Over the past 18 months, there has been a significant shift in the workplace due to the Covid-19 pandemic. More people than ever before started working from home, with many organizations forced to manage a dispersed workforce. Although we are now seeing some workers return to offices, this will not be a blanket approach, with many people now preferring to split their time between their home office, and their company office.
This will have a large impact on how organizations, and their employees, must approach security, as the risk of cyberattacks on critical networks and devices are increasing. Workforces are now spread out across cities, countries, and continents, with home networks and individual devices the new de facto security perimeter for significant volumes of sensitive data. To protect against potential breaches, organizations must deploy a security-first approach.
The heightened risks of home working
Cyberattacks are the fastest growing crime globally according to the Official Annual Cybercrime Report from Cybersecurity Ventures, and with the large number of people working from home, it has never been more vital that home networks and devices are kept as secure as possible. The rise of the Internet of Things (IoT) means that workers are using a variety of devices on untrusted networks that are also connected to numerous other consumer gadgets in the home, many of which have a low security status. A connected home environment can open the door to cyberattacks, as one unprotected device could bring down the entire network.
To prevent hackers from using home working as an opportunity to compromise sensitive data, companies must shift their focus to a security-first approach and ensure secure systems are in place. It is no longer possible to keep all computers, devices and systems in one protected central office location, therefore security measures must be put in place that minimize the risks. Cybersecurity knowledge must be filtered down to employees, who in many cases unwittingly provide access to hackers due to methods such as phishing emails. In 2020, phishing attacks rose by a staggering 220 percent compared to the yearly average. By ensuring employees are educated and know what to look out for, the likelihood of enabling an attack is reduced and they can sound the alarm.
The need for trusted computing
While companies and employees do have a responsibility to protect their sensitive data, the buck stops with the developers and manufacturers of devices. To offer the highest level of protection, a security by design approach is required to ensure that a device remains protected throughout its entire lifecycle and plays its own role in safeguarding the entire network.
Trusted computing must be utilized to ensure a multi-layered security safeguard against the growing number of cyber threats. With trusted computing technologies, devices can ensure trustworthiness, device identity and security validity, while allowing a device to report its integrity and protect its own hardware and software. For example, the Trusted Platform Module (TPM) is a hardware-based root of trust which, when implemented, creates a secure way of being able to examine the authenticity and integrity of a device and its firmware.
Global technology standards and specifications play a critical role in the defence against cyberattacks, as they ensure organizations have the tools they require. Not every organisation is going to employ individuals with the expertise and knowledge that is necessary. Instead, standards and specifications can be followed, such as the TCG Device Identifier Composition Engine (DICE) architecture, to add additional levels of security.
A digital future
With working from home expected to long continue, and IoT connected devices on the rise, it is safe to say that cybersecurity must be high on the agenda for companies, employees, device developers and manufacturers alike. Companies must keep security at the forefront of their priorities to ensure that systems, software and backups are in place and kept updated for ultimate protection. They should also consider membership in a security industry body to allow for direct participation in understanding and defining security standards for the future security of devices and systems. Joining an organization of this nature, such as TCG, will also allow them to learn and understand how security standards can be implemented in their specific businesses. Learn more about how to join TCG and the membership levels that are available here.
It is critical that device developers and manufacturers operate with a security-first approach by following technology standards and specifications to ensure the trustworthiness of devices and increase security. Technology plays a vital role in ensuring device protection and safeguarding the ever-growing amount of data that is being generated, transferred and stored. With cyberattacks not expected to slow down any time soon, trusted computing must be utilized to prevent breaches and the reputational, legal, and financial consequences that they bring.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.