As people settle into the late stages of the pandemic, the hybrid workplace is not going anywhere. Therefore, the enterprise must address the increasing number of entry points into the network as more employees work remotely.

In 2021, 61% of malware directed at organizations targeted remote employees via cloud apps. Since the onset of the pandemic, about 30% of organizations have reported a spike in cyber attack attempts.

It’s been harder lately to manage the logistics of where employees connect. So, it’s no wonder that 54% of IT workers are on edge about the possibility of future cyber attacks.

However, people often don’t understand the hybrid work model. The only way the enterprise can address the myriad challenges is to gain a solid grasp on how the workplace is really evolving.

What Is the Hybrid Work Model?

The hybrid model combines a remote and a regular on-premise workforce. Employees want to be flexible in where and when they work. Plus, as new tech constantly develops, the workforce is becoming more virtual.

This modern work model is not one-size-fits-all, and each company’s version will be unique. The most successful hybrid solutions are flexible and agile, so they can meet the ever-changing demands of management, employees and any regulations.

According to an Economist Impact survey commissioned by Google Workplace, more than three-quarters (75%) of employees and managers expected to adopt the hybrid work model within their business or agency in the next three years.

Cybersecurity challenges in adopting the hybrid work model fall into three basic categories: data, devices and behavior.

So Much Data

Whether employees are hybrid, remote or work in the office, they have access to an increasing amount of sensitive data. The business must safeguard that data. As the attack surface widens, data protection becomes more difficult.

But data protection has always been critical, and while hybrid makes the issue worse, it’s the skyrocketing number of devices and endpoints that stand out.

All These Devices

The ever-growing number of other devices in our lives presents significant obstacles for enterprise security in a hybrid work environment. Employees returning to the office are doing so with not just one device but a steady wave of new ones. Many questions arise from this:

  • Did the organization issue their devices?
  • Does someone regularly update the OS or firmware?
  • Are all software patches in place?
  • Do you know all of the networks the device has connected to? What other parties have been on those networks?

User Behavior

According to IBM’s 2021 Data Breach Report, the average cost of a data breach due to remote work was $1.07 million higher in those attacks in which remote work was a factor. While lack of the right technology or resources certainly plays a role, online employee behavior is a critical cause.

As we adapt to the ever-changing shifts in society, humans are not at our best. The adage still applies: humans are the weakest link in the cybersecurity chain. Thinking about threat actors is not top of mind for many employees as they tackle their daily tasks. The threat actors are well aware of that.

Hybrid Work Model Strategies

As always, the best strategies start with the basics. Good security hygiene applied as much before the pandemic as it does today. What this means is you’ll want to ensure:

  • Remote employees use a VPN
  • Employees know cyber attacks could happen
  • Employees can access only the resources they need
  • Your team patches systems often
  • Your networks are segmented.

When it comes to network segmentation, it’s important not to limit this to the corporate network. Employees working from home should consider splitting their home network into work and home segments. Most internet providers today can accommodate this setting. Especially as more internet of things (IoT) devices are brought into the home, the potential damage of an attack increases. With segmentation, if an attacker hits an IoT device because of the actions of another family member, the payload won’t wreak havoc on other network devices.

Whether or not you decide to include home network segments, you need to back up your strategy with some sort of robust policy. Update those policies to address the hybrid work model. From the C-suite to all employees, make sure everyone is aware of the policies and adheres to them. Monitoring services and tools like identity and access management are critical here.

For employees working from the office, you’ll need to decide how you’re going to treat all these new devices — whether bring-your-own-device or corporate-issued. Do you expect employees to follow certain rules before returning to the office? Do you have a clear understanding of what constitutes a trusted device? You should be aware of not just what actions you can take but how you’ll respond if a security threat occurs.

The Meeting of Zero Trust and Hybrid Work

But perhaps the most efficient way to address the security challenges is adopting a zero trust strategy. With a blueprinted zero trust approach, organizations can empower their workforce by correlating security information across all domains and quickly grant conditional access based on the model of least privilege.

Finally, your team will need to be transparent about their policies, rules and standards. The more transparent you are, the less likely it is employees will perceive your team as the enemy.

More from Network

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

4 min read - View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

4 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 2: Cybersecurity Threats in New Space

7 min read - View Part 1 in this series, Introduction to New Space. The growth of the New Space economy, the innovation in technologies and the emergence of various private firms have contributed to the development of the space industry. Despite this growth, there has also been an expansion of the cyberattack surface of space systems. Attacks are becoming more and more sophisticated and affecting several components of the space system’s architecture. Threat Actors' Methodology Every space system architecture is composed of three…

7 min read