Top 5 cybersecurity challenges in the hybrid office
The pandemic has caused a tectonic shift in how we live and work. Many companies are slowly returning to offices while an estimated 40% of the U.S. workforce continues to work remotely. A year into the pandemic and one thing is crystal clear, the future of work is hybrid. 83% of employers attest to the fact that their shift to remote work has been extremely successful and in fact, 82% of company leaders are planning to allow employees to exercise “flex days”, where workers can work from the convenience of their homes. Employees too have expressed a preference for a blend of home and office with research suggesting hybrid workplaces result in better workplace outcomes.
Regardless of whether employees are on-site or remote, this convenience is now a permanent cyber-risk for businesses. Listed below are the top 5 challenges in this new hybrid environment:
1. Remote work infrastructure is facing a rising barrage of cyber-attacks
To enable remote working, companies are increasingly relying on cloud technology and leveraging the use of remote connectivity tools like VPN. Cyber-attacks on cloud services have grown more than 600% while hackers continue to exploit vulnerabilities in VPN gateways. A number of brute-force attacks on Windows Remote Desktop Protocol (RDP) is also rising significantly. In February 2021 there were 377.5 million brute-force attacks worldwide in comparison to 93 million at the beginning of 2020.
2. Remote workers are easier targets
Weak or no home Wi-Fi security, laptops shared amongst family members, absent firewalls, unsecure mobile devices, poor security hygiene, etc. are some of the nightmares that security professionals face on a routine basis with remote workers. Remote workers also have lack of internet connectivity or lack of bandwidth which delays software-update patching and this could leave weak points open for cybercriminals to exploit. The use of unauthorized software and shadow IT can also jeopardize a business’s entire cybersecurity posture.
3. Need for stronger data protection and authentication
Data protection of sensitive information becomes a lot harder across the expanded internet-based perimeter. Access to sensitive data requires a stronger set of checks and balances than you would normally use in a standard traditional office environment. It’s easy for attackers to fake a digital identity and hijack data from a secure environment. Personally Identifiable Information (PII), emails, browsing habits and website visits, online purchases and financial content, social media and dark web data dumps can be easily leveraged to emulate a virtual identity.
4. Absent physical security and monitoring of virtual workspaces
One of the reasons why physical offices of large businesses are brimming with security personnel is because the infrastructure helps manage the disposal of confidential information in its physical form. For example, entry barriers can help prevent tailgating while paper shredders can help destroy physical assets that might contain sensitive information. In a digital world, managing the information lifecycle also becomes an important element as holding data for longer periods of time is both a high-risk policy and a liability.
5. Human-centered security is taking a back seat
Home distractions are a major cause of security errors and the data from lockdowns prove it. Workers are prone to social engineering scams like phishing and vishing. One wrong move can instantly result in a breach, causing significant financial damages and irreversible loss of reputation. Cybercriminals have a deep understanding of human psychology and stress-related pandemic issues. In 2020 alone, Google registered a record two million phishing websites whereas ransomware attacks increased by seven-fold.