Cybersecurity at home is the topic of this Wireless Wednesday Exclusive. Rick is joined by : Charles Henderson, Global Partner and Head of X-Force Red, IBM.
Henderson is Global Managing Partner and Head of IBM X-Force Red: He runs IBM’s global security testing practice called X-Force Red. With several decades in the industry, he’s is a trusted hacker that looks for ways to protect organizations before the bad guys break in. He has a keen interest in social engineering, hardware and software hacking including IoT devices, point of sale and ATM hacking and is constantly looking for flaws and conducting research. X-Force Red’s clients range from the largest on the Fortune lists to small and midsized companies interested in improving their security posture.
Have a listen and watch:
IBM Security recently released findings from a study focused on the behaviors and security risks of those new to working from home during the COVID-19 pandemic. The study shows more than 80% of respondents either rarely worked from home or not at all prior to the pandemic, and in turn, more than half are now doing so with no new security policies to help guide them. The shift to work from home has exposed new security risks and left nearly 50% of those employees worried about impending cyber threats in their new office settings.
Now that more than half of the U.S. population is working from home, and a large percentage is expected to continue through 2020, companies are playing catch up as they attempt to manage the security risks of rushed remote work models. Business activities that were once conducted in protected office environments, and monitored under specific policies, have now quickly transitioned to new, less secure territory. For example, customer service agents who worked in closely managed call centers are now managing sensitive customer data at home.
The rapid shift to work from home has also changed the ways many organizations do business from moving face to face meetings to video conferencing calls, to adding new collaboration tools – yet the survey showed many employees are lacking guidance, direction and policies. Sponsored by IBM Security and conducted by Morning Consult, the IBM Security Work from Home Survey is comprised of responses from more than 2,000 Americans newly working remotely. Key findings include:
Confident, Yet Unprepared: 93% of those newly working from home are confident in their company’s ability to keep PII secure while working remotely, yet 52% are using their personal laptops for work – often with no new tools to secure it, and 45% haven’t received any new training.
Lacking PII Guidelines: More than half have not been provided with new guidelines on how to handle PII while working from home, despite more than 42% newly being required to do so as consumers lean on customer service representatives for a variety of services.
Personal (Unprotected) Devices in Use: More than 50% of new work from home employees are using their own personal computers for business use, however 61% also say their employer hasn't provided tools to properly secure those devices.
Passwords Lacking Protection: 66% have not been provided with new password management guidelines, which could be why 35% are still reusing passwords for business accounts.
For more information about the survey results, or IBM’s X-Force Red team, please visit: ibm.com/security
What do the IBM Security survey results show? Why is the cybersecurity of remote workers a problem for businesses? What can they do to support their teams? How can individuals and employees protect themselves? Where can viewers go for more information?
Charles is also an enthusiastic member of the information security community and an advocate of vulnerability research. He has been a featured speaker at various conferences (including Black Hat, DEFCON, RSA, SOURCE, OWASP AppSec USA and Europe, and SXSW) around the world on various subjects relating to security testing and incident response. He has also appeared on or in CBS Evening News, CNN, BBC, The Wall Street Journal, Forbes, USA Today, The Register, SC Magazine, Engadget, eWeek, Reuters, Car & Driver, and various other media outlets.