Remote and hybrid business models have redefined work. But despite the many benefits of more flexible ways of working, this shift continues to pose serious challenges and complexities for IT teams, says Rachel Banks, Head of Product Management, Apogee Corporation, which offers managed workplace services.
With networks expanding far beyond traditional perimeters, organisations must re-evaluate the security of their distributed endpoints, especially as boundaries blur between home and work and more IoT devices become embedded in the hybrid ecosystem.
However, while securing physical endpoints is vital, organisations must also address the larger security landscape, especially as cyber criminals evolve their tactics to become more sophisticated and agile. A new security frontline is needed, going beyond traditional devices, such as laptops, desktops, and mobiles, and encompassing the multiple areas of threat in hybrid workplaces. Therefore, to secure the hybrid, flexible workplace of the future, organisations must develop a truly multi-layered cybersecurity offering.
Endpoints everywhere
Traditionally, businesses directed their cybersecurity efforts towards protecting endpoints within the controlled office environment. Complex security measures and principles, such as zero trust, revolved around server locations within well-defined castle walls, so endpoint security concerns typically did not keep IT leaders awake at night.
Now, the ‘new normal’ of remote and hybrid work has led to the scattering of network endpoints – from laptops and desktops to mobiles, IoT devices, printers, and servers – all across diverse locations and environments, beyond the direct control of corporate IT. Remote workers have also become increasingly dependent on these interconnected endpoints and devices, accessing enterprise data from home, in a café, or even on the train.
Many of these devices were simply not designed with the layers of security and encryption needed for secure remote access. For example, past endpoint solutions primarily focused on antivirus (AV) or next-generation antivirus (NGAV), neither of which can fully handle today’s sophisticated cyber threats outside of the conventional network perimeter. With the growing number and diversity of endpoints, hackers have multiple entry points to exploit, enabling them to gain access to critical corporate data and cause significant damage and disruption to businesses.
As a result of this lack of security depth, endpoints are now prime targets for ransomware and phishing attacks. In fact, phishing has emerged as the top initial access vector for cyber criminals, representing 41pc of all security incidents. Hackers are skilled at gaining access to a company’s virtual private network (VPN), firstly by infiltrating a personal device that has out-of-date hardware or software installed. This initial breach then allows them to infiltrate the connected work device and move laterally across the corporate network.
Antivirus is no longer enough
Despite the rapid evolution of cyber threats and technologies, many organisations, particularly SMBs without a dedicated cybersecurity specialist, still rely on AV solutions alone as a silver bullet to protect their physical endpoints. In today’s complex remote and hybrid working environments, where employees are using an array of devices, networks and cloud-based services, this mindset is inadequate when it comes to addressing ever-changing cyber risks.
Antivirus software is definition based and primarily relies on signature-based detection to identify and block known threats. But as new and unseen cyber threats come to the fore, sophisticated malware and zero-day exploits can easily evade these mechanisms and catch organisations by surprise. Attackers are increasingly exploiting this vulnerability by embedding malicious links in PDF files within emails, with the number of PDF malware attacks bypassing perimeter security controls surging by 38% in the final quarter of 2022.
In addition, the effectiveness of AV is dependent on the regular patching and updating of software – a challenge for organisations that manage a significant number of devices or face resource constraints that hinder timely updates.
With email being the entry point for over three-quarters (77pc) of cyber threats, and human error contributing to up to 95pc of breaches, AV software alone cannot fully protect against vulnerabilities arising from employee behaviour. It cannot prevent a remote worker from clicking on a rogue phishing link, nor can it anticipate new social engineering techniques. Organisations must therefore adopt a comprehensive approach that goes beyond traditional solutions and adapts to the dynamic nature of remote and hybrid cyber risks.
Protection through isolation
While there is still an important place for antivirus software in a modern technology stack, it should form just one part of a more layered approach to workplace cybersecurity. As employees demand more flexibility and autonomy with their work – and access to a wider range of digital tools – organisations need to embrace a security-first mindset. This involves implementing encrypted data transfer methods to empower a flexible yet secure remote workforce.
The latest isolation technologies have a crucial role to play in securing the hybrid workplace. Unlike traditional ‘detect and block’ antivirus approaches, these solutions provide a robust defence against both known and unknown dangers by completely isolating and containing potential cyber threats. Even in the event of a zero-day attack, isolation technologies can neutralise the threat and prevent its spread to the rest of the network or endpoints.
By adding these crucial layers of protection to foundational antivirus and endpoint detection and response (EDR) solutions, organisations can significantly reduce the security risks associated with hybrid and remote working, including the potential for human error. The technology should then be underpinned with clear guidelines around personal device usage and appropriate workplace equipment for secure access to corporate data. But to create a truly resilient cybersecurity frontline in complex digital environments, organisations must broaden their focus beyond endpoints and address the wider security landscape within the hybrid workplace.
Beyond the endpoint lies a plethora of other security considerations, highlighting the need for organisations to elevate their wider security culture. Firm-wide policies, governance, and risk management processes, including incident response plans and regular penetration testing, should establish the framework for this culture change, integrating cybersecurity into the fabric of the workplace, even as traditional security perimeters dissolve.
Education and training forms another crucial layer. Successful initiatives have the power to instil a security-conscious mindset among employees, fostering far-reaching behavioural changes across the hybrid workplace. Visual demonstrations can be particularly impactful, providing employees with a tangible and visceral understanding of their role in upholding a secure workplace environment.
This cybersecurity culture uplift is a journey, and organisations should start by conducting a comprehensive cyber health check or gap assessment. Collaborating with a service provider can be beneficial, as the right partner will thoroughly analyse the organisation’s current security landscape beyond physical endpoints, identifying areas of vulnerability and determining specific requirements and priorities. This can then be developed into a recurring managed service, providing continuous protection and support as the hybrid future of work continues to take shape.
To meet the needs of diverse and dispersed workforces, organisations must implement a multi-layered approach to security. This involves integrating the latest isolation technologies, robust security protocols, and holistic cybersecurity measures to empower employees to work smarter and safer – no matter where, when, or how they operate.
