Navigating the ever-evolving cybersecurity landscape

Cyber threats are only growing in complexity and frequency, and cybersecurity teams at companies everywhere face a technology landscape that is changing constantly. The challenge? Keeping the organization’s data and systems secure without getting in the way of work or creating poor client and employee experiences.

Andrew Phillips, VP of Cloud and Product Operations for Progress, oversees cybersecurity and more for the ShareFile product. Here, he talks about some of the trends shaping cybersecurity, what organizations can do to improve their security posture, and how security doesn’t have to get in the way of usability.

How is artificial intelligence (AI) shaping cybersecurity?

Cybersecurity is being changed significantly by AI. We are powering security detection and alerting with AI, and vendors see the same from our partners in cloud and security. These tools and techniques have changed over the last three or four years, and the capabilities for identifying threats have matured from machine learning models into natural learning models.

From the other side ­­— the threat actors — we know they’re using AI tools, as well. ShareFile detects a lot of these behaviors, and that’s where the power of AI has helped us. We can watch and understand how the threat actors are changing their approaches so we can use AI to protect our customers’ data. But it’s a rapidly evolving space, and you’re seeing everything from threat actors using it for spam to using it to pretend to be a real person.

What can organizations do to mitigate insider threats, shrink their attack surfaces, and improve access control?

These are areas that every organization is looking to improve. You have to make sure the education and training are there for your staff, that you’re using the best possible ways for managing and securing ShareFile and our customers data, and that you have the right tools to support all of this. Encryption of data at rest and in transit is critical to helping make sure all your data is safe.

With access control, it’s important to make sure you’ve attached all the identities in your organization to a standard — a central identity system — that helps improve your overall security posture. That consistency across the organization is important, and it helps protect you from things like shadow IT, where people look for workarounds because what you’re asking them to do is getting in the way of their work.

Looking toward 2025, what can organizations do to best protect themselves?

The number one thing most cybersecurity professionals will tell you is that it’s not if, it’s when. And when it happens, have you done the work to protect your organization? Do you have the right cybersecurity hygiene? That includes everything from your desktop computers to your servers, making sure they’re patched and updated. That’s the easiest way for a threat actor to get into your systems — through a known exploit. So having a regular cadence for implementing patches is critical.

On top of that, it’s important that you have the right system isolations in place. I’ve seen environments where a single point of exposure — because of a lack of isolation — led to a spidering effect, where a threat actor gained full access to the organization’s systems. Your IT should be looking at how you separate those systems so they’re isolated in a way that protects the entire organization.

How does the responsibility of security go beyond the technical staff?

No matter what size your organization is, you have to build a culture of vigilance. You have to make sure all of your people know how to protect themselves and their organization. Think about your laptop. Does it turn off after so many minutes of inactivity? Imagine you’re at a coffee shop and you walk away from your laptop with it on. A bad actor could just plug in a USB device while you’re away and own all your internal knowledge.

Everyone doesn’t have to have technical expertise to keep the organization secure. They just need to know what steps they can take to protect the organization and why. Everyone needs to understand that your customers' data and your company's data are where all the value is. Whether it’s client tax records or corporate accounting data, it’s critical that everyone can keep that data secure. How is that data accessed? What permissions are attached to it? Do you have activity logs that let you see who accessed the information? At ShareFile, we’re focused on helping organizations of all sizes keep that valuable data secure.

Companies of all sizes, in all industries, are leading with cloud when it comes to protecting their systems and data. What are the benefits?

We live in a distributed work world, so having storage or an active directory controller on a corporate network, in an office, implies your employees are sitting at a desk in an office doing work. That’s just not the case anymore. So, the real power of the cloud is that you can use identity providers, configure permissions the way that best suits your organization, and give access to data and systems to your employees anywhere in the world. But all of that comes with a responsibility for the organization to build that culture of vigilance and, on a technical level, to understand how to configure their environments so they are secure.

And cloud is a real asset for smaller companies that might not have robust in-house IT support. They just need to make that upfront investment and understand how to configure the tools. If you’re using a SaaS product, your business doesn’t have to worry about patching and managing security updates. That’s their responsibility. Your responsibility as a business is to make sure you’re configuring it properly. You end up with a lower total cost of ownership over time, and you’re getting the benefits of a rapidly evolving product set.

How can organizations balance security and usability so protecting their data and systems doesn’t get in the way of work?

The nice thing is, this is an area that a lot of companies are investing in. They’re looking to make the experience as easy as possible for their customers and their customers’ clients. How can we secure our environment in a way that’s low friction? It can be as simple as allowing users to use whatever service they want to log in to their organization’s systems.

That enables us to know who they are, and they’re able to authenticate through a service we, as an organization, trust. And they don’t have to memorize another password. All sides are happy because employees have easy, secure access, and know access is limited to the right users, and we’re able to secure the product for our customer.

So, organizations should ask, do we have multiple ways to identify a user and to do it in a way that is low friction? Is all our data encrypted at rest and in transit? Do we have the controls to manage the lifecycle of our data? Do the products we use continue to evolve their security capabilities? Are they adding AI and ways of detecting threats and vulnerabilities? As they consider these questions, they should keep their users and how they work top of mind.

How can ShareFile help keep organizations and their data and systems secure?

ShareFile is great for managing data and the data lifecycle, and we’re heavily invested in improving the security posture for both our product and for our customers’ experience. We want people to be able to think about security at an organizational level, not document by document. Users should have access to the right data and documents, and that access should be managed in a way that makes it easy to provide a strong customer experience. At ShareFile, we’re looking at improving the entire work experience, and it’s exciting to see how we’re solving security challenges around that.

We want to give organizations and individual users the control and power to make the decisions that are best for their organization. And we’re working to make sure it’s not overwhelming so all employees — technical and nontechnical — feel empowered to protect their organization’s most valuable assets.

Get started with ShareFile

Security doesn’t have to get in the way of work. We’ve designed ShareFile to meet the unique needs of your organization so you can protect your data and collaborate seamlessly and securely with customers. Learn how ShareFile can help your organization protect its most valuable assets and work more effectively and efficiently.