Tim Femister

This article originally appeared in CIO Dive.

When employees were first sent to work from home, organizations scrambled to provide work-from-home software, devices, and infrastructure. As we transition to a new normal, it’s now important to reevaluate the initial infrastructure laid to support remote workers against a lasting, best-practice architecture. In the last entry, I shared the first three pillars for a thriving remote workforce. Let’s now explore the final three pillars.

Operating a remote workforce is no longer just a remote possibility. A work-from-home war is being quietly waged across many organizations throughout the country, as workers who were forced to quickly establish home office environments now wish to remain in their home rather than return to commuting to an office. This tipping point has deep and wide ramifications for organizations attempting to return to pre-COVID-19 productivity levels. 

We hear about major breaches taking place seemingly every day and in reality, new breaches are happening every minute—but what is it all worth? What are you worth to a hacker, and is it worth their effort? The answer to the latter question is an undeniable “Yes.” Monetarily, to an attacker, you (and your data) are worth every second and penny it takes to generate a successful intrusion.

This stat always hooks me: 91% of cyberattacks begin with spear phishing emails.

I’ll start by answering a question that immediately comes to mind: What, exactly, does multi-cloud mean? When we reference a multi-cloud environment, we’re talking about an organization that utilizes some combination of one or more public and/or private clouds to power their critical applications and workloads. For example, an organization may utilize Amazon Web Services (AWS) for its mainstream applications, Google Cloud for machine learning (ML)-centric workloads, and a private on-premises cloud for compliance-governed applications. Sound complicated? It is. 

What’s the difference between a data leak and a data breach? I think this is both a great question and an important distinction to understand in today’s climate, where instances of both are regularly making national headlines.

I often hear from folks that in general, small and medium-sized businesses lack a strategy and proper controls, but the big guys have it covered. Well, it might surprise you to learn that 30% of large enterprises state they still lack an overall information security strategy – and we’re talking huge, $25+ billion companies. Overall, 44% of enterprises report they lack a fundamental strategy. I’ll tell you from experience that most companies overestimate their cyber readiness, which means that the real numbers are likely much, much higher than the reported ones.

This blog is kicking off a series on a topic that many of you likely think about quite often: Why is it so hard to protect your organization’s information? This is a fair question, and one I’ve thought about often. To understand the answer, we’ll need to peel back a few layers and understand the root challenge.

Our national Cybersecurity Practice engages in thousands of customer conversations each year, and a few themes consistently emerge as primary concerns. The information security industry is plagued with confusion, complexity, and challenge, to the point that 30% of enterprises worth over $25 billion report that they do not have an overall information security strategy—and that number is substantially worse for the typical organization. Keep in mind that this simply refers to an information security strategy. It does not factor in the ability to implement that strategy, or whether the strategy is comprehensive or effective. Worse, most organizations overestimate their cyber preparedness, and factors like the global workforce shortage, security start-up sprawl, and cloud confusion are stymieing the effective implementation of information security strategies.