As people settle into the late stages of the pandemic, the hybrid workplace is not going anywhere. Therefore, the enterprise must address the increasing number of entry points into the network as more employees work remotely.

In 2021, 61% of malware directed at organizations targeted remote employees via cloud apps. Since the onset of the pandemic, about 30% of organizations have reported a spike in cyber attack attempts.

It’s been harder lately to manage the logistics of where employees connect. So, it’s no wonder that 54% of IT workers are on edge about the possibility of future cyber attacks.

However, people often don’t understand the hybrid work model. The only way the enterprise can address the myriad challenges is to gain a solid grasp on how the workplace is really evolving.

What Is the Hybrid Work Model?

The hybrid model combines a remote and a regular on-premise workforce. Employees want to be flexible in where and when they work. Plus, as new tech constantly develops, the workforce is becoming more virtual.

This modern work model is not one-size-fits-all, and each company’s version will be unique. The most successful hybrid solutions are flexible and agile, so they can meet the ever-changing demands of management, employees and any regulations.

According to an Economist Impact survey commissioned by Google Workplace, more than three-quarters (75%) of employees and managers expected to adopt the hybrid work model within their business or agency in the next three years.

Cybersecurity challenges in adopting the hybrid work model fall into three basic categories: data, devices and behavior.

So Much Data

Whether employees are hybrid, remote or work in the office, they have access to an increasing amount of sensitive data. The business must safeguard that data. As the attack surface widens, data protection becomes more difficult.

But data protection has always been critical, and while hybrid makes the issue worse, it’s the skyrocketing number of devices and endpoints that stand out.

All These Devices

The ever-growing number of other devices in our lives presents significant obstacles for enterprise security in a hybrid work environment. Employees returning to the office are doing so with not just one device but a steady wave of new ones. Many questions arise from this:

  • Did the organization issue their devices?
  • Does someone regularly update the OS or firmware?
  • Are all software patches in place?
  • Do you know all of the networks the device has connected to? What other parties have been on those networks?

User Behavior

According to IBM’s 2021 Data Breach Report, the average cost of a data breach due to remote work was $1.07 million higher in those attacks in which remote work was a factor. While lack of the right technology or resources certainly plays a role, online employee behavior is a critical cause.

As we adapt to the ever-changing shifts in society, humans are not at our best. The adage still applies: humans are the weakest link in the cybersecurity chain. Thinking about threat actors is not top of mind for many employees as they tackle their daily tasks. The threat actors are well aware of that.

Hybrid Work Model Strategies

As always, the best strategies start with the basics. Good security hygiene applied as much before the pandemic as it does today. What this means is you’ll want to ensure:

  • Remote employees use a VPN
  • Employees know cyber attacks could happen
  • Employees can access only the resources they need
  • Your team patches systems often
  • Your networks are segmented.

When it comes to network segmentation, it’s important not to limit this to the corporate network. Employees working from home should consider splitting their home network into work and home segments. Most internet providers today can accommodate this setting. Especially as more internet of things (IoT) devices are brought into the home, the potential damage of an attack increases. With segmentation, if an attacker hits an IoT device because of the actions of another family member, the payload won’t wreak havoc on other network devices.

Whether or not you decide to include home network segments, you need to back up your strategy with some sort of robust policy. Update those policies to address the hybrid work model. From the C-suite to all employees, make sure everyone is aware of the policies and adheres to them. Monitoring services and tools like identity and access management are critical here.

For employees working from the office, you’ll need to decide how you’re going to treat all these new devices — whether bring-your-own-device or corporate-issued. Do you expect employees to follow certain rules before returning to the office? Do you have a clear understanding of what constitutes a trusted device? You should be aware of not just what actions you can take but how you’ll respond if a security threat occurs.

The Meeting of Zero Trust and Hybrid Work

But perhaps the most efficient way to address the security challenges is adopting a zero trust strategy. With a blueprinted zero trust approach, organizations can empower their workforce by correlating security information across all domains and quickly grant conditional access based on the model of least privilege.

Finally, your team will need to be transparent about their policies, rules and standards. The more transparent you are, the less likely it is employees will perceive your team as the enemy.

More from Network

Beware of What Is Lurking in the Shadows of Your IT

This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security protections is “shadow IT” and it is one that organizations must prepare for. Shadow IT is the use of any hardware or software operating within an enterprise without the knowledge or permission of IT or Security. IBM Security X-Force responds…

Beyond Shadow IT: Expert Advice on How to Secure the Next Great Threat Surface

You've heard all about shadow IT, but there’s another shadow lurking on your systems: Internet of Things (IoT) devices. These smart devices are the IoT in shadow IoT, and they could be maliciously or unintentionally exposing information. Threat actors can use that to access your systems and sensitive data, and wreak havoc upon your company. A refresher on shadow IT: shadow IT comes from all of the applications and devices your employees use without your knowledge or permission to get…

X-Force 2022 Insights: An Expanding OT Threat Landscape

This post was written with contributions from Dave McMillen. So far 2022 has seen international cyber security agencies issuing multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, the discovery of two new OT-specific pieces of malware, Industroyer2 and InController/PipeDream, and the disclosure of many operational technology (OT) vulnerabilities. The OT cyber threat landscape is expanding dramatically and OT asset owners and operators, all of whom understand the need to keep critical infrastructures running safely, need to be aware…

How to Compromise a Modern-Day Network

An insidious issue has been slowly growing under the noses of IT admins and security professionals for the past twenty years. As companies evolved to meet the technological demands of the early 2000s, they became increasingly dependent on vulnerable technology deployed within their internal network stack. While security evolved to patch known vulnerabilities, many companies have been unable to implement released patches due to a dependence on legacy technology. In just 2022 alone, X-Force Red found that 90% of all…