According to a recent Cisco report, the number of connected devices per person worldwide will rise 50% from 2.4 in 2018 to 3.6 by 2023. And, at the same time – as we all well know - the days of a government employee logging on just during traditional business hours, in one building, on one or two devices, is over.
People bring the “constantly connected” mindset from their personal lives, to work. This mindset forms the expectations that they will have the ability to access all the information they require – anywhere, anytime.
For government security teams, it’s a love-hate relationship. On the upside, there are huge productivity benefits. And new opportunities for insights with the data collected and shared. But, as the volume and the variety of connected devices increases, so do potential cyber vulnerabilities.
A survey during COVID-19 showed 43% of the professionals have admitted that they have made decisions that have had negative security impacts, while 47% of people have admitted to clicking on a phishing email. With staff undoubtedly using personal devices and cloud-based applications more than ever, the increasingly large list of endpoints could prove enticing to enterprising bad actors. So how can CIOs and CISOs manage these risks?
Security experts agree, the preferred method to achieve endpoint security is through Zero Trust, modernizing applications and services using the cloud and modern authentication systems. Using tools like multi-factor authentication, identify and access management, and “smart” endpoint protection, agencies are able to continuously identify and authenticate users and access levels across platforms, inside and outside the network. This implementation ensures employees have secure access to applications and resources regardless of their location.
Everyone also warns against making things too difficult for the end user – who will always find a way around a too-burdensome process. So it’s important to make sure the solution doesn’t just make things worse.
As today’s mobile workforce, and in turn, the associated potential cyber threats, continue to increase, agencies need to find ways to securely manage data and endpoints without inhibiting employee productivity. David Allen, state CISO with the Georgia Technology Authority (GTA), said that his agency has witnessed an undeniable uptick in interest from bad actors, “…so this has really just reinforced some of those good habits that we’ve been impressing upon our users.”
Then what steps should agencies take?
- Identify all connected devices to identify possible weaknesses and apply security controls and policies, incorporating appropriate Zero Trust techniques
- Patch endpoints regularly and implement exploit and malware prevention
- Take a proactive stance – incorporate lessons learned from the endpoint into the broader cyber security strategy