Hybrid working is the flavor of the month. EY, Google, Facebook, KPMG, and plenty of others have announced their plans for hybrid working. But hybrid working can’t be the continuity of remote working as is – process, policy, cultural and technological developments are required to move from just surviving to thriving.

The pressure of delivery largely sits with the IT function; creating a secure and productive hybrid working environment while making sure it is easy to manage feels mutually exclusive, but is a primary driver of the adoption of Zero Trust Network Access solutions.

In this month’s Zero Trust Digest, we take a look at the Biden administration’s EO for the adoption of Zero Trust Architectures by federal agencies; an ISACA ransomware study, a Littler Mendelson survey delving into the foreseeable challenges of hybrid working, and the big announcement in May – Wandera joining Jamf.

Executive Order on Improving the Nation’s Cybersecurity

The Biden administration issued a cybersecurity executive order requiring federal agencies to develop an implementation plan for a Zero Trust Architecture (ZTA). Recent cybersecurity incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline attack are a reminder that organizations continue to face sophisticated cyber attacks and are symptomatic of insufficient cyber defenses.

The EO is a big step toward modernizing cybersecurity by improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur.

The EO will:

  • Remove barriers to threat information sharing between Government and the Private Sector
  • Modernize and implement stronger cybersecurity standards in the Federal Government
  • Improve software supply chain security
  • Establish a cybersecurity safety review board
  • Create a standard playbook for responding to cyber incidents
  • Improve detection of cybersecurity incidents on Federal Government networks
  • Improve investigative and remediation capabilities

You can read the full details of the EO here and the accompanying fact sheet here.

Biden Administration to adopt Zero Trust

ISACA Ransomware Survey

The global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84% of respondents believe ransomware attacks will become more prevalent in the second half of 2021.

The Colonial Pipeline attack caused massive disruptions to gasoline distribution in parts of the US last month but re-emphasized deficiencies in existing cybersecurity practices.

In the ISACA survey, four out of five survey respondents say they do not think their organization would pay the ransom if a ransomware attack hit their organization. Only 22% say a critical infrastructure organization should pay the ransom if attacked.

Among the survey’s other findings:

  • 85% say they think their organization is at least somewhat prepared for a ransomware attack, but just 32% say their organization is highly prepared
  • 46% consider ransomware to be the cyberthreat most likely to impact their organization in the next 12 months
  • Despite the clear risks from ransomware attacks, 38% of respondents say their company has not conducted any ransomware training for its staff

“The fact that more than 80% of organizations are more prepared for ransomware incidents now than they were during the 2017 attacks—and that so many will be taking new precautions after Colonial Pipeline—is wonderful news,” and “Open reporting of cyberattacks appears to be working, and in this transparency, we can expect to see newer threats mitigated earlier with faster response times.” said Dustin Brewer, the Senior Director of Emerging Technology and Innovation at ISACA.

ISACA recommends 10 steps companies can take to be better prepared, and prevent ransomware attacks:

  1. Understand risk profiles
  2. Realize data responsibilities
  3. Test for incoming phishing attacks
  4. Assess all cybersecurity roles on a regular, event controller basis
  5. Evaluate patches on a timely basis
  6. Perform regular policy reviews
  7. Leverage threat intelligence properly
  8. Protect end-user devices
  9. Communicate clearly with executive leadership and employees
  10. Comprehend organizational cybermaturity

You can read the ISACA announcement here.

The challenges of hybrid working

In Littler Mendelson’s Annual Employer Survey 2021 of 1,160 executives and in-house counsel found that only 4% believed their employees want to be back in the office, and 71% said most of their workers would prefer a hybrid model over full-time in-person work. However, 28% of those employers plan to have most employees return full time and in person, and 55% are planning to offer a hybrid model.

Hybrid working creates a unique set of challenges for businesses from scheduling and physical office changes to ensuring parity between the office and remote employees. This tracks with the 73% of respondents who expressed concern about workforce management issues that come with employees split between in-person and remote work.

On the regulatory front, most employers (81%) are concerned about the impact of changes to paid sick and family leave over the next year. Other top areas where respondents expect an impact from employment law-related changes include income equality measures (64%); inclusion, equity, and diversity considerations (55%); and healthcare (51%).

Additional findings from the survey include:

  • Addressing employee fatigue and well-being: Most respondents are worried about the pandemic’s lasting impact on employee mental health and well-being, with 52% moderately to extremely concerned. Many employers are also making strides to address issues of “crisis fatigue” and employee burnout, with 84% offering mental health services and 52% providing in-house well-being programming.
  • Designing the post-pandemic workplace: 55% are redesigning their office layouts or considering doing so and 31% say the same of office hoteling – whereby employees reserve desks for the day to help companies save space and facilitate flexible work schedules. While 27% are focused on reducing the size of their office space, only 2% are looking to relocate operations out of cities or densely populated areas.
  • Navigating workplace transformation: COVID-19 accelerated the digital workplace and employers are taking the necessary steps to modernize their infrastructure to support a modern employee experience. 49% are developing internal training programs for current employees; 24% are hiring more employees with strong technology skills, and 22% are conducting an analysis to identify needed skill sets to guide talent planning and job training.
  • Managing a global workforce: Respondents from large companies (with more than 10,000 employees) identified a range of concerns in operating or doing business outside of the US. Several pandemic-related challenges rose to the top of respondents’ list, including pandemic-related travel restrictions (56%), COVID-19-related workplace safety rules (40%), and managing remote workers who telecommute from abroad (31%). However, even with the pandemic’s unprecedented disruption to global workforce management, the longstanding challenge of data privacy issues and protecting confidential information across borders emerged as the primary concern for 60% of respondents.

hybrid working

Wandera to join Jamf, the standard in Apple Enterprise Management

Jamf, the standard in Apple Enterprise Management, today announced it signed a definitive agreement to acquire Wandera, a leader in Zero Trust cloud security and access for mobile devices.

As an Apple-first provider of unified cloud security, Wandera expands Jamf’s security offering for the enterprise. Building on Jamf’s existing capabilities, Wandera adds Zero Trust Network Access (ZTNA), Mobile Threat Defense and Data Policy features to ensure mobile workers can simply and safely access the network resources they need while complying with organizational policies and reducing mobile charges. This acquisition uniquely positions Jamf to help IT and security teams confidently protect the devices, data and applications used by a mobile workforce, while extending the intended Apple experience through the most robust and scalable Apple Enterprise Management platform in the market.

Read the full press release here.

Previous Zero Trust Digest’s