In the era of hybrid work, businesses of every size are operating virtually more than ever before. While today’s digital revolution has been cause for celebration, it has also resulted in the creation of more high-risk IT environments. Hybrid work makes security even more of a business problem. Do nothing, and it’s only a matter of time before the company becomes a hybrid work security statistic:
- 56% of remote employees are use personal (uncontrolled) devices to do their work, and 64% of companies worldwide have experienced at least one form of a cyberattack.
- When 50% of users work remotely, it takes organizations 58 days longer to identify and contain a breach. The longer it takes to contain, the more costly the breach, according to IBM.
So, if the company can only do one thing to improve its security posture, what should it opt for? To get to the answer, let’s first unpack three factors making security more challenging today.
- Big data unleashed equals big problems. With data accessible from virtually anywhere and all the time, IT leaders are faced with scaling security in an IT environment that essentially has no boundaries. Under hybrid work models, data resides wherever the endpoints and users are, and that puts assets in unmanaged locations beyond the control of the IT team. This trend, summarized in a Nemertes Research white paper, has been exacerbated by the pandemic: Most architects think of the corporate WAN as connecting inside-to-inside: in other words, premises-based users (workers in offices) to premises-based resources applications running in data centers). That’s not only inaccurate in these pandemic times, it’s been inaccurate for a long time. In early 2020, Nemertes research studies found that just 38% of all WAN traffic was inside-to-inside. The remaining 62% was either: outside-to-inside (WFH workers connecting to premises based resources), inside-to-outside (on-premise workers connecting to the cloud), outside-to-outside (WFH workers connecting to the cloud). Compounding all this complexity: big data will only get bigger.
- It’s difficult to attain zero-trust for mobile phones and supply chains. While zero-trust has become a leading security strategy, it isn’t always possible in every scenario. Mobile devices and any uncontrolled hardware create obstacles that the security industry has not yet overcome. Simply put, it’s because of supply chain-based attacks. It all goes back to the device manufacturers who must defend their hardware, microchips, and software from attackers. But it’s a nearly impossible defense job. No security technology exists today that can effectively protect against supply chain attacks targeting the software or hardware suppliers themselves, and zero- trust fails to evaluate the user device at the hardware and source-code level. On a more positive note, zero-trust can verify user identities until the sun goes down, but those checking functions don’t go deep enough to identify the underlying threat. Thus, mobile device security will be compromised until zero- trust reaches ground zero.
- New technologies make attacks easier. Technology innovation cuts both ways, benefiting companies and criminals. This helps explain why cyber criminals are doubling down on their efforts to both profiteer from and disrupt hybrid businesses. New AI-based technologies like deepfakes and GPT3 can be used to target and automate attacks. Additionally, Microsoft 365 continually gets targeted by bad actors who can evade detection with just a few clicks. Ransomware has increased 148% or more year over year, and cryptocurrency makes it worse.
How to secure a hybrid environment
Nearly all cyber threats generate observable network communications, which means the network remains the keystone to increasing the company’s security posture. But security teams cannot protect what they can’t see. Companies need complete visibility for rapid threat identification and isolation, and also for managing and securing all the endpoints that come with any distributed workforce. Here are five helpful tips:
- Ensure all remotely connected devices have advanced endpoint detection and response solutions and are actively monitored 24/7.
- Protect data in cloud-based environments via security access policies and monitoring technologies.
- Invest in monitoring tools that have visibility into all access points in and out of all environments.
- Deploy security orchestration, automation, and response capabilities to streamline detection and response.
- Adopt a Zero Trust security framework to prevent unauthorized access to critical data.
At the end of the day, security teams will always face unknown threat vectors, or unforeseen events like the pandemic. Keep an eye on what the security team can control — the company’s network and your assets. This act alone will help improve the company’s security posture, little by little with each adjustment.
Trevor Parks, director for security solutions, Masergy
