Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

After COVID: Cyber and the Coming Remote Work Revolution

The remote work reality shared by millions of Americans during COVID-19 is here to stay. Some experts estimate that the number of full-time employees working from home will expand 733% over pre-pandemic figures by the end of next year⁠—permanently.  This exponential growth will likely continue as increasing numbers of employees come to see remote work as a highly desirable working arrangement. Unfortunately, cybercriminals are keenly aware of this trend and are adjusting their tactics accordingly.

This whitepaper, best viewed in Google Chrome, describes the cybersecurity implications of the coming remote work revolution from a people-focused perspective. Based on extensive Willis Towers Watson research, it highlights four aspects of employee experience that, if deficient, increase the likelihood that an organization will experience a breach:

  • Lack of customer focus: Employees in breached companies report less emphasis on the customer, slower responsiveness to customer needs, and fewer proactive efforts to gather and act on customer feedback. 
  • Poor adaptability: Employees in breached companies report their companies lack both speed and flexibility when it comes to decision-making and managing teams. 
  • Low empowerment: Employees in breached companies report lower favorable scores when it comes to empowering staff through communication, respect, and support for teamwork.
  • Inadequate training and compensation: Employees in breached companies report less adequate training for the work they do⁠—specifically, less opportunity to upskill and advance in role⁠—and a need to better align pay with performance.

The paper offers concrete recommendations about how organizations can address each of these challenge areas today in order to advance robust cyber risk cultures that make them safer.  Notably, the recommendations go beyond more traditional “zero trust” approaches that typically involve employee risk assessment, least privilege access controls, and continuous monitoring.  They instead focus on practical human capital strategies that managers can adopt to change remote (and on-site) employee cyber attitudes and behaviors for the better. 

Zero trust and cyber-enhancing human capital strategies naturally complement each other and should be pursued together.  To implement both effectively, organizations must forge greater collaboration among CSO, CISO, CRO, and HR leaderseach of whom has an important employee engagement role to play. 

What’s the bottom line? As the remote work phenomenon accelerates, organizations that get the human element of their cyber risk management efforts “right” will benefit profoundly when it comes to enhanced security, cyber insurance placement, legal defense, and business growth in the months and years ahead.  The ideas outlined in the whitepaper provide a solid starting point for advancing risk culture in a broadened and critical way.

 

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Tom Finan, Willis Towers Watson
Tom Finan, Willis Towers Watson
Tom Finan is the cyber growth leader at Willis Towers Watson.

Related Posts

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM

Practical Insights for Implementing Control System Security

Introduction In this blog post, we’ll share practical insights from operational experience in managing cy...
Pinakin Gokhale Nov 29, 2024 7:00:00 AM