The modern business landscape has witnessed a significant transformation - rapid digital transformation in recent years has opened doors for remote work like never before.
While remote work was an initial necessity at the height of the pandemic, employees are demonstrating continued inclination towards remote working conditions even in post-pandemic times.
On the flip side, employers too recognise that relying on non-employees, such as partners, contractors, freelancers, and other contingent labour, works in their favour.
In fact, this workforce trend has proven to be a strategic advantage for many enterprises, allowing them the flexibility to adapt to rapidly changing market conditions while having access to specialised skills on demand.
In Asia Pacific, 58% of employers were found to have turned to a contingent workforce to navigate resource constraints, and at least 25% plan to increase their non-employee workforce in the coming years.
However, while the business advantages are undeniable, this growing reliance on third-party labour has simultaneously introduced new security challenges and risks.
The rise of contingent work
Exacerbated by the urgency to plug resource gaps and tap skills in high demand, integration of non-employees into the workforce is rushed at times, thereby resulting in loose processes within access management and inadequately managed access permissions that can leave insider threats unnoticed.
It comes as no surprise then that enterprises continue to be vulnerable to insufficient third-party controls – 59% of respondents confirmed that they have experienced a data breach caused by one of their third parties, with 54% taking place in the past 12 months. This is especially worrying for enterprises in the APAC region which are already key targets for cyber attackers.
Especially for manpower-stripped critical sectors like the healthcare industry, contract workers are necessary to plug resource gaps, yet doing so can leave open entry points in the system for cyber attackers to exploit. In fact, healthcare records are frequently targeted because of the valuable patient data they possess, making the sector more susceptible to malicious cybercrime. Such data breaches not only compromise sensitive information but also have far-reaching consequences, including financial losses, reputational damage, and potential legal ramifications.
As a testament to the need for more comprehensive safeguards, Singapore just recently announced it will explore a new bill on better securing the sharing of patient information among various healthcare providers.
This accompanies several other cybersecurity regulations and guidelines introduced in recent years to improve security defences in similarly vulnerable sectors - such as the Monetary Authority of Singapore’s issuance of best practices to mitigate third-party risks in the financial services sector, in August last year.
However, as the post-pandemic world continues to take shape and a contingent workforce becomes more commonplace, regulations alone cannot be the only failsafe against cyber attackers. By implementing robust identity security measures and fostering a culture of vigilance against third-party vulnerabilities, organisations can mitigate risks and protect their valuable data and resources in an increasingly complex digital environment.
Focus on identity security and access management for non-employee identities
One of the key risks associated with non-employee labour is the potential for unauthorised access to sensitive data and systems.
With a larger pool of individuals requiring access to an organisation's resources, the likelihood of weak or compromised access credentials increases, creating potential entry points for cybercriminals seeking to exploit vulnerabilities in a company's security infrastructure.
To better address these challenges, organisations will need to have better visibility over the identities in their system across the entire distributed IT ecosystem, to grant or limit access as necessary. Ultimately, security breaches have especially far-extending consequences because of inadequate identity controls in place that are both unable to recognise illegitimate access attempts and restrict access based on employees’ roles.
Shoring up on identity security can therefore include implementing more stringent access controls to reduce the risk of unauthorised access, and granting access permissions to contract workers on a “need-to-know” basis only.
Such controls involve limiting access to specific systems, applications, and data necessary for a worker to complete their tasks, and enhancing security by requiring multiple forms of identification before granting access to critical resources.
Furthermore, organisations should also focus on regularly monitoring and reviewing access privileges, while also conducting thorough due diligence. Organisations should first assess the cybersecurity practices of potential contract workers and third-party service providers before granting access to their systems.
This process should look towards verifying that non-employee identities adhere to industry best practices and maintain a strong security posture. With additional background checks, security clearances, or certifications as part of the due diligence process, organisations can better protect themselves against breaches.
When combined with a reliable process for monitoring access activities, organisations can better detect potential security breaches and insider threats.
Strengthening businesses’ defence arsenal with AI/ML
However, consistently pushing towards the above solutions while relying on manual identity management methods alone can be challenging.
After all, non-employees are not the only identities businesses will have to manage. With a growing digital environment, organisations face the uphill task of managing an explosive growth of 14% more identities over the next 3 – 5 years.
In that regard, organisations will need more efficient and intelligent means of managing identities, such as by leveraging an identity security solution incorporating artificial intelligence (AI) and machine learning (ML) for advanced threat detection.
With AI and ML capabilities in their identity security solution, organisations can analyse vast amounts of data to detect patterns indicative of potential threats. Such solutions enable the intelligent automation of access permissions to ensure that contract workers only have access to the resources they require for their current roles and ensure access privileges are revoked promptly when no longer needed, such as when a contract ends, or a worker's role changes.
This consequently enables businesses to respond more quickly and effectively to emerging risks, helping to prevent data breaches and other security incidents.
Moving forward, it will only be through incorporating advanced, intelligent identity management and threat detection capabilities while continuously monitoring access activities, for organisations to be future-ready. After all, businesses can neither afford to forfeit their competitive advantage with contingent labour, nor security across their entire organisation as both will prove costly.
Therefore, businesses that are well-equipped for the threats that come with an evolving workforce will truly be able to build an organisation that is future-proof in all aspects - with the right employee and non-employee resources for new challenges, and adequate security defences to safeguard their success.