With today\u2019s connected world, no organization or individual is immune to cyber threats. Cyber adversaries are seeking ways to profit from multiple sectors \u2013 financial, healthcare, state and local governments, educational institutions, insurance organizations, non-profit groups, among others. And, the weakest link is often the initial target to gain access.<\/p>\n
Merely being connected causes risk. It\u2019s your responsibility, and those you connect with, to be \u201ccyber aware\u201d and understand how personal online activities \u2013 emails, social networks, online shopping, etc. \u2013 can crossover to impact professional accounts and even corporate networks. While there\u2019s no way to predict a bad actor\u2019s next move, we do know that people are the first line of defense, and they can significantly help prevent an attempted attack from becoming a successful one. For instance, according to Verizon\u2019s 2022 Data Breach Investigation Report<\/a>, 82% of breaches involved a human element in 2022, whether due to the use of stolen credentials, phishing, misuse or simply an error.<\/p>\n As Cybersecurity Awareness Month 2022 comes to a close, Palo Alto Networks looks back on a month of educational events hosted for its customers, partners, community and employees. As we continue to focus on our vision of a world where each day is safer and more secure than the one before, it\u2019s key that everyone understands the holistic impact they have on their own security and others', given the interconnectedness we experience in our daily lives. This is especially true as corporate perimeters continue to fade, and work can be done from any location on multiple devices.<\/p>\n Here are a few tips for organizations as they think through their cybersecurity approach, whether they\u2019re focusing on prevention, protection or recovery.<\/p>\n According to Gartner\u2019s report of Top Network Practices to Support Hybrid Work<\/a>, 75% of workers will continue to split their time between home and the traditional office by 2026. This is only down from 77% at the peak of the pandemic in 2021, emphasizing that strong cyber posture will continue to be foundational in supporting workers as they choose where and how they want to work.<\/p>\n To minimize risk against threat groups and actors that are better funded and more sophisticated than ever before, adopting a platform approach to security is key for organizations as it helps identify initial indicators, such as changes in the attack surface, and allows for accountability of those behaviors. Possible tools that can support this approach: always-on security with threat prevention, URL filtering, malware analysis, DNS security and enhanced security controls for remote collaboration. Additionally, adopting a Zero Trust approach to security is a necessity and requires eliminating implicit trust, recognizing the way we trust and work with our machines, as well as how we\u2019re using them in our personal and professional life.<\/p>\n Cloud adoption has accelerated, yet cloud security practices typically haven\u2019t kept pace. In fact, recent Unit 42 research<\/a> indicates that 65% of known cloud security incidents were due to misconfigurations and nearly all (99%) of the evaluated organizations lacked proper identity and access management (IAM) policy controls to remain secure.<\/p>\n The cloud provides a way to achieve speed and scale, but it can also open up the potential of new cyber threats, which haven\u2019t existed before and are not addressed by default in the shared security model cloud offers. So, you have to ensure proper controls, but what does that entail? In a multicloud setting, it\u2019s essential to bolster visibility with detection and response capabilities, threat intelligence, next-generation virtual firewalls and secure access for mobile and remote users. Also, in order to sustain the growth of cloud-native services, it\u2019s crucial to implement cloud policy and governance, container security and cloud micro-segmentation.<\/p>\n We\u2019re all familiar with the shift-left concept of software development (also known as security by design), in which security is injected as early as possible into the software delivery process. Intrinsic, built-in security protections are vital to scaling businesses and supporting the evolving workplace. When you build secure applications from the start, it not only enables lower risk and greater agility, but also allows for a more efficient price point.<\/p>\n Technology gives us the capability to build customized solutions to fit the specific needs of our ecosystems or value chains. Being able to orchestrate use of APIs, containers, DevSecOps, microservices and infrastructure as code (IaC) to respond quickly to business needs is key. Done correctly, applying security and removing implicit trust enables a solid foundation of Zero Trust and security by design. This helps foster a secure environment that\u2019s no longer bound to the limitations of off-the-shelf tools. With a more customizable approach, organizations can truly differentiate their employee and customer experience.<\/p>\n Although there are various ways to set up flexible work, a secure centralized platform is optimal for expanding applications around employee choice and engagement. Work is no longer just a place, but a shared mission where global workforces engage at various times and locations, communicating over different platforms. This dynamic, compounded with how interconnected we are, emphasizes the need to have a security strategy and framework that supports being flexible, as well as responsibly providing choice within your workforce.<\/p>\n At Palo Alto Networks, for example, we created FLEXWORK<\/a> to drive employee choice in everything, from location preference and benefits, to individualized learning and collaboration spaces. We\u2019ve placed emphasis on providing a user experience with baked-in simplicity and personalization. Giving employees an incredibly easy way to choose where they want to work and ensuring equal access to ongoing opportunities for development and growth.<\/p>\n The pandemic helped influence many of us into a new way of thinking about work; one that is less about the office and employer mandates, and more about the best ways to support, secure and empower employees. Central to these rising expectations are flexibility and trust. But, we must remember it\u2019s just as important to ensure our cybersecurity protection techniques are evolving just the same.<\/p>\n Change isn\u2019t slowing down in workplace technology or in our daily lives. Hybrid work is here to stay; the cloud is here to stay; and modernization is happening. The all-important role that cybersecurity plays in our society is being prioritized more than ever before, and for good reason. This is the environment that we must continue to embrace and improve as we look towards a more secure future.<\/p>\n<\/a>#1: Security at Home and in the Office Needs To Be First<\/h3>\n
<\/a>#2: \u201cSecure\u201d Cloud Adoption<\/h3>\n
<\/a>#3: Keep Shifting Left<\/h3>\n
<\/a>#4: Consider Customized Solutions<\/h3>\n
<\/a>#5: Empowering Employees from Anywhere<\/h3>\n
<\/a>We Continue to Progress<\/h2>\n