A man wearing a protective mask uses a laptop in Washington Square Park during the coronavirus pandemic on May 27, 2020, in New York City. A survey by Pulse showed only 1 in 5 companies are confident their infrastructure security can support long-term remote work. (Photo by Cindy Ord/Getty Images)

New research has found that while 3 in 4 organizations have moved to a hybrid work model, only 1 in 5 companies — some 21% — are fully confident that their infrastructure security can support long-term remote work.

Moving past the Labor Day holiday, 89% of those surveyed by Pulse on behalf of Sungard Availability Services, say a mix of remote and in-office work has become the preferred option as the country struggles to come out of the pandemic.

And while only 7.5% surveyed are very confident that they have adequate security protections against phishing and ransomware for virtual workers, the vast majority of respondents say good security has become a “must-have” for employees to succeed while working from home. The survey also found that in excess of 70% of respondents say remote employees need the following: security software that keeps devices secure, an easy-to-use file-sharing system, and strong IT support.

In the haste to support the remote workforce at the start of the pandemic, many organizations took the “get it working first” mentality and they sacrificed security, said John Morgan, CEO at Confluera. Morgan said when the remote work model was prolonged, organizations began to address security concerns, especially regarding the cloud, but an overarching security strategy was still lacking.

“Fortunately, many organizations are now coming to terms with the long-term remote work model and are starting to address it as part of their ongoing business requirements,” Morgan said. “With many organizations adopting the cloud, often at an accelerated pace than initially planned, they must evaluate the appropriate security solutions designed for the unique challenges of the cloud. The approach of extending existing approaches to the cloud and hoping for the best will not be successful in the long run. It's also important for organizations to share their security strategy and initiatives to instill employee confidence."

Overall, businesses have adapted to the day-to-day operations of a dynamic hybrid workforce, but the increase in ransomware attacks and continued threats posed by phishing show that many aren’t as secure as they’d like — even 18 months into the pandemic, said Tim Eades, CEO at vArmour.  

“With increased threats posed by ransomware in remote work settings, we now know that endpoint security and traditional cybersecurity training are no longer enough,” Eades said. “The attack surface has expanded to every remote device, and organizations need to immediately take stock of what’s happening within their networks to identify vulnerabilities and stop abnormal behavior in its tracks. It requires more vigilance across a complicated business environment and a zero-trust mindset, but it can — and should — be done to ensure security catches up to the digital acceleration.”

Daniel Spicer, CSO of Ivanti, said as we enter the next phase of hybrid work, it’s imperative that organizations implement a zero-trust security strategy to better protect their digital assets and ensure that employees can access the data they need to stay productive, regardless of where they work from.

“Organizations also need to ask themselves if their zero-trust security checklist include endpoint discovery, DevSecOps/SDLC, strong identity with MFA that uses the stronger factors, strong encryption at all endpoints, automated intelligent patching, and using the next-generation zero-trust network access, Spicer said. “Organizations also need to modernize their help-desks to ensure that remote workers receive immediate and personalized resolutions for IT issues.”

Kevin Dunne, CEO at Pathlock, said that during the pandemic, infrastructure and security teams were pushed into making quick fixes to allow access from anywhere, with enough bandwidth to support thousands of users now connecting remotely each day. Dunne said these solutions typically focused on making on-premises applications available via the public internet, leaving several security vulnerabilities open and requiring even more maintenance than before. 

“Now, infrastructure and security teams are trying to catch up and cover the loopholes that were created during this accelerated process of allowing remote work,” Dunne said. “This go-around, teams are looking at more sustainable methods of enabling remote work, like shifting applications to vendor-maintained SaaS infrastructure. These are longer-term, more effort-intensive initiatives, but they can ultimately result in a more sustainable, secure remote work environment.”