1. The role of cybersecurity in
accelerating your digital business
A Frost and Sullivan white paper
Commissioned by Dimension Data and Cisco
Securing
workspaces for
tomorrow

2. The need to transform to the
workspaces for tomorrow
Table of
contents
Cybersecurity – your future
workspace enabler and accelerator
Key elements for
office transformation
The last word
Examining risks in the
workspaces for tomorrow
04
07
11
17
19
Securing workspaces for tomorrow | Table of contents
02

3. 03
As enterprises increasingly aspire to
create future workspaces and harness
the benefits of a mobile workforce that
leverage cloud platforms, there’s a
greater need than ever to implement
appropriate measures to secure data,
infrastructures, applications, and users
wherever they may reside.

4. Securing workspaces for tomorrow | The need to transform to the workspaces for tomorrow
The need to transform
to the workspaces
for tomorrow
Technology, globalisation, and social media are key
factors shaping the future of work. ‘Disruption’ is the
new buzzword in the market as we increasingly see
new business models, new products, new services,
and new delivery models evolve and change the
face of industry forever.
As a result, enterprises are under greater pressure than ever to foster
innovation to gain a competitive advantage in the face of a dynamic
and turbulent marketplace. They need to break the silos and provide
mechanisms to bring together teams, once separated by structure,
hierarchy, and geography, to spur innovation and boost productivity.
Technology is at the core of the workspaces for tomorrow as
enterprises strive to transform into digital businesses by
seamlessly converging mobility, collaboration, business,
and strategy to drive growth.
Mobility is an important trend in the workspaces for tomorrow.
Employees today demand a more mobile workplace, with the
flexibility to work from anywhere, any time and on any device to
become more productive while achieving work-life balance. There
is a sharp increase in telecommuting, with staff working from home
or virtual offices, and freelance employment. In fact, technology is
enabling employees to adopt a more proactive role in managing
their careers. A recent ADP Research Institute study shows that
‘82% of respondents globally will define their own work schedules.’1
Already, close to 80% of knowledge workers globally work remotely
at least one day per week. By 2020, up to 1.55 billion workers will
be responsible for work that does not confine them to a desk.2
Enterprises that are not adapting to the changing expectations
and failing to offer a flexible, autonomous and creative work
environment risk difficulties in attracting and retaining
next-generation talent. Many organisations are also viewing
workplace mobility as an opportunity to reduce overhead costs
while improving employee engagement and motivation.
With a forecast of over 80 billion connected devices in use globally
by 20252
, we are on the brink of a connected user revolution that is
set to transform the way we live, work, and interact. The proliferation
of online and social media is leading to the emergence of well-
informed and knowledgeable customers who increasingly demand
a personalised experience every time they interact with the brand.
Social media is giving users the platform to voice their opinions
about any experience throughout the customer lifecycle, raising
customer expectations. In fact, 20% of customers surveyed expect
brands to respond within an hour through social media.2
The definitions and expectations
of work are undergoing
tremendous change, as the
growing mobile and social
networking usage is changing
the how, when, and where
people consume, contribute
and share information.
- Frost & Sullivan
04
1
Forbes.com, ‘For Employees, Workplace Technology Stirs Up Both Angst And Exuberance’, June 29, 2016, 2
Frost & Sullivan Survey and Analysis

5. The rapidly evolving trends continue to redefine the business
priorities of modern organisations while meeting employee
expectations and customers’ changing behaviour and demands.
Amid this dynamic market scenario, enterprises are focusing
on revamping the underlying denominator influencing all these
elements – the ‘workspace’ – to enable business transformation.
Technology giants like Google, Samsung, and LinkedIn are leading
the way, by setting examples of evolving workspaces for tomorrow.
The user is the primary disruptive force in future workspaces with
designs revolving around increasing spatial productivity, enhancing
worker well-being, fostering better communication, and enabling
easier collaboration both internally and externally across different
roles, teams, offices, time zones, and locations. Escalating office
space costs are also stimulating greater use of on-demand models
and online marketplaces, while co-working spaces continue
providing collaboration opportunities.
Source: Frost & Sullivan research and analysis
Now that technology allows us to work anywhere, on any
device, work is something people do – not just a place to
which they go. This shift demands that businesses manage and
operate so that they can attract the right people, retain them,
and ensure they can do their best work. New ways to improve
business productivity, flexibility, and agility are no longer just
nice to have: they are essential for the modern workplace.
- Harvard Business Review
Modern organisations
agile
innovative
productive
cost savings
Needs of customers
demanding
socially conscious
knowledgeable
Preference of workers
work-life balance
autonomy
flexibility
Nature of work
Securing workspaces for tomorrow | The need to transform to the workspaces for tomorrow
0305

6. Securing workspaces for tomorrow | The need to transform to the workspaces for tomorrow
06
Source: BBC News, ‘Flexible working rights extended to all’, June 30, 2014 | Government of Canada, ‘Flexible Work Arrangements: A Discussion Paper’ May 2016 | ABC.net.au, ‘NSW public service promises flexible work hours by 2019’ Mar 8, 2016 | The Fiscal Times, ‘How
Obamacare Is Fueling the Gig Economy’ May 3, 2016 | Business Wire, ‘Flexibility a Must for Employers Wanting to Attract, Retain Valued Workers’ July 14, 2016 | Harvard Business Review, ‘Workspaces That Move People’ Oct 2014 | Forbes, ‘Japan Turns To Telework To
Expand A Diminished Workforce’ July 21, 2016 | European Trade Union Institute, ‘Belgium: the government proposes greater flexibility in working time’ Apr 13, 2016
US
Nearly three-quarters of companies
said that they would contract with more
freelancers this year because
of Obamacare.
Regus survey - 56% of American workers
would turn down a job where flexibility
was not offered
Singapore
More that 6 out of 10
employees in Singapore
feel their home or home
office would be the ideal
place to work.
Middle East
In a RICS survey of over
500 Middle East employees,
75% said they needed
more flexibility in their
working environment to
be more productive.
UK
Every employee now has
the right to request flexible
working hours after the
government extended the right
previously reserved
for carers and those
looking after children.
Belgium
Government is drafting reform of statutory
working time to support flexible working.
Canada
According to a 2012 Rogers
Communications and Harris/
Decima survey:
- 44% of full-time employed
Canadians are able to
work remotely
- 70% of full-time millennial workers
would be more satisfied in their jobs if
they could work remotely using cloud.
Australia
NSW public service promises
flexible work hours by 2019.
Japan
Prime Minister Shinzo Abe has
been encouraging companies to
support telecommute to overcome
shrinking workforce challenge.
Worldwide emerging trends for new workplaces
According to Frost & Sullivan, future workspaces will enable employees to work effectively and efficiently from anywhere, have access to any application or data anytime, using any device or network. The highly
connected and converged workspaces will not only drive innovation and productivity, but help reduce operational expenses for organisations as well. For example, connected technologies of future workspaces
could be equipped with the capabilities to analyse a worker’s daily plan and assign an appropriate working area in a dedicated office space, optimising office space utilisation. This concept is potentially exportable
to alternative office spaces, so that instead of leasing one central office in the long term, firms could lease desks in a variety of work centres, circulating employees according to daily or weekly tasks while improving
spatial flexibility and scalability. The list of possibilities and benefits are enormous, with organisations just starting to realise the full potential of workspace transformation.

7. 0307
Securing workspaces for tomorrow | The key elements for workspace transformation
The key elements for
workspace transformation
Enterprises focusing on developing the workspaces for tomorrow need to adopt a multi-dimensional strategy across various components including end users
from different generations; multiple devices; new enterprise communications and collaboration applications; Internet of things (IoT) enabled environment;
diverse locations and networks. These developments could blur the line between the personal or professional identity for users, further challenging the tasks of
CIOs in keeping the enterprise secure.
Environment
Advanced sensors, wireless,
building energy management
systems, smart HVAC
Applications
Virtual reality, holographic
telepresence, augmented
reality, enterprise applications,
social network, email,
collaboration applications
Users
Millenials, Gen X,
Gen Z
Emerging
Technologies
Robotics, artificial
intelligence, IoT
Devices
Smart watch, smartphone, laptop,
desktop, tablet, camera, head
mounted display
Nature of work
As companies increase the focus
on developing the workspaces
for tomorrow, it would
require them to have a multi-
dimensional strategy across
various components including the
users from different generations,
variety of devices, new enterprise
communication and collaboration

8. Securing workspaces for tomorrow | The key elements for workspace transformation
08
Devices
The mobile age is fully upon us, as smartphones increasingly
become a necessity than a luxury. The consumerisation of
IT coupled with mobile connectivity is changing the devices
marketplace, and driving the growth of the Internet of things (IoT).
The rise of wearables including smartwatches, wristbands, and
smart glasses depict how networked the world is becoming. An
average user today utilises 4 devices per day, predicted to increase
to five connected devices per user by 2020.3
Rapid developments
in the devices space not only impact the lives of users, but also
significantly influence the way businesses operate, paving the way
for new revenue streams, boosting workplace efficiencies, and
improving interactions with customers. A recent study of workers
in the US and UK showed that wearables use increases productivity
by 8.5%, and job satisfaction by 3.5%.3
IT departments, traditionally responsible for devices purchased by
the enterprise (such as desktops, laptops, office mobile and fixed
phones), are now incorporating new-age devices in their enterprise
ecosystem. While IoT offers immense opportunities for businesses to
streamline operations and interact with customers, it is not without
its challenges. It is vital for organisations to invest in the right
platforms, solutions and services to simplify and support the user
experience to achieve business goals. The overall wearables market
is forecast to surpass USD 50 billion in revenue and 220 million units
shipped by 2020.3
Smart watches and wristbands are projected
to continue leading the total wearables market; however, smart
glasses are poised for the highest growth rate in enterprise adoption,
comprising 49.4% of the enterprise wearables market in 2018.3
Users
The global workforce is anticipated to reach approximately 3.85
billion people by 2025, with Generation X accounting for over one-
fourth of the labour pool and Millennials almost half.4
The Millennials
are different from earlier generations as they have grown up with
broadband, smartphones, laptops and social media. These users
are tech-savvy and early adopters of new technology devices and
applications; their affinity to the digital world makes them expect
instant access to information from anywhere. They do not prefer
rigid corporate structures and a siloed approach. Instead, they
demand a corporate culture that is entirely different from anything
in the past; one that is flexible and offers work-life integration giving
them personal space. As they start to dominate the workforce
globally, organisations will need to adapt to their work style, to
attract the next-generation talent and retain them. The Bureau of
National Affairs estimates that US businesses lose up to USD 11
billion annually due to employee turnover.5
Deloitte’s Millennial
Survey 2016 stated that when financial benefits are removed from
the equation, work-life balance is the most important criteria for
evaluating job opportunity.6
Organisations need to review their entire corporate structure and
culture. As data connectivity improves, employees are likely to
want the option of choosing their place of work (e.g. remote, part-
time, independent, or dispersed). Organisations should be able
to embrace this new workspace to save on travel time and costs,
offer flexibility to employees, improve team engagements and
collaboration, and foster a better working environment.
Environment
The emergence of smart cities, smart buildings, and smart homes
serve to improve sustainability and address consumer demand for
connected products to solve everyday problems. Enterprises are
investing in smart buildings to optimise operational cost and risk,
improve employee wellbeing, support innovation, and productivity.
As IoT implementations gain ground, with an expected 80 billion
connected devices in use by 2025, smart office spaces are poised to
become the technological norm.4
Smart technologies are already
transforming the way users interact with buildings and each other, like
The Edge, Deloitte’s new state-of-the-art office in Netherlands. The
building is equipped with a massive network of over 40,000 sensors
enabling the garage to recognise vehicles automatically, open gates
and guide employees to parking spots; the office app can assign desks
to employees based on their daily schedules and seating preferences,
also allowing for changing the lighting and heating.
Commercial real estate companies are investing in design and
technology upgrades to stay competitive with new builds. With
investments meant to last up to 50 years, large corporate campuses
could be designed in line with the preferences, needs, and behaviours
of tomorrow’s workforce. The upcoming commercial structures
could be equipped with smart systems including smart lighting,
HVAC, air quality, and security systems to save energy, predict
system failures, and allow remote monitoring. While collating and
analysing the data generated from these systems remain a challenge,
organisations could increasingly leverage these insights for efficient
office space and energy management. Cisco has deployed its smart
workplace solutions globally, leading to higher operational efficiency
and space utilisation saving over USD 60 million in capex.7
As of
April 2014, 192 projects have also applied for the ‘Living Building
Challenge’ certifications that provide the most advanced measure of
sustainability in the built environment. Of the projects applying for
this holistic standard, 57% are mixed-use structures and 8%
are commercial buildings, covering a total of 3.45 million square
feet of space.4
Advances in automation also continue to change various aspects
of the modern workspaces, homes, city infrastructure and smart
buildings, expanding the role of the CIOs to include facilities
management and integration. Gaining relevant insights from the
sheer volume of data generated from these smart workspaces are key
priorities for IT departments in enhancing employee experience while
controlling costs and boosting productivity.
The mobile age is fully upon
us, as smartphones
increasingly become more
of a necessity than a luxury.
3
Frost & Sullivan Survey and Analysis, 4
Frost & Sullivan Survey and Analysis, 5
Forbes.com, ‘Why Are So Many Employees Disengaged?’ Jan 18, 2013, 6
The Deloitte Millennial Survey 2016, 7
Cisco Case Study

9. 0309
Securing workspaces for tomorrow | The key elements for workspace transformation
Applications
As teams become more global and dispersed in nature, efficient
collaboration is set to become a business priority in improving
productivity. Enhanced telepresence and video conferencing
solutions continue to drive virtual co-location trends, enabling
better teaming. Many leading enterprises and government bodies
including Volvo, NASA, and Case Western Reserve University
already deploy some of these futuristic technologies. Enterprises
globally are increasingly investing in communication and
collaboration applications (e.g. unified messaging, real-time
conferencing, data sharing) placing pressure on IT teams to
offer user experience on par with consumer-grade applications
for driving adoption. Employees utilising their personal apps
to collaborate with team members could also present further
challenges for IT teams to manage and secure enterprise
data and systems.
According to a Frost & Sullivan survey in the US, employees are
most likely to use social media (60%), consumer telephony (49%),
and conferencing (47%) for business purposes on their personal
devices.8
A report from Nimble Storage and Oxford Economics
also found that 77% of Millennials felt ‘sub-optimal application
performance’ affected their productivity and ‘personal best’.
Around 50% of Millennials said they ceased using an application
because it was slow, while 78% ‘occasionally or consistently
experienced delays’ with business software.9
Globally, 697.4 million
users are expected to collaborate via enterprise social networking
by 2020.8
In North America alone, 72% of enterprises currently
use internal social networking software.8
IT teams would need to
support these collaboration and communication applications for
efficient and effective teaming.
Emerging technologies
The evolution and expansion of IoT into almost every domain
continue to produce more data streams. This necessitates high-
speed data processing, analytics and shorter response times to
leverage the data. Enterprises striving to achieve these goals in
the current cloud-based model could face some challenges.
However, the rise of fog computing architecture that extends the
cloud to the network edge is enabling better decision-making and
actionable insights to happen at the edge device itself. Enterprises
increasing their focus on big data would be able to transform
both structured and unstructured data into actionable forecasts,
using predictive analytics.
Improvements in artificial intelligence (AI) capabilities, robotics,
machine learning, natural language processing and cognitive
computing are driving the next level of productivity improvements
by creating powerful tools for work applications. These
technologies offer enormous potential to use data science to
improve business processes starting from onboarding new team
members, organising workflow to communicating about work
performance. Other advances include blockchain that promises
to revolutionise the finance sector and other aspects of the digital
economy and virtual reality that is changing the way construction,
marketing, training, education, and recruitment sectors
operate. Solutions providers are anticipated to cluster around
emerging anchor platforms, while adopters increasingly demand
interoperability with existing solutions and updates. By 2025, the
number of industrial robots in operation worldwide could top 5
million units.8
That stated, the current low robot density rates in
many countries signal new opportunities for growth.
Improvements in artificial
intelligence capabilities,
robotics, machine learning,
natural language processing
and cognitive computing
are driving the next level of
productivity improvements
by creating powerful tools
for work applications.
8
Frost & Sullivan Analysis, 9
CIO.com ‘Millennials are shaking up workplace communication’ Jun 13, 2016

10. Securing workspaces for tomorrow | The key elements for workspace transformation
Examining the current and future workspaces – changes to endpoints and the potential cyber threats they bring
Mobile device attacks
Mobile devices increasingly have access to control
a lot more devices other than just corporate data.
Malicious apps could infiltrate these devices to gain
access to data and manipulate the systems.
Working without security
Mobile workers, contract employees, external
contractors that work remotely do not have access to
the enterprise grade security when working remotely,
exposing themselves to potential breaches
Possible consequences
• loss of intellectual property
• penalties to be paid to authorities
• potential lawsuits
• reputational loss
• distrust of consumers and partners
• loss of careers for key executives
• inaccurate, low-quality data analysis
• safety of automated systems
• productivity loss
• mental stress to workers
• dissatisfaction with services and
customer churn
Cyber attacks of the future
Cyber criminals constantly aim to exploit the vulnerabilities
of new Internet-enabled devices for malicious purposes.
From causing possible physical harm in manipulating
driverless cars to stealing intellectual property on unsecured
devices, the possibilities are endless.
Manipulating cyber-physical systems
Shutting down electrical and water systems, manipulating
the automated entry and exit systems as well as
unauthorised entry could endanger the safety of workers.
Attacks focus on cloud platforms
Cyber attackers work on attacking cloud
applications to gain access on user credentials,
and confidential data that resides in them
Unsecured wireless LTE networks
Cyber attackers explore flaws and vulnerabilities
in network infrastructures, thereby gaining access
to perform man-in-the-middle attacks, perform
espionage or as a step in gaining privilege access
into enterprises
Past and present
Offices that employ traditional technology
for applications, storage, and networking
face challenges in meeting employee
needs for agility and mobility in the
workspaces for tomorrow.
The future
Legacy signature-based anti-virus that
is incompetent in protecting advanced
persistent threats delivered by social
engineered attacks.
Employees are bound to strict 9 to 5
timeframes in the office, working from
home policies do not exist and not
allowed to bring their own devices.
Humanoid robots taking on mundane tasks within the
workspace; for example, robots staffing hotel reception
to register guests while storing their confidential
information on databases of customers and internal staff.
The workspace for tomorrow will demand the use of cloud-based infrastructures and platforms to provide the required agility, collaboration and availability needed in the
new workspace. Endpoints are shifting to new perimeters, devices and platforms.
A mobile sales force that needs access to CRM and
corporate data anytime, anywhere without the need
to be in the office, saves on rentals and allows the
workspace to be more agile.
Companies striving to improve work-life balance by
facilitating the ability of employees to work remotely.
The flexibility has been shown to increase employee
retention by up to 25%.
Driverless cars allowing an always
on-the-go sales force where the
office can reside in a mobile space,
working on computing devices even
while commuting.
New product developments, engineering,
gaming and infrastructure designs using
augmented reality, with intellectual
property (IP) residing in visor platforms.
Wearables assisting in multiple
areas such as authentication and
automated ergonomics.
Virtual meeting spaces and the use of
holograms becoming commoditised
and a reality in meetings.
Employees continuing to use personal productivity
applications on their mobile devices beyond
enterprise-approved applications.
Internet of things (IoT) enabling smart
lighting systems and building systems
management in the workspace.
On-premise network security
On-premise data
centres and corporate
developed applications
10
High performance WIFI networks and 5G LTE
connectivity becoming imperative in supporting both
in-office and mobile workforce demands.
Workloads and collaboration tools moving to
SaaS and IaaS in the public cloud enabling
a sustainable and scalable platform where
applications and services can be provisioned
any time for any worker.

11. 0311
Examining risks when designing
the workspace for tomorrow
Thoughtful workspace design focuses on
characteristics that promote health and safety
for workers while enhancing overall productivity.
The factors are assessed according to physical
environment risks, be it the quality of air,
slipperiness of the floor, and the clear space
furniture, fixtures, and fitting needs to avoid
potential hazards.
However, as shown in the earlier illustration, workspaces for the future
are likely to have a vast number of devices linked to the Internet and
connect to cyber-physical systems, opening up corporate systems
to more users – and multiplying opportunities for a cyber attack.
Hence, it is imperative for companies to adopt a proactive cyber risk
management strategy to safeguard their most critical assets.
The problem is not limited to
cybersecurity-specific roles, or
even the broader category of IT
roles. An organisation’s greatest
vulnerability remains its own
workforce, so even if all needed
cybersecurity roles were filled,
the enterprise would still be
open to exploitation.
- Center For Internet Security
Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
Health risks
Lighting, air quality,
heat and cold, cleanliness
and staff welfare
Cyber risks
Confidentiality, integrity,
and availability of data in
the workspace
Safety risks
Entry and exit, housekeeping,
work areas, floors,
and surfaces, workstations

12. Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
Cyber risks and the potential consequences for the future workspace
As enterprises increasingly aspire to create future workspaces and harness the benefits of a mobile workforce that leverage cloud platforms, there is a greater need than ever to implement appropriate measures to
secure data, infrastructures, applications and users wherever they may reside. The devices, environment, applications, emerging technologies all connect to the Internet, potentially opening up avenues for cyber
criminals to exploit the vulnerabilities of the new workspace. The table below lists the possible consequences, as reflected by recent cyber attacks on enterprises.
Cyber risks Cyber attack scenarios Potential implications for business and workspace
Data loss/leak
(Confidentiality)
Cyber attackers stealing data to expose online
or sell on the dark web.
Threats to disclose sensitive data of individuals.
Loss of intellectual property
Penalties to be paid to authorities
Mental stress to workers
Potential lawsuits
Reputational loss
Distrust of consumers and partners
Loss of careers for key executives
Data manipulation
(Integrity)
Cyber attackers altering data in digital assets,
such as in a file or defacing a website.
Manipulating controls of cyber-physical systems.
Reputational loss
Inaccurate, low-quality data analysis
Denial of power and water services in the workspace
Safety of automated entry and exit systems
Data denial
(Availability)
Ransomware encrypting files, rendering them inaccessible
unless the ransom is paid.
Denial of Service attacks preventing access to online data.
Productivity loss
Inability to perform business tasks
Mental stress to workers
Cyber extortion losses
Dissatisfaction with services and customer churn
Disruption to business operations while on the move is one serious consequence of cyber attacks on the mobile workforce. These end users are usually more vulnerable to attacks as they access the Internet on the
go and may not have the same level of security as within the office perimeter. For example, a sales representative could unknowingly access a malicious link using an unsecured wireless network resulting in the
download of ransomware encrypting his files hours before a client presentation. It is, therefore, essential for organisations to consider the right prevention tools to ensure their employees are well protected working
within the office or remotely.
12

13. Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
Venturing into cyber workspaces and risks of social networking
Professional social networking platforms such as LinkedIn have gained substantial traction in the past years, allowing individuals to connect,
interact, discuss and share useful insights on topics related to their work. Today, a considerable number of workers spend their time
networking and developing online professional relationships in these cyber workspaces. LinkedIn reported a subscriber base of 450 million
members in 2014, translating to a growth of 138%.10
The chart above measures the interest levels of users worldwide based on Google searches for ‘LinkedIn Spam’ using a technique by the
Department of ICT, the University of A Coruña, to indicate the amount of spam received by LinkedIn subscribers.11
The growing popularity
of the platform is attracting an increase of attackers viewing LinkedIn as a new and effective attacking ground. In the past two years, there
has been a growing number of fraudulent LinkedIn accounts impersonating as a professional or recruiter to reach out to senior executives,
leading the victim to click or open a malicious file.
Social networking sites also pose an additional risk of divulging sensitive personal information of workers, such as birthdates, the company
they work for, and email addresses, which can be used by the cyber criminal to perform reconnaissance in the process of launching a
targeted phishing attack. The sites can expose users to cyber bullying or cyber stalking, adversely affecting employee morale and making
them potential victims of online harassment. Social media can also serve as a platform to highlight possible insider threats – such as
disgruntled employees sharing links on the platform from a cloud file-sharing site, such as Dropbox that generally stores classified
corporate information.
Interest over time - Searches for 'LinkedIn Spam'
Social networking sites also
pose an additional risk of
divulging sensitive personal
information of workers, such
as birthdates, the company
they work for, and email
addresses, which can be
used by the cyber criminal to
perform reconnaissance in the
process of launching a targeted
phishing attack.
Motivations to attack
– easy and high returns
Unlike the past, cyber attacks today can be done easily using ready-
made attacking kits or ‘as-a-service’ option. With the emergence of
distributed denial of service (DDoS)-for-hire services, the barriers
to entry for an attacker are non-existent with the possibility to
anonymously attack a target they desire for a small cost. Ransom-
DDoS campaigns have been hugely successful as a ‘viable business’
– where attackers first create fear by sending an email threatening
the victim with a DDoS attack unless a ransom is paid. Attackers
are also developing techniques that specifically target businesses,
resulting in the risk of downtime and consumers not being able to
access online services. Likewise, their employees who depend on
online systems will not be able to conduct critical tasks. Another
popular technique is ransomware; threat researchers have seen
a 3,500% increase in the criminal use of net infrastructure to run
ransomware campaigns.12
There are more than 120 separate families
of ransomware, posing significant inconvenience and productivity
loss to employees who are unable to access their files unless they
pay the ransom.
0313
100
60
20
80
40
0
2014/07/06
2014/11/06
2014/09/06
2015/01/06
2015/09/06
2015/05/06
2016/01/06
2015/03/06
2015/11/06
2015/07/06
2016/03/06
2016/05/06
2014/08/06
2014/12/06
2014/10/06
2015/02/06
2015/10/06
2015/06/06
2016/02/06
2015/04/06
2015/12/06
2015/08/06
2016/04/06
2016/06/06
10
‘SEC Filings’, Investors.Linkedin.com, 11
‘Detecting LinkedIn Spammers and its Spam Nets’ International Journal of Advanced Computer Science and Applications (IJACSA), 2013
12
www.bbc.com, ‘”Alarming” rise in ransomware tracked’ June 7, 2016

14. Threats when devices go ‘off-premise’
A functional mobile workforce allows employees to access corporate applications and data from anywhere, be it working in the headquarters
or branch office, co-located with another office tenant, on-site at a client’s premises, at home or while traveling. While the mobile endpoint
is a potential game changer for businesses, it exposes mobile workers to security risks and vulnerabilities, as they are not protected by
enterprise-grade security. What’s more, companies are increasingly permitting personal devices or bring your own device (BYOD) into the
workplace, raising the risk of data leakage due to the lack of control or visibility into personal devices, or access to the business network
if the device is lost or stolen.
Smartphones and tablets used extensively by staff on-the-go pose inherent risks that are different from office-based PCs. Both Apple’s
App Store and Google Play are always on the lookout for malicious apps and work diligently to remove them from their online stores.
However, it is inevitable that some infected apps could still slip through the security screening process and infect mobile devices.
Cloud platforms emerging as the new gold mine
Many have described data as the new ‘gold’ in the digital economy enabling organisations to gain valuable insights for a competitive
advantage. Exfiltration of data using sophisticated techniques may shift from secure internal enterprise networks to cloud platforms as
companies leverage cloud offerings, especially public could services, for work collaboration, storage of files or to deliver anytime, anywhere
unified communications. Cyber criminals could target software-as-a-service (SaaS) platforms to obtain the information they need, and if
data in transmission to the cloud is intercepted or residing in the cloud without proper encryption, it becomes an instant gold mine in
waiting for its discoverers.
For example, business chat application provider, Slack, achieving a user base of 500,000 in its first year, experienced a cyber attack on
its central database in 2015, compromising user profile information such as login usernames, passwords, and other personal data such
as phone numbers and Skype IDs.14
With the information, a cyber criminal could potentially log into users’ accounts to access sensitive
corporate data residing in their chats within Slack, containing confidential details about intellectual property and sensitive press releases.
As future workspaces could potentially use cloud-based collaboration tools like Slack, it is important to be aware of the possible attacks
to these platforms and the proper security measures to mitigate these threats.
Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
Cyber attacks are mostly undetectable,
exploiting encryption and commonly
used files
Cyber attacks are no longer as simple as an odd-looking executable
file that one can quickly judge as being malicious and detectable by
standard anti-virus software. Malicious traffic these days is transferred
mostly through encrypted protocols such as HTTPs, which stay
undetected through a firewall or intrusion prevention system (IPS)
that is unable to inspect encrypted traffic. Recent threat research
has identified a growing number of malware using transport layer
security (TLS) to perform their attacks. Between September 2015 and
March 2016, there was a fivefold increase in HTTPS traffic employing
malicious ad-injectors or adware techniques.13
The rise highlights
ongoing and future attack methods on office users using security
protocols to mask and work in stealth targeting enterprises that fail
to upgrade their security tools to perform deep packet inspection on
corporate Internet traffic.
Malicious codes are also carefully scripted into legitimate-looking
files such as Word and PDF documents that can detonate malware
onto the victim’s device at any time. One likely scenario is where a HR
professional opens a Word or PDF document submitted as a resume,
but in fact has malware written in it, which exploits the vulnerability of
the operating system it is sitting on. This could lead to the launch of a
malware attack such as ransomware. Workspaces for the future need
to employ smart security tools to detect such sophisticated attacks to
determine if the file is benign or harmful to the workplace.
Social networking sites also pose
an additional risk of divulging
sensitive personal information
of workers, such as birthdates,
the company they work for,
and email addresses
350K
250K
150K
50K
0K
APR AUG DEC 2016 APRJUN OCT FEB
300K
113,753
108,618
303,808
298,863
200K
100K
Ad Injectors HTTPS HTTPS
Amountoftraffic(webrequests)
14
Source: Cisco security research
13
Cisco 2016 Midyear Cybersecurity Report, 14
www.pcworld.com, ‘Slack hacked, compromising users’ profile data’ Mar 27, 2015

15. Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
End users identified as the weakest link
Cyber attackers continue to innovate and create more advanced
malware and code injection/intrusion techniques. The widespread
usage of social media in recent years is enabling threat actors to
perform reconnaissance on their intended targets to create phishing
attacks to increase their success rate, or simply craft an email to
request a wire transfer to their bank accounts. Nearly 54% of security
professionals worldwide view phishing/social engineering as one of
the two most common threat techniques experienced15
, highlighting
the fact that while security tools are essential, it may not block all
attacks. Greater vigilance towards such attacks needs to be
exercised by the users themselves.
Social engineering attacks are not only becoming common, but
also more sophisticated as attackers innovate new techniques
other than phishing attacks that are designed to fool the victim into
carrying out a task, such as clicking on an email link activating a
drive-by download of malware. New methods involve ‘pharming’
that redirects clicks on websites to fraudulent sites; ‘vishing’
where a scam artist attempts to use voice calls to obtain personal
information; and ‘smishing’ which tries to do the same using SMS,
exploiting the fact that smartphones are able to access the Internet
the moment the user clicks on a malicious link in a text message,
and unlike email, there are no SMS spam filters.
We have observed the tendency for attackers to launch phishing
attacks on employees working in less robust security infrastructures
and amassing large amounts of consumer data, such as the retail
sector. In 2015, spear phishing attacks accounted for approximately
17% of overall incident response engagements, in which there was
a 12% rise in attacks towards retailers worldwide, overtaking the
finance sector which was previously the highest.16
Recent business email compromise attacks
Business email compromise (BEC) attacks targeting high-level executives are increasingly successful with cyber criminals posing as someone
of high seniority in the organisation such the CEO, and sending an email requesting the accounts payable to wire transfers to a bank account
belonging to the attacker.
The FBI estimated that previously organisations that fall victim to BEC attacks lost between USD 25,000 and USD 75,000 on average based
on the cases reported; however, within the span of the past two years and five months, the total loss has accumulated to USD 2.3 billion.17
Some have incurred substantially higher losses in BEC attacks, such as toy manufacturer, Mattel, that lost USD 3 million. In some cases,
it has even resulted in the loss of careers; the CEO of Austrian aerospace parts maker, FACC, was fired after a BEC attack hit the company,
losing USD 47 million.18
Recent business email compromise attacks
Retail
Education
Government
Business and professional services
Technology
Energy utilities
0% 10% 20% 25%5% 15%
Finance
Manufacturing
Gaming entertainment
15
15
The 2015 (ISC)2 Global Information Security Workforce Study, 16
NTT Group, 2016 Global Threat Intelligence Report, 17
www.fbi.gov, ‘FBI Warns of Dramatic Increase in Business E-Mail Scams’ Apr 4, 2016,
18
www.reuters.com, ‘Austria’s FACC, hit by cyber fraud, fires CEO’ May 25, 2016

16. … And the creator of internal
threats with shadow IT
It is important to understand where critical data resides
and the applications employees use as companies today
leverage cloud platforms and embrace BYOD. Smartphones
and tablets are installed with applications employees use as
their productivity tools that may or may not be sanctioned
by the organisation, for example, note-taking using Evernote
or using LastPass to manage passwords. BYOD could take
on a new meaning as ‘Bring Your Own Danger’ where mobile
applications used to store confidential data may not have
enterprise-grade security controls over them. For example,
in 2015, password manager LastPass, announced that
email addresses and encrypted master passwords were
compromised due to a data breach.19
Another example of how employees turned out to be
internal threats was the recent breach of Dropbox. In the
incident, it was surmised that a Dropbox employee had re-
used a password used on another site, which was possibly
discovered by cyber attackers who used it to log into his/
her account. The Dropbox employee’s files apparently
contained a project document containing 70 million email
accounts used for login purposes.20
The case reflects the
critical need to establish proper security protocols and
educate employees on cybersecurity best practices; and not
rely solely on security technologies to serve as an adequate
preventive measure.
Securing workspaces for tomorrow | Examining risks when designing the workspace for tomorrow
Smart offices: IoT brings the
Internet of threats
The IoT-enabled workspaces for the future deliver a degree of
control and customisation not achievable in the past. The office
environment is seeing a greater use of CCTVs as well as smart
devices for door locks to lighting with users controlling them via
smartphones and smart hubs. However, these smart devices and
their hubs may be more susceptible to cyber attacks as they are
typically designed with only basic security features.
Smartphone-enabled smart locks for entry and exit areas in
workspaces are gaining popularity to lock and unlock doors without
the use of keys. While it provides a convenient way of physical
security, some have been found to be vulnerable to simple hacking
tools. In fact, 75% of smart locks can be easily hacked to unlock
at will, according to two researchers who tested 16 different smart
locks at a major hacker convention in 2016.21
Besides smart locks, future workplaces may also consider smart
lighting that can be controlled using a smartphone to provide
customisation in terms of colour and brightness. However,
vulnerability researchers have managed to hack into such smart
light bulbs, obtaining the usernames and password of the wireless
network. This was accomplished using readily available equipment
to impersonate as a new bulb joining the network where the
smart bulbs had to share credentials among each other when
authenticating to the network.22
The growing demand for sustainable, healthy, energy-efficient
work environments is leading many buildings to deploy smart
building management systems (BMSs). The integration of numerous
operational functions connected to the Internet to remotely perform
configurations or monitoring delivers many benefits. However,
these systems may not be designed with adequate cybersecurity
practices such as network security and patching, and hence, are a
potential point of attack. For instance, security researchers were able
to detect vulnerabilities in the BMS at the Google Australia building.
The system was not patched for vulnerability, and they could access
a control panel screen showing blueprints of the floor, water pipes,
indication of water temperatures, and buttons to access controls
such as ‘active overrides’ and ‘BMS Key’.23
Water, lighting, heating,
and security are essential functions for offices. Any breach of the
systems could result in severe and costly consequences. Therefore, it
is imperative for IoT on operational technologies (OT) used in future
workspaces to be well guarded against potential cyber attacks.
Need for security by design in the
workspaces for tomorrow
Cybersecurity addresses the confidentiality, integrity, and availability
of data residing either within the enterprise perimeters or at the
edge where employees want to work and on devices they choose
to utilise. It is vital for organisations to view cybersecurity as a key
enabler towards workspace transformation, as every initiative will
go digital presenting cyber attackers opportunities to infiltrate the
new environment filled with many entry points as well as unsecured
devices and applications. Some of these applications could be
hosted in the public cloud an enterprise does not own, involving
even tougher challenges in mitigating the threats towards them.
In the new digital workspaces, companies need to future-proof
cybersecurity mechanisms, as highlighted in the next chapter.
16
19
www.time.com, ‘Cybersecurity Firm LastPass Hacked; User Data Stolen’ June 16, 2015, 20
www.businessinsider.com, ‘Hackers stole almost 70 million customer passwords from Dropbox after an employee reused a password’ Aug 31, 2016,
21
www.cnet.com, ‘Have a smart lock? Yeah, it can probably be hacked’ August 9, 2016,22
www.bbc.com, ‘Smart LED light bulbs leak Wi-Fi passwords’ July 8 2014, 23
www.wired.com, ‘Researchers hack building control system at Google Australia office’ June 5, 2013

17. Securing workspaces for tomorrow | Cybersecurity – your future workplace enabler and accelerator
Cybersecurity – your future
workplace enabler and accelerator
Along with continuous
lateral monitoring across
enterprise networks with
user, device, and application
awareness, the solution
accelerates incident
response, improves forensic
investigations and reduces
enterprise risk.
The following section presents next-generation
cybersecurity controls and practices to consider in
combating both existing and future cyber threats.
In essence, it is building up a smart defence against
smart attacks in the workspaces for tomorrow.
Blocking threats through context-aware
security analytics
Context-aware security analytics can be used to quickly detect a
broad range of advanced attacks such as volumetric DDoS, zero-
day malware, and insider threats. Along with continuous lateral
monitoring across enterprise networks with user, device and
application awareness, the solution accelerates incident response,
improves forensic investigations and reduces enterprise risk. The
implementation of intelligent sensors on the network routers enables
constant monitoring of entire branch networks without compromising
system performance. The integration of threat detection and
mitigation into the sensors serve as a gatekeeper with automated
policies in place to block the access of malicious threats at the router.
Enterprises are able to gain centralised visibility of incoming threats
from the actionable data collected through the intelligent sensors.
Enabling mobility and extending
defence at the DNS by harnessing the
power of cloud
Security protection can be extended to the domain name system
(DNS) with additional features such as phishing or botnets
protection and content filtering. A cloud-delivered network security
service provides protection to any device that connects to the
enterprise’s network. Predictive cybersecurity intelligence with live
graphs of global DNS requests and relevant information safeguard
the enterprise from attackers and provide a level of prediction on
possible future attacks.
Security protection should also cover an off-VPN environment to
block potential threats such as malware, phishing or advanced
persistent threats over any Internet port. This ensures that every
Internet activity that bypasses the enterprise parameter is fully
monitored. Off-network blind spots are eliminated with security
protection at the DNS layer while providing greater visibility to
the organisation.
Source: Cisco
Threats blocked - Over any port
Malware | Phishing | C2 callbacks
Roaming
laptop
Main
office
Security service
Cisco Umbrella
On-network
security
Off-network security
Internet
VPN off
Umbrella active
Perimeter
security
Cisco NGFW
17

18. 18
Securing BYOD solutions
A BYOD policy needs to be well designed to enable secure
mobility and separation between work and non-work data or
applications. For example, certain security features such as
password locks, identification, and authorisation or security
application are required to be activated on the devices.
BYOD security tools employing different levels of data-centric
encryption and information protection need to be placed
according to the employee hierarchy to unlock the full value of
the new secured BYOD culture. The strong defence and seamless
network experience can be achieved by employing wireless LAN
controllers and access points in the office that are versatile and
reliable, coupled with a lightweight secure mobility client that
provides secured remote access and a robust identity services
engine that enables the IT administrator to control all access
points through the network in one place.
Offering signature-less detection and
response against advanced attacks
Cyber attackers research heavily about prevention technologies
and are always innovating new ways to circumvent and evade
them. The latest advanced persistent threat techniques use a
combination of various attack vectors when designing zero-day
malware, which are yet to be analysed by threat researchers
that develop anti-malware signatures to detect them, making
signature-based solutions ineffective in stopping them. Advanced
malware protection tools need to be deployed at the network
and endpoints and rely on signature-less detection techniques
to analyse malware, such as via virtual code emulation and
behavioural analysis. The tools must also offer the appropriate
response plan to contain and eradicate these threats before they
spread throughout the enterprise.
Going beyond technology:
creating committees and extending
cybersecurity education across
the enterprise
Enterprises, both large and small, should address the risk of human
vulnerabilities to ensure that intellectual property is secure within
the workspace. Employees need to be aware of the importance of
data security and their roles and responsibilities in safeguarding
sensitive corporate data and resources. The creation of cybersecurity
committees will help to make security relevant to every employee
in an enterprise. Regular updates about cyber threats enable
companies to review and improve policies and processes to
anticipate and effectively manage cybersecurity risks.
The committees are also a good starting point to elevate
cybersecurity to a cross-department function enabling departments
to request the tools they need to do their job in a secured
environment. Security practices have to adapt to people of different
ages and job roles with continual education efforts. Policies,
guidelines, and security awareness training can help to educate
the workforce and achieve a secure future workspace.
Cloud security technologies
shaping secured business practices
using cloud services
Cloud technologies continue to redefine the way businesses operate,
given the changing nature of work and geographically distributed
workplace. By leveraging cloud services, enterprises are able to
achieve high efficiency and productivity across the entire business
process with fast access to data, software, and services. Employees
can also access cloud-based software-as-a-service applications
anywhere, anytime.
To fully embrace the advantages of cloud applications, there is a
need to integrate cloud security protection tools such as cloud
access security brokers (CASB) into the SaaS applications enterprises
use. Security services such as cloud data loss prevention (DLP)
solutions protect sensitive data in public cloud applications. When
used in combination with cloud-based web security, users gain
not only additional protection from malicious websites, but also
authentication and encryption features when accessing cloud-based
services. Actionable cybersecurity intelligence across the entire
cloud infrastructure is also essential in identifying vulnerabilities
and threats within the enterprise.
The latest advanced persistent threat techniques use a
combination of various attack vectors when designing
zero-day malware, which are yet to be analysed by threat
researchers that develop anti-malware signatures to
detect them, making signature-based solutions ineffective
in stopping them.
Securing workspaces for tomorrow | Cybersecurity – your future workplace enabler and accelerator

19. Securing workspaces for tomorrow | The last word
The last word
However, even in the
workspace of today, enterprises
are already facing challenges
with cyber attacks, amounting
to massive dollar losses due
to system downtime or
penalties to the authorities
for failing to secure their
consumers’ data.
As businesses transition towards digital
transformation to meet the evolving needs of
end users, the future workspaces require robust
security tools to mitigate cyber threats allowing
enterprises to embrace digitisation securely.
However, even in the workspace of today, enterprises are already
facing challenges with cyber attacks, amounting to massive dollar
losses due to system downtime or penalties to the authorities for
failing to secure their consumers’ data. In a recent global security
survey, approximately 79% of respondents revealed having no
formal incident response in place; and spending a great deal on
resources before dealing and investigating data breaches in 2015,
highest at 28%24
(see figure). The findings clearly indicate the
ill-preparedness of most enterprises today in responding to
cyber attacks.
Percentage of investigation performed based on incident category60
40
20
50
30
10
0
2013 2014 2015
Malware DDoS Breach investigation Others Internal threat Spear phishing
19
24
NTT Group, 2016 Global Threat Intelligence Report

20. Moving forward, enterprises need to consider the
following critical questions in planning their next steps
when developing their workspaces for their future:
When was the last time your workspace
went through a cyber-health check?
Much like how we undergo health screenings to determine our
wellbeing, the same principle needs to be applied for cybersecurity
– performing thorough risk assessments that go beyond meeting
compliance needs. As data may sit on multiple devices and
infrastructures, it is important to perform data classification. For
example, what are the data types, where are they located, and what
access rights and protection levels are required. A vulnerability
assessment across all devices used in the enterprise is essential in
identifying gaps cyber attackers may potentially exploit. Penetration
tests, using the latest attack techniques, are also useful in identifying
critical gaps in both IT and OT environments.
Do you know the cyber threats
attacking your workspace right now?
Cyber attacks are relentless; therefore, all organisations must be
vigilant in detecting and responding to attacks at any given time.
Much like how security guards and CCTVs operate 24/7 to monitor
any attempted physical security breaches to an organisation, the
same principle should be applied to cybersecurity. Enterprises
should consider cybersecurity operation centres (CSOCs) to monitor
the threats in real-time, manage security solutions, and promptly
react to risk indicators before an attack infiltrates the organisation.
Regular cyber drills should also be conducted to ensure security
analysts are well prepared in responding to attacks.
Securing workspaces for tomorrow | The last word
Do you have a competent service provider as your secured business partner for
workspace transformation?
In the journey towards establishing a cyber-resilient enterprise, organisations may be daunted by the challenges of acquiring and integrating
advanced security solutions, monitoring threats 24/7, performing regular risk assessments, and sourcing for manpower with the right expertise.
In today’s industry landscape where more companies are shifting towards an opex model to manage business operations, enterprises
should consider leveraging managed security services to facilitate their security needs. The service provider should have in-depth expertise
in understanding the current and future needs of end-user computing, allowing enterprises to execute transformation initiatives using a
structured end-user computer development framework designed with security in mind.
User experience
User training
and adoption
User and
business benefits
User activities
Corporate
social
Communications
productivity
Workspace management
Application management
Software licensing
End-user computing maturity levelEnd-user computing maturity level
Business enablement
Governance
Device delivery
Strategy
System monitoring
Initial | Repeatable | Defined | Managed | Optimised
Device management
Device support
Device strategy
Network
Remote access
Architecture
Servers
Cloud
Performance
management
People
Information fabric
Security policy
Technology
Users Applications Operational
excellence
Devices Infrastructure Security
Dimension Data helps organisations achieve greatness through
technology, and can help you to transform and secure your
workspace in the digital era.
Visit: www.dimensiondata.com/secureworkspaces
20

21. Middle East Africa
Algeria • Angola
Botswana • Congo • Burundi
Democratic Republic of the Congo
Gabon • Ghana • Kenya
Malawi • Mauritius • Morocco
Mozambique • Namibia • Nigeria
Oman • Rwanda • Saudi Arabia
South Africa • Tanzania • Uganda
United Arab Emirates • Zambia
Asia
China • Hong Kong
India • Indonesia • Japan
Korea • Malaysia
New Zealand • Philippines
Singapore • Taiwan
Thailand • Vietnam
Australia
Australian Capital Territory
New South Wales • Queensland
South Australia • Victoria
Western Australia
Europe
Austria • Belgium
Czech Republic • France
Germany • Hungary • Ireland
Italy • Luxembourg • Netherlands
Poland • Portugal • Slovakia
Spain • Switzerland
United Kingdom
Americas
Brazil • Canada • Chile
Mexico • United States
For contact details in your region please visit dimensiondata.com/globalpresence