reluctant to extend their helping hands on time, then the overall objectives of IT security is subdued.

If we look a couple of years back, the concept of Work From Home (WFH) was limited to freelancers and a few working professionals. Over the passage of time, the sudden pandemic brought massive changes in the  enterprise work culture. Due to biological security, many organizations asked their employees to stay at home and thus Work From Home (WFH) became a familiar term for full-time working professionals. 

Situations have improved and now employees are back to the office gradually. However, there has been hybridization between ‘working from home’ and ‘working from office’. According to exclusive and latest CNBC research, over 70% of global employees are presently working remotely at least once a week. As a result, organizations are modifying their IT infrastructure so that flexibility of location cannot create any hindrance among the workforce. This has given birth to a new model – Work From Anywhere (WFA).

Some Challenges

The top three objectives of any business organization (both MNC & SME) are: 

• Return on Investment (ROI)
• Higher Revenue
• Business Continuity

To ensure all the above in WFA conditions, organizations are revamping their IT environment, IT security policies, access management of critical data repositories and increasing the frequency of IT audits. Many organizations have considered this necessity as a challenge and banked on third-party service providers to ensure that there is no interruption in the business amid the pandemic. 

However, the circumference of IT risk expanded beyond assessment. Numerous threats have arised at the infrastructure level and hence, organizations necessitated the security of distributed workforce in multiple locations. Among all, the maximum risks lie with the ever-expanding number of privileged identities in the IT network periphery. In both remote and on-prem conditions, privileged accounts are the most vulnerable areas when it comes to data breach threats. Unrecognized third parties, external IT staff, and consultants break through privileged access, intrude on the privacy and compromise confidential business information and misuse it. The dominant threats in WFA conditions are majorly due to:

• Poor or inadequate access control policies that lead to ambiguity in all the accesses happening in the enterprise IT environment. Malicious actors reap the benefits of this vulnerability and compromise privileged accounts.
• Absence or inadequate end-user validation mechanism like multi-factor authentication fails to segregate authorized and genuine users from the suspicious ones who are accessing critical systems in the enterprise network time and again.
• Employees access business-critical applications and systems every day with ‘always-on’ privileges. Risks multiply if there is the absence of an access control framework based only on ‘need-to-know’ and ‘need-to-do’ policies. 

Best Solutions

Protecting data is always the top priority for any enterprise. While adequate security controls are a must round the clock, they are even more important as employees are working in hybrid work conditions. Thus, the challenge of safeguarding enterprise data has intensified. Apart from the basic IT security cautiousness as expected from the workforce, organizations always prefer an all-in-one solution that could address all the WFA challenges under one roof. 

ARCON being a global brand offers best-in-class and feature-rich Privileged Access Management (PAM) and Identity Access Management (IAM) solutions for both remote and on-prem conditions. The access control risks intensify if hundreds of privileged users access the critical databases, systems or applications at different hours for different purposes. Starting from user authorization, elevated access authentication, password vaulting, maintaining workflow matrix, monitoring every privileged session and robust identity governance, ARCON ensures that it safeguards the organizations’ IT landscape from prevailing cyber threats with the robust features of the solutions. Here is a brief overview of the necessary and relevant ones:

Conclusion

According to The Economic Times, almost 64% of organizations from IT, Telecom, Financial services, Utilities sector have agreed upon workplace flexibility policy worldwide. The pandemic is not yet over and thus organizations are not taking chances with their business continuity. Work From Anywhere (WFA) policy has indirectly upgraded organizations’ IT infrastructure to the next level so that business operations remain unaffected in any given situation. After all, it’s better to be safe than sorry!