Why We Need Hybrid Security for a Hybrid Workforce
2021 will be remembered for being the year we retired the binary choice of working from home or in the office and embraced hybrid working. As a result, employees have finally unlocked a better work-life balance thanks to greater flexibility, fewer distractions, reduced commute times and expenses. Meanwhile, employers enjoy reduced absence rates, increased productivity, and access to a much broader talent pool.
Hybrid working offers the best of both worlds and provides an idealistic working solution that works for everyone. However, the ability to work from anywhere on any device also risks becoming a security nightmare. For example, Forbes published a long list of worrying statistics such as 80% of data breaches being caused by phishing attempts and the average cost of an attack rising to $3.86m.
The end of the 'castle and moat' approach
Traditionally, everything inside an organization's network was trusted. But this outdated mindset is no longer fit for purpose when employees work outside of the physical office and corporate network. As a result, security professionals are now challenged with protecting remote work environments across multiple devices without ruining the employee experience.
It's no longer just about securing how users access critical systems but endpoint security across desktops, laptops, smartphones, tablets, and an increasing number of IoT devices. To further muddy the waters, many employees could be reusing weak passwords connected to unsecured Wi-Fi on devices that are not regularly updated. In addition, they will be sending vast quantities of data via email and collaboration tools.
Securing the hybrid workplace: the struggle is real.
The HP Wolf Security report revealed the struggle between employees who see increased security protocols as an annoyance that hinders their productivity and frustrated security professionals. 80% of those questioned in the report agreed that IT security was becoming a "thankless task" because home users don't listen to advice. With 69% of respondents saying they were being made to feel like the "bad guys," culture change is desperately needed to improve security.
There is a perception that security stops people from doing things when it should enable them to do anything, but securely. The fractured relationship between IT and employees is further exacerbated by the finger of blame being pointed at employees for being the weakest link in cybersecurity and entry point for data breaches.
The reality is that cybersecurity is now everyone's business. So, it's time for employees and IT teams to build a more collaborative security culture rather than playing the blame game. Getting employees on board and adapting to a different mindset will require investment in educating teams rather than a box-ticking compliance training exercise that they click through in 30 minutes.
A zero-trust approach to cybersecurity was founded on a mantra of never trust, always verify. Now that employees have drifted away from the on-premises corporate network, every network from the home to public Wi-Fi in coffee shops and airports should be untrusted from the outset. Zero-Trust can protect data while still providing access, ideally through multi-factor authentication.
The access rights of every user should be determined by their role. Additionally, every endpoint and network activity must be authenticated and assumed to be a threat. The ability to identify breaches in real-time and isolate them before they infect the entire network is no longer just a nice to have. It's critical in defending against the persistent threat from attackers.
In a digital world of hybrid clouds, businesses must wake up to the dangers of their applications, servers, and users being scattered everywhere. A zero-trust approach enables security teams to validate and authorize every connection between components while also improving their security posture.
Hybrid Security for a Hybrid Workforce
When the pandemic first hit, many businesses were forced to compromise security to ensure business continuity. However, the race to get a head start and reap the benefits of increased flexibility, productivity, resilience, and reduction in costs along with access to a global talent pool, all comes at a price.
With business continuity in place, security can no longer take a back seat in a digital world where threats are continuously rising. For hybrid work to succeed, a security transformation needs to take place. We can expect zero trust alongside identity and access management to take center stage in the months ahead in a bid to enable an increasingly hybrid workforce to work securely.
The future of work should also be seen as an opportunity to retire stereotypes and build a security-first culture. There is no escaping the fact that many breaches result from poor password management or clicking on a dangerous link. Heavily investing in a zero-trust solution without improving security hygiene, awareness, and individual responsibility of the workforce would be a tragic mistake.
We all have an endpoint responsibility. Improved resilience to security challenges caused by hybrid working will require a mix of technology and human-centered solutions. In addition, the future of work should also involve the flexibility to securely work from any device in any location without impacting the user experience. These are just a few reasons every business leader needs a hybrid security approach to help their hybrid workforce thrive.