Filling the Gaps: How to Secure the Future of Hybrid Work
Hybrid work is here to stay. What we've seen emerge is a new culture of flexible working patterns that has helped improve wellbeing and create new opportunities to innovate. According to Gartner, 51% of US knowledge workers are projected to work "hybrid," and 20% to work fully remotely in 2023.
However, with these new freedoms come new priorities for security teams. Securing the enterprise has become more complex because the perimeter has become blurred. To address this, focus must be given to securing endpoints, such as PCs and printers — the "ground zero" of most attacks. New cybersecurity strategies are needed to prevent, detect, and contain cyber threats, but also to enhance remote PC management to mitigate the risks associated with lost or stolen devices.
According to new research and a hybrid security report from HP Wolf Security, 82% of security leaders operating a hybrid work model have gaps in their organization's security posture. It's not hard to see how. The endpoint is the center of the hybrid worker's world. Whether a laptop, tablet, PC, or smartphone — or associated peripherals like printers — these devices can be a favored point of entry for attackers. In fact, 84% of security leaders say the endpoint is the source of most security threats and where the most business-damaging cyber threats occur.
Endpoints are a preferred target because they are the intersection between fallible users and vulnerable technologies. Hybrid work exacerbates the problem because devices frequently don't receive the protection provided by the enterprise perimeter. Remote workers' devices and machines can be left unpatched and without adequate protection. Local networks may be misconfigured and potentially compromised.
And then there's the risk of employees being in a more relaxed environment with no colleagues to consult, making them more susceptible to clicking on a risky link or opening an attachment containing malware. In fact, two-thirds (66%) of IT and security leaders accordingly say the greatest cybersecurity weakness in their organization is the potential for hybrid employees to be compromised. They cite phishing, ransomware, and attacks via unsecured home networks as the top risks. Employees also aren't just working from home — they're also in cafes and airports, and maybe even living the digital nomad lifestyle abroad.
The good news is that organizations appear to be focusing their investments on securing hybrid work. Four-fifths (82%) of security leaders have increased budgets specifically for hybrid workers, and 71% expect this focus to increase further in 2023. However, it's critical that budget is targeted at the right tools, with a focus on making the endpoint front and center of any hybrid security strategy.
Another priority for IT and security teams is better remote management of devices. In the hybrid era, this has become both more complex and necessary. Cloud technologies have helped to reduce the workload here, but they're not 100% effective. Some 70% of security leaders say hybrid work increases the risk of lost or stolen devices. But what happens when remote machines are powered down or offline? Finding or securing the data on these devices could be impossible, which is a significant risk if they contain personally identifiable information (PII), intellectual property (IP), or trade secrets.
With workers on the move more than ever, the risk of human error becomes higher. And there will always be eagle-eyed thieves on the lookout for devices they can grab. This only increases risk, especially in highly regulated sectors such as government, where a lost or stolen laptop could represent a national security risk.
So what can IT managers do to mitigate these concerns? The first step is finding a new way to connect with remote computers over cellular networks. This means devices can be managed even when turned off or offline. Crucially, such functionality could be used to connect with lost or stolen devices and then lock and wipe them. This will not only reduce the risk of data leaks and breaches, it can lower IT costs by reducing the need for PC remediation or replacement. A more resilient and secure connection to remote computers will also reduce the time and effort needed to resolve support tickets. Teams can accurately report where and when devices went missing and how long it took to lock or erase them.
This should be part of a new approach to hybrid workplace security that takes account of the nuanced risks and challenges that characterize more flexible working. Around 80% of organizations already claim to have deployed different tools and policies to protect hybrid working staff. But what's key here is that these tools and policies require a move away from old perimeter-focused thinking. The endpoint must become the focus for applying protection in the hybrid era. Adopting hardware-enforced security features and protection above, in, and below the OS — such as application isolation — will be key for protecting users without impinging on the freedoms that hybrid work allows.
Nearly two-thirds (61%) of organizations say protecting their hybrid workers is going to get harder over the coming year. But it doesn't need to. By enhancing remote management and adopting hardware-enforced security, they can unleash user productivity without inviting extra cyber-risk. At a time when sustainable growth is critically important to all businesses, we need to optimize the hybrid workforce.