There is a ransomware attack every 11 seconds in 2021, and long-term hybrid work will compound this challenge. Hybrid working employees are likely to switch between devices and request access privileges, while technology fragmentation makes it difficult for infosec teams to obtain visibility. This article discusses five ways CISOs can address emerging security gaps and support hybrid working in 2022.
After more than a year of navigating unprecedented change, organizations have yet another transformation on their hands. As physical workplaces reopen, it is clear that WFH is here to stay, and hybrid work will be the new normal. In fact, research by OmdiaOpens a new window found that hybrid working (55%) and cybersecurity (58%) are the top two enterprise priorities going into 2021. Chief information security officers (CISOs) are at the cusp of an important challenge and opportunity. Hybrid working opens up a slew of new security risks that could expose confidential Ip or customer data, lead malware into the system, or cause downtime. However, secure hybrid working could enable new vistas in both employee productivity and satisfaction if handled correctly.
Long-term Hybrid Work Presents New Security Challenges
In 2020, WFH was perceived as a stop-gap solution to a temporary challenge. But it has changed organizational workflows and employee mindsets for good, and there is no going back. A recent surveyOpens a new window of 869 business executives found that organizations expect 44% of their workforces to work in a hybrid model over the long term. Just 22%Opens a new window of U.S. executives believe returning employees to the office to be a priority. This is because hybrid work can help save infrastructural costs, boost efficiency, and allow employees to maintain their work-life balance.
But on the flip side, the sheer fluidity of a hybrid work environment poses significant security risks. For example, do employees switch between office workstations and home devices? Can you enforce the same cybersecurity policies in the office and remote locations? How do different shift timings and fluctuating headcounts impact security?
Questions like these must be answered via a structured framework so that CISOs can support the business in hybrid work endeavors.
See More: The Future Office: 6 Steps To Retrofit Workspaces To Promote Hybrid Collaboration
5 Ways CISOs Can Prepare for the Hybrid Work Era
As hybrid work becomes the new normal, cybersecurity attacks have become increasingly frequent, often taking advantage of negligent or unaware employees. According to Cybersecurity VenturesOpens a new window , there is a ransomware attack every 11 seconds in 2021. CISOs must adapt their security systems, policies, and processes to the new normal to stay resilient. Here are the top five action points:
1. Universalize identity-based access, even in the office
While identity-based access, zero trust, and multi-factor authentication were always recommended, it has never been so important as right now. During WFH, organizations put in additional measures to check employee identity before allowing data access, including device verification. These protocols must not be scrapped as employees return to the physical office – either fully or partially. While it is ideal that employees switch between a dedicated WFH device and a fixed workstation, that will often not be the case. Universalized identity-based access will make sure that your assets are protected without exception.
2. Remove fragmentation in your cybersecurity toolkit
As new security challenges emerge, there is always an impulse to invest in new security tools and solutions. But this could cause more harm than good – Gartner’s 2020 CISO Effectiveness SurveyOpens a new window found that over two-thirds of CISOs (78%) use 16 or more vendors. A sizable 12% work with 46 vendors, and this causes a lot of fragmentation. In the absence of a consolidated toolkit, your team could miss out on important gaps in your security posture and suffer cost duplication. Rather, it is better to invest in integrated solutions that provide better visibility and control. Consider solutions like Cisco Secure Hybrid WorkOpens a new window , Secure Hybrid Workforce by Palo Alto NetworksOpens a new window , and Hybrid Work Solutions by Microsoft CloudOpens a new window in 2021.
3. Gain from security orchestration, automation, and response (SOAR)
SOAR allows you to automate cybersecurity management to a large extent by putting it into a structured digital workflow. SOAR is both an architecture and a digital solution. Not only should your technologies be aligned with a SOAR framework, but your IT and infosec team should be equipped to receive alerts, perform incident analysis and triage, prioritize incidents, and deploy a standardized response through reusable workflows. SOAR makes it easier to deal with the high volume of minor incidents occurring every day through AI, ML, and automation in a hybrid work environment. Exceptional incidents are passed onto your team for tactical handling.
4. Invest heavily in security awareness and change management
A major blocker to secure hybrid working is human habit and resistance. Employees may want to use the same devices at home and in the office. They might not be willing to go through a complex authentication process when logging in from authorized workstations. They may demand the security privileges available in the office to trickle down to their WFH setups. That’s why CISOs must invest heavily in security awareness training and user education. This doesn’t just mean training on the how but also on the why. Employees must understand the precise nature of the threat at the gates, its impact on the organization, and their job. Proactive change management is crucial for a secure transition to remote work.
5. Stay prepared for worst-case scenarios
Sometimes, no matter the measures put in place, bad actors will find their way in and cause damage. ResearchOpens a new window suggests that while 3 in 4 organizations have moved to hybrid work, just 7.5% are confident about their security posture. It can take time to build and adapt your infrastructure for all-new ways of working. In the meantime, organizations must invest in fallback measures like robust cyber insurance, business continuity and disaster recovery (BCDR), and cloud back-ups. Ransomware insurance is among the top priorities, as ransomware attacks pose formidable costs to mid-sized or large organizations.
See More: 5 Ways for Businesses to Make a Seamless Transition to Hybrid Cloud
Conclusion
While CISOs may approach hybrid work from a technical perspective, the reality is that our entire work culture, habits, and priorities are changing. In the PwC study we cited, 36% said that the loss of corporate culture is the biggest challenge to hybrid work, and this has important implications for security. Disengaged or disgruntled employees are less likely to adhere to security protocols, opening up yawning gaps in your posture. Therefore, it is vital that CISOs work together with cross-vertical stakeholders, including CHROs, CIOs, and change management leaders, to develop a blueprint that finds maximum buy-in and provides maximum protection.
According to you, what is the top security challenge in a hybrid working world? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!