Skip to main content

Home is the new enterprise, and this comes with risks

Home is the new enterprise, and this comes with risks
(Image credit: Shutterstock / Askobol)

We are seeing our way of life change in ways that were almost unimaginable just months ago. Millions of people are now working from home, being forced to adapt and find new ways of completing their daily tasks. The workforce is anxious, scared, and stressed, and we are relying on IT like never before – what used to be a chat in the office is now a video call. Meetings are now virtual, and quick catch-ups are done over the phone.

About the author

Charles Eagan, Chief Technology Officer at BlackBerry.

Freed of the constraints of an office, each employee is creating their own unique approach to their job – employment is becoming less about when someone works, and more about what work they do. Employees are also using a mix of corporate-issued and personal devices to get their work done. 

Home is the new enterprise. And this comes with risks.

Frequent attack vectors

Take, for instance, one of the most frequent attack vectors: phishing emails. With an increasing number of employees logging in from home, phishing attacks and more advanced malware threats are being deployed by malicious actors at a rapidly growing pace. These actors realize that traditional security models – based on human input – are susceptible to attack during times of panic and high stress.

An employee might follow instructions in a phishing email not only because it looks authentic, but that it conveys some urgency (usually from a manager or someone else of importance). In cybersecurity terms, simple mistakes in the office can result in dire consequences: according to a recent survey of over 500 IT professionals in the financial services industry, a whopping 94% said that they lack confidence in the ability of employees, consultants, and partners to safeguard customer data.

To be fair, this isn’t the fault of employees, who are all too often (and unfairly) dubbed the weak link in a business’s efforts to prevent cyber-attacks. The security solutions that employees are provided with are often difficult to use, or even prohibitive to daily productivity. The inevitable result is well-intentioned workarounds that open up new vulnerabilities.

Security industry leadership

The security industry must charge forward with efforts to ensure cybersecurity for a remote workforce: each employee’s home environment must be protected at the same security level as the corporate office. Businesses must ensure a secure remote work solution that can accommodate different operating systems, and allows employees to securely access business apps, intranet, and corporate files. 

As the COVID-19 outbreak continues to limit the number of IT personnel and resources typically dedicated to cybersecurity, our research indicates that espionage activity will only grow, and attackers already have tools in place to take advantage of critical systems.

Cybersecurity is, at the best of times, a complex domain, with many unknowns and moving parts that could vary greatly from one organisation to another – and a geographically-dispersed workforce only complicates things further. This is where AI-based solutions can support the challenge in hugely helpful way: through the ability to learn and adapt, AI solutions can dynamically react and adjust to an organisation’s needs and risk profiles.

AI and automation

This is a far cry from the sensationalist sci-fi scenes of a robot takeover. Yes, AI can solve complex problems with a level of consistency and speed that’s unmatched by human intelligence. But it can’t replace human intelligence where it’s needed most: we must choose the right problems to solve. Once we identify that, we can start collecting the right data, designing the right solution, and creating the right process for our AI solutions to adapt, learn from feedback, and produce results.

Despite the constant talk of automation, the rise of the robots, and artificial intelligence taking over, this crisis has reminded us just how important people are – technology can only get us so far. No one has taken to their front step or balcony every Thursday evening to clap and cheer for technology. It’s the people that truly matter and inspire us.

AI is about empowering human intelligence. If we can use AI to do some of the heavy lifting of data security, we can give employees back some valuable time to focus more on what they do best: creative thinking, problem solving, running the business, and getting on with their own lives with their families. It’s times like these when AI can best support us.