Hybrid working environments remain a source of resilience and flexibility for companies – however, they pose a minefield of risk for the cybercrime and the cyber security industry. When done right – with all necessary guard points established – hybrid work really works.
By Yesh Surjoodeen, southern Africa MD at HP
South African organizations are particularly vulnerable to cyberattacks in the new work-from-anywhere model with workers switching between various networks -fibre to mobile to public Wi-Fi- due to the instability of internet connection in the country.
According to industry insight, the traditional network-centric security approach is no longer sufficient in a hybrid work environment – in short, the traditional way of data security is diminishing as perimeter lines blur with workers logging onto systems from different locations.
As such, our “new norm” indicates the need for newer technological advancements, as the existing ones may be limited or not working. This evokes the need for the innovation and evolution of defence capabilities to ensure data integrity in organisations. Priority needs to be given to securing endpoints such as PCs and printers – and getting the basics right for security teams to stay on top of the ever-evolving cyber-crime space – as they tend to be the “ground zero” of most attacks.
New cybersecurity strategies are needed to prevent, detect, and contain cyber-threats, but also enhance remote PC management to mitigate the risks associated with lost or stolen devices.
Limiting the security gaps in a hybrid workplace
According to HP Wolf Security’s latest hybrid security report, organizations that have adopted a hybrid work structure have left vulnerabilities exposed through gaps in security, with 82% of security leaders confirming. With the endpoint being the ‘be all and end all’ for a hybrid worker’s world, it’s easy to see how these security gaps are highlighted.
Furthermore, 84% of security leaders shared that the endpoint is the origin for a range of cyberattacks, and where the most damaging attacks stem from. Whether a laptop, tablet, PC or smartphone – or associated peripherals like printers – these devices should all be considered “easy access” for attackers.
Endpoints will remain as preferred target for cybercriminals, as they are the intersection between error-prone users and unguarded technologies. Due to hybrid work conditions, devices regularly don’t receive the necessary protection needed, further exacerbating the problem. This includes local networks possibly being misconfigured or compromised.
In South Africa, reports linking to the latest Kaspersky Security Network Data indicates how businesses have come under “fierce attack from back door computer malware, with detections in the second quarter of 2022 surging by 140%”.
However, the State of Cybersecurity in South Africa study highlights that businesses are taking significant measures to improve their cybersecurity – “with up to 68% investing above the industry average”.
Hybrid working environments also increase the risk of employees clicking on suspicious links or opening malicious materials, due to working in a more relaxed environment and having no colleagues to consult. 66% of IT and security leaders note that the greatest security weakness within their organization is hybrid employees being compromised, with unsecured home networks being the main channel for phishing and ransomware. Furthermore, with hybrid employees working from several locations – including public spaces such as cafes, network security is critical to ensuring data safety.
82% of security leaders have increased budgets, specifically for hybrid workers whilst 71% expect this focus to increase as we continue through 2023. This is a step in the right direction – the investment focus on securing hybrid work and applying a holistic view of digital technology innovations means IT professionals can stay ahead of the curve. However, it’s critical that budget is targeted at the right tools, with a focus on making the endpoint front and center of any hybrid security strategy.
Leave no hybrid stone unturned
Remote management of devices has also become more of a priority for IT departments. The hybrid work era has increased the complexity of managing devices remotely, but also highlighted why it is critical. On top of that, hybrid work has also increased the risk of devices being lost or stolen with workers being constantly on the move. The need to secure the data on these devices is important – especially if they contain personally identifiable information (PII), intellectual property (IP) or trade secrets. Cloud technologies can assist in reducing the assignment but are not 100% effective yet.
Around 78% of organizations claim to have tools deployed and policies in place to protect hybrid working staff. However, these tools require a move away from the traditional perimeter approach with the endpoint being the center of hybrid era protection strategies. Hardware-enforced security solutions should be implemented from all angles in the OS and will be key to protect hybrid users without limiting the freedom that hybrid working brings.
A fresh approach to networking
How can IT managers tackle these challenges? The first step is to establish a different avenue to connect remote computers over cellular networks – this translates into devices being managed even when turned off or offline. This method would enable security teams to ‘wipe’ devices of sensitive information, in the event of theft or losing a device. A resilient and secure connection will lead to a reduction in data leaks and breaches on top of the time and effort required to address support tickets. Furthermore, this will lower the IT costs in the PC rectification or replacement process.
HP has invested in the creation of an IT management connectivity solution with their new HP Wolf Connect service enabling IT departments to control offline devices. This should be part of a new approach to hybrid workplace security that takes account of the nuanced risks and challenges that characterize more flexible working.
61% of organizations predict that protecting their offsite workers will become harder over the throughout the year. But it doesn’t need to. Enhancing remote management features and integrating hardware-enforced security, IT departments can encourage user productivity without opening the business to additional cyber risks.