{"id":139124,"date":"2021-07-26T11:17:01","date_gmt":"2021-07-26T08:17:01","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=139124"},"modified":"2021-07-26T11:18:21","modified_gmt":"2021-07-26T08:18:21","slug":"hibrit-calisma-modelinde-siber-guvenligi-nasil-saglamaliyiz","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/hibrit-calisma-modelinde-siber-guvenligi-nasil-saglamaliyiz\/","title":{"rendered":"The Hybrid Workplace: What Does it Mean for Cybersecurity?"},"content":{"rendered":"

The pandemic may finally be receding, but remote working is very much here to stay. The model that appears to be gaining most traction is a hybrid one, where most staff are allowed to spend some time working from home (WFH), but will also be required to come to the office for at least part of the week. It\u2019s intended as a \u201cbest of both worlds\u201d solution for staff and employers. But as we\u2019ve seen over the past 12 months or more, mass remote working has also created the perfect conditions for threat actors to thrive.<\/strong><\/p>\n

\"\"It should be hoped that with more time to operationalize the switch, combined with the experiences of the past year, IT security leaders<\/strong> and their teams<\/strong> will be better prepared than they were in early 2020. But many business leaders admit to being still vague on the details of hybrid working. Any new security strategy must focus on both human and technology, particularly cloud-based, risks.<\/strong><\/p>\n

What\u2019s hybrid working and why now?<\/h2>\n

The move to hybrid working seems inevitable. When the world stayed at home in 2020, employees found they rather liked the new work-life balance, not to mention the time and money saved on commuting. Managers were surprised to find that productivity didn\u2019t fall off a cliff as many had predicted. Technology stepped in to fill the void with online collaboration, company-issued laptops and cloud infrastructure empowering and supporting a new way of working.<\/p>\n

Now that there\u2019s light at the end of a long COVID-shaped tunnel,\u00a0things are unlikely to return<\/a>\u00a0to the way they were pre-pandemic. According to\u00a0Microsoft<\/a>, two-thirds (66%) of business leaders say they\u2019re considering redesigning office space, while 73% of employees want to stay flexible with working options, and 67% want more in-person collaboration. A new hybrid model will be an important way to improve staff wellbeing, retention and recruitment, drive productivity and re-energize the workforce \u2013 not to mention justify expensive inner-city office space.<\/p>\n

Yet there\u2019s still confusion over the details.\u00a0According to McKinsey<\/a>, 90% of global organizations will be combining remote and on-site working permanently post-pandemic, yet 68% have no detailed plan communicated or in place yet. Cyberthreats often thrive in the absence of strategic decision making and preparation.<\/p>\n

The security challenges of the hybrid workplace<\/h2>\n

So how big is the cyber risk to organizations as they embrace a new way of working?\u00a0ESET research<\/a>\u00a0from earlier this year found that 80% of global businesses are confident their home-working employees have the knowledge and technology needed to handle cyberthreats. However, in the same study, three-quarters (73%) admitted they are likely to be impacted by a cybersecurity incident, and half said they\u2019d already been breached in the past. This kind of disconnect does not make for coherent cybersecurity planning.<\/p>\n

There are in fact multiple challenges facing organizations \u2013 many of which were witnessed first-hand during 2020 and the first part of 2021. These include:<\/p>\n

The human element<\/h2>\n

Ask any cybersecurity professional and they\u2019ll probably tell you that the weakest link in the corporate security chain is the employee. That\u2019s why we saw phishing campaigns repurposed\u00a0en masse<\/em>\u00a0during the early days of the pandemic to lure users desperate for the latest news about the crisis. In April 2020,\u00a0Google claimed<\/a>\u00a0to be blocking over 240 million COVID-themed spam messages each day, and 18 million malware and phishing emails.<\/p>\n

Home workers are more exposed<\/a>\u00a0because they may be distracted by housemates or family members, and therefore more likely to mistakenly click on malicious links. Contacting IT support or even getting a colleague to sanity-check a suspicious email is much harder when working remotely, while\u00a0personal laptops<\/a>\u00a0and home networks may also offer fewer protections from malware.<\/p>\n

Now that workers are returning to the office, there are understandable concerns that they may bring bad habits learned over the past 18 months with them.<\/p>\n

Technology and cloud-specific challenges<\/h2>\n

Also exposed during the pandemic has been remote working infrastructure: think exploits targeting unpatched VPNs and misconfigured RDP servers protected with weak or previously breached credentials.\u00a0ESET reported a 140% increase<\/a>\u00a0in RDP attacks in Q3 2020.<\/p>\n

The heavy adoption of new cloud services also drew the attention of threat actors last year. There are persistent concerns over vulnerabilities and user misconfiguration of SaaS offerings, as well as reports of stolen account passwords and anxiety over the commitment of some providers to security and privacy. It\u2019s telling that 41% of organizations polled by the\u00a0Cloud Industry Forum<\/a>\u00a0still believe the office is a safer environment than the cloud. Moreover, a hybrid workplace will arguably require even more shuttling of data between remote workers, cloud servers and office-bound employees. This complexity will require careful managing.<\/p>\n

How do I plan for a more secure hybrid workplace?<\/h2>\n

The good news is that, while securing the new hybrid workplace will be challenging, there are best practices that can guide CISOs. The Zero Trust model is gaining in popularity as a way to manage the complexity of on-premises and remote, cloud-based workers and systems.<\/p>\n

Led by internal deployments at\u00a0Google<\/a>,\u00a0Microsoft<\/a>\u00a0and other tech pioneers, it\u2019s based around the premise that the old notion of corporate perimeter security is now defunct. Today, devices and users within the corporate network are no longer to be blindly trusted. Instead, they must be dynamically and continuously authenticated, with access restricted according to \u201cleast privilege\u201d principles and network segmentation put in place to further limit potentially malicious activity. It will require multiple technologies to work effectively, from multi-factor authentication (MFA) and end-to-end encryption, to network detection and response, micro-segmentation and more.<\/p>\n

That may not be within the reach of every organization today, especially those with fewer resources to throw at the problem. In the meantime, there are some useful best practices\u00a0outlined here<\/a>. Before even thinking about new security controls and technologies, organizations must rewrite their policies for the new hybrid workplace. This should include access rights for individual employees, remote connection processes, off-site data handling, and users\u2019 cybersecurity responsibilities, among many other elements.<\/p>\n

Finally, while technical measures like prompt patching are obviously vital, so are human considerations. Regular training and awareness sessions, delivered via bite-sized lessons for all employees, are a crucial component to enhancing any organizations cybersecurity posture. They may be your weakest link, but staff are also your first line of defense.<\/p>","protected":false},"excerpt":{"rendered":"

The pandemic may finally be receding, but remote working is very much here to stay. The model that appears to be gaining most traction is a hybrid one, where most staff are allowed to spend some time working from home (WFH), but will also be required to come to the office for at least part […]<\/p>\n","protected":false},"author":1,"featured_media":139127,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51,53,157],"tags":[94026,92853,52379,52259,56792,94023,94021,94025,94022,94024,52056,83187,82727,65918],"views":141,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/139124"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=139124"}],"version-history":[{"count":3,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/139124\/revisions"}],"predecessor-version":[{"id":139129,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/139124\/revisions\/139129"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/139127"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=139124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=139124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=139124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}