Cyber criminals, cyberattacks and cybercrime are an unfortunate reality facing today’s digital enterprise. The relentless onslaught of cyberattacks that continue to plague organizations pose elevated risk of data leakage and data breaches that result in significant financial, operational, and reputational damage.
Today, workforce trends and challenges shaping the digital enterprise such as BYOD, the use of consumer-grade messaging apps and the shortage of cybersecurity professionals are increasing cybersecurity risks for organizations.
Bad actors are working overtime to exploit these trends and challenges, making cybercrime big business. According to a recent article which cited findings from a Statista Market Insights Survey through NordLayer, annual revenue from cybercrime reached approximately $8.15 trillion in 2023. The article put this into more context, noting that cybercrime annual revenue is 13 times the $638.78 billion Walmart earns annually.
Let’s take a closer look at how BYOD, continued use of consumer-grade messaging apps and the cybersecurity skills shortage are creating security vulnerabilities in enterprises today and what enterprises should do to help eliminate these vulnerabilities.
Adoption of BYOD
Bring your own device (BYOD) adoption in enterprises is not new but grew rapidly during the pandemic with the rise of remote work. Employee use of personal devices to get work done is commonplace today as many organizations continue to embrace remote and hybrid working post-pandemic.
Research by Lookout found that 92% of remote employees perform work tasks on their personal tablet or smartphone devices. While employees enjoy the convenience, flexibility and productivity of BYOD, the downside for organizations is an increased use of shadow IT, with the research noting that personal devices often have dozens of unsanctioned apps that threat actors use as avenues for their cyberattacks.
Installing unapproved software or accessing malicious websites on the personal devices employees use to perform work tasks elevates the risk of malware, phishing and other cyber threats which can compromise company networks and systems and lead to data leakage, theft,and loss.
As the adoption of BYOD increases the use of assets and apps outside the corporate domain, IT leaders are struggling to secure an IT environment that is ever more complex and ever more vulnerable to threat actors.
What enterprises should do
To combat the cyber risks introduced by BYOD, security leaders should establish and enforce BYOD policies that define acceptable use including what devices and apps are permissible. The policy should also outline the security protocols that must be followed such as creating strong passwords and enabling multi-factor authentication. Enterprises should also provide ongoing employee training which addresses BYOD best practices such as avoiding public Wi-Fi, staying away from using Shadow IT including unsecure messaging apps, and never leaving devices unattended.
Use of consumer-grade messaging apps
Collaboration and mobile messaging tools are foundational to the digital enterprise today, connecting distributed teams and allowing companies to operate more efficiently. That’s the good news. The bad news is that the use of the wrong tools can have dire consequences for the cybersecurity of organizations.
Consumer-grade messaging apps and unsecure collaboration tools are expanding the attack surface in enterprises, opening the door to bad actors who are increasingly targeting these apps and putting organizations at risk of data breaches and compliance violations. That’s a major risk for organizations across sectors and geographies covered by increasing data protection and compliance requirements.
When it comes to unsecure messaging tools, security leaders lack the visibility and control needed to ensure sensitive business information remains in the organization and not in the hands of cyber criminals.
What enterprises should do
As the digital enterprise evolves, organizations should adopt mobile messaging platforms designed to support the digital workplace without sacrificing data security or compliance.
Ensuring data security and compliance in business communication and collaboration is easy with today’s advanced mobile messaging platforms that are secure and compliant by default. That means when the tool is launched so too are the highest levels of security and IT control.
Cybersecurity skills shortage
As cyberattacks continue to escalate in frequency and severity, demand for cybersecurity professionals exceeds supply. Today, enterprises across industries are grappling with hiring enough cybersecurity talent to combat the rising level of threats. According to ISC2, the 2023 global cybersecurity workforce gap reached almost 4 million. The shortage of skilled cybersecurity professionals poses major risk for enterprises. Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents.
Emerging technologies such as artificial intelligence and growing adoption of cloud technologies are exacerbating this skills gap.
What enterprises should do
To address the cybersecurity skills shortage, enterprises should prioritize training and professional development programs designed to upskill and reskill their workforce.
Organizations should also reduce the complexity of their IT environments to help ease the security burden on IT teams. That means reigning in app sprawl and eliminating shadow IT – both of which create major security and compliance nightmares for IT teams.
To do this, enterprises should first take a look at the number of communication and collaboration solutions they are using. According to Enterprise Strategy Group (ESG) data, 44% of organizations have deployed six to 10 communications and collaboration platforms, while another 37% use between 11 and 20 platforms.
Enterprises can better support stretched thin IT teams by reducing the number of these apps and banning the use of shadow IT. Adopting an enterprise-grade, secure all-in-one mobile messaging platform allows security leaders to reduce cyber risk and protect the integrity and availability of enterprise networks and systems more easily and effectively.
As workforce trends continue to evolve so too will cybersecurity risks. Enterprises should mitigate these risks by adopting the right technology, establishing and enforcing security policies, and providing skills training.