Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

After COVID: Cyber and the Coming Remote Work Revolution

The remote work reality shared by millions of Americans during COVID-19 is here to stay. Some experts estimate that the number of full-time employees working from home will expand 733% over pre-pandemic figures by the end of next year⁠—permanently.  This exponential growth will likely continue as increasing numbers of employees come to see remote work as a highly desirable working arrangement. Unfortunately, cybercriminals are keenly aware of this trend and are adjusting their tactics accordingly.

This whitepaper, best viewed in Google Chrome, describes the cybersecurity implications of the coming remote work revolution from a people-focused perspective. Based on extensive Willis Towers Watson research, it highlights four aspects of employee experience that, if deficient, increase the likelihood that an organization will experience a breach:

  • Lack of customer focus: Employees in breached companies report less emphasis on the customer, slower responsiveness to customer needs, and fewer proactive efforts to gather and act on customer feedback. 
  • Poor adaptability: Employees in breached companies report their companies lack both speed and flexibility when it comes to decision-making and managing teams. 
  • Low empowerment: Employees in breached companies report lower favorable scores when it comes to empowering staff through communication, respect, and support for teamwork.
  • Inadequate training and compensation: Employees in breached companies report less adequate training for the work they do⁠—specifically, less opportunity to upskill and advance in role⁠—and a need to better align pay with performance.

The paper offers concrete recommendations about how organizations can address each of these challenge areas today in order to advance robust cyber risk cultures that make them safer.  Notably, the recommendations go beyond more traditional “zero trust” approaches that typically involve employee risk assessment, least privilege access controls, and continuous monitoring.  They instead focus on practical human capital strategies that managers can adopt to change remote (and on-site) employee cyber attitudes and behaviors for the better. 

Zero trust and cyber-enhancing human capital strategies naturally complement each other and should be pursued together.  To implement both effectively, organizations must forge greater collaboration among CSO, CISO, CRO, and HR leaderseach of whom has an important employee engagement role to play. 

What’s the bottom line? As the remote work phenomenon accelerates, organizations that get the human element of their cyber risk management efforts “right” will benefit profoundly when it comes to enhanced security, cyber insurance placement, legal defense, and business growth in the months and years ahead.  The ideas outlined in the whitepaper provide a solid starting point for advancing risk culture in a broadened and critical way.

 

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Tom Finan, Willis Towers Watson
Tom Finan, Willis Towers Watson
Tom Finan is the cyber growth leader at Willis Towers Watson.

Related Posts

Innovations in R&D: How AI Is Transforming Industrial Cybersecurity Operations

Industrial control systems are becoming more complex as evolved cyberattacks threaten industry functions....
Devin Partida Nov 15, 2024 7:00:00 AM

In Conversation with Authors of ISAGCA White Paper on Zero Trust and ISA/IEC 62443

The ISA Global Cybersecurity Alliance (ISAGCA) recently published a white paper exploring the application...
Kara Phelps Nov 8, 2024 12:00:00 PM

Webinar: Zero Trust Outcomes Using ISA/IEC 62443 Standards

The ISA Global Cybersecurity Alliance (ISAGCA) held a webinar on 24 October 2024 to provide insights into...
Kara Phelps Nov 1, 2024 12:00:00 PM