SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Maintaining secure systems with expectations of flexible work
Fri, 20th May 2022
FYI, this story is more than a year old

Across New Zealand, there has been a significant shift in employee expectations when it comes to flexible working. Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon. With the world opening up and thousands of Kiwis packing their bags to head offshore, there has been a noticeable shift in the employee/employer power dynamic.

For better or worse, businesses are now doing all they can to retain and attract employees. Flexible working is close to the top of any potential employee's wishlist, and firms are increasingly utilising this option to attract talent to their company - as well as motivate current employees.

But there is a catch. Flexible working and the remote access needs that come with it present an inherent risk that Kiwi businesses can't ignore.

As we discover the realities of what this new hybrid model looks like, businesses need to consider ways to maintain a suitable security posture. With flexible working, role changes and new employees, businesses need to implement the right security models to keep their identity secure and warn off any cyber-attacks.

So how do businesses provide this high level of flexibility while ensuring their data is secure and protected from breaches and the ever-increasing threat of cyber-attacks?

For a start, a head-in-the-sand 'she'll be right' attitude that's present in many businesses needs to be kicked to the kerb. It might look good in tourism brochures, but on the world stage, New Zealand's relaxed attitude means businesses and institutions located in the country are seen as soft targets by hackers and nefarious organisations.

One of New Zealand's biggest cyber-attacks in 2021 was The Reserve Bank data breach, where attackers accessed a third-party file sharing service comprising sensitive information, both commercially and personally. This attack shows just how vulnerable we are – no matter the organisation's size. 
 
This attack isn't a one-off. Cyber risk will continue to be one of the biggest challenges facing public and private enterprises. Hence, government funding for packages that close the transformation gaps and increase resiliency in the country are welcomed. With an evolving threat landscape, including New Zealand businesses exposed as cyber targets, organisations need increasing support to effectively build a security foundation grounded in identity.

Increasing numbers of Kiwi businesses and organisations are turning to cloud-based systems to address the needs of flexible working arrangements, often with a great deal of success. The inaugural State of New Zealand Cloud Transformation report found that 82% of New Zealand organisations view the cloud as highly important to their strategy and growth. Adopting cloud services and their benefits can be transformative to organisations, especially when it comes to enabling easier, flexible working.

With many business leaders seeing cloud systems as a key growth and employee productivity driver, it's essential that they understand the value of emerging technologies, such as AI and machine learning (ML) and how to implement them across business strategies.

Digital transformation and the explosion of accounts into cloud computing have also resulted in high cyber threats and data issues - making accounts potential vulnerabilities for attacks. Some of the biggest threats, especially for larger enterprises, is that there are now thousands to millions of human and nonhuman identities accessing critical business information. One of the most common breaches is a worker's identity - with cybercriminals stealing employees' digital identities and impersonating them.

Security risks are high irrespective of where employees sit in the world - at home or in the office. This internal risk is why having a strong system in place is integral. Businesses need the right solutions-based system that can protect all identities and accounts by providing access to the right person based on their role and responsibility, regardless of location, while also innovating to ensure it's ahead of any risk changes.

Investing in an identity security solution that aligns with the needs of the modern enterprise is no longer a choice and is more in reach than most might think. SaaS-delivered applications have transformed how organisations consume capability that delivers value while drastically reducing the typical entry point compared to on-premise or hosted legacy solutions. Like all digital transformation initiatives, assess identity security that is built on modern architecture principles that truly make the complexity of identity simple.

To help advance the future of work and meet employee expectations around flexibility, businesses must continually re-evaluate their systems and processes to meet the new hybrid work model and ensure they continue to evolve with cyber threats.

Embracing and preparing for the hybrid working model will enable businesses to be in a strong position to draw in new talent, protect identities and keep up with the rapid pace of digital adoption.