The growing popularity of hybrid work-set-up among organisations has given birth to new opportunities, obstacles and challenges.
One main challenge for organisations with hybrid workers lies in providing secure networks. Forbes posits that IT departments face more cybersecurity challenges in hybrid workspaces than ever.
“Every business is a potential target for cyberterrorists, which means you can never be 100% secure. However, the key to a secure environment is ensuring that your business networks are secure on any device your employees use,” notes Marius Mihalec, a member of the Forbes Technology Council and the founder of Pulseway.
In a recent discussion with FutureCIO, Yien Wu, head of SSEA & ANZ at CDNetworks, and George Gerchow, the CSO and SVP of IT at Sumo Logic, discussed cyber threats that hinder the ability to deliver quality content and seamless experience, balancing zero trust and productivity, and securing network access in organisations.
Fighting against cyber threats
CDNetworks’ Wu acknowledges that organisations face various cyber threats that can impact user experience, including DDoS attacks, bot attacks from sources like Xor DDoS and Mirai, ransomware, and API abuse.
The State of Web Application and API Protection 2022 report by CDNetworks reveals the escalating threat of such external attacks, with an average of 439,200 DDoS attack incidents monitored and intercepted daily, and a year-on-year increase of 103.8%.
“Concurrently, internal dangers, such as data breaches and phishing campaigns, compromise the integrity of an organisation's operations. With botnets evolving and internal vulnerabilities emerging, robust security becomes crucial for organisations aiming to consistently deliver quality content and maintain user trust,” Wu says.
Gerchow adds that any type of cyberattack can impact an organisation. “With the growing value of data, especially from the explosion of generative AI, zero-day attacks can cause more damage than ever before,” he says.
He explains these attacks not only cause loss of company data but also prevent access to organisational assets, limiting and putting a halt to operations.
Moreover, monitoring how workers use devices and organisational assets has become challenging. “Employees will also continue to use their devices for personal and professional purposes, increasing opportunities for external phishing attacks,” Gerchow says.
Development of enterprise cyberattack surface
Wu says that the enterprise cyberattack surface has dramatically expanded due to the rise of hybrid work and increased reliance on cloud services.
Integrating technologies such as IoT and the widespread adoption of remote work have introduced more vulnerabilities. Employees accessing applications from various locations and devices create diverse potential entry points for threats.
Yien Wu
Moreover, he says VPNs and other “traditional security measures tailored for static environments are ill-equipped to tackle the nuanced security challenges of modern, fluid workspaces.”
To keep pace with digital transformation, Sumo Logic’s Gerchow says that cloud migration is necessary. However, it also increases the attack surface.
“Cloud environments can also be more complex to secure if the right solutions are not in place. At the same time, some organisations moved to the cloud quickly with little education about the shared responsibility model and their role in securing their cloud environments,” Gerchow explains.
Additionally, he opines that with the rise of remote work, employees are more prone to use personal devices for work while still learning to identify sophisticated phishing attempts.
“As a result, organisations may not know where to start securing system access or have the right resources in place,” he concludes.
To build a strong network security foundation and reduce manual errors and security team workloads, Gerchow suggests harnessing automation and security solutions.
Striking a balance: zero trust and productivity
Wu posits that embracing zero trust can enhance employee efficiency. “A zero trust solution based on a global SD-WAN network bolsters productivity, as it allows employees to gain fast and stable access from anywhere,” he says.
He reminds the importance of selecting user-friendly tools with features like multi-factor authentication, network segmentation, and data monitoring that can ensure security and streamline management.
“Moreover, a focus on scalability and visibility readies organisations for future challenges. Pairing this with comprehensive cybersecurity training empowers employees, merging robust security with heightened productivity,” says CDNetworks’ Wu.
“Zero trust is a journey and an important concept to prevent attacks, but also result in high overhead costs, extensive staff education, and lower productivity due to systems requiring more employee verification to access company resources or complete tasks,” explains Gerchow.
He says that organisations can leverage the awareness of zero trust limitations for both safety and productivity. The Sumo Logic executive also reminds us that zero- trust is a journey.
I think 100 percent zero trust implementation is more of an ideal for modelling security practices, rather than a tangible goal.
George Gerchow
He recommends prioritising identity and access management approaches tied to Security Information and Event Management (SIEM) logging and using other log data.
Securing network access
Wu recommends organisations to adopt a comprehensive strategy to secure network access, such as embracing Zero Trust Network Access (ZTNA) which mandates continuous authentication and verification of users and devices.
He also suggests continuous monitoring for early threat detection and prompt incident response and deploying a globally distributed network that offers enhanced protection against DDoS attacks and facilitates secure remote access.
“Data encryption, protection of resources through security gateways, and safeguarding applications with cloud-based web application firewalls (WAF) are also critical. Lastly, solutions must ensure seamless integration across different hosting environments while being scalable to accommodate growth,” he says.
“Security teams must already manage an evolving attack landscape, coupled with budget and staffing cuts. The last thing to add to their plate is alert fatigue from too many tools,” says Gerchow.
He says that Cloud Infrastructure Security is critical to gain a unified view of all cloud infrastructure, especially with more organisations migrating to the cloud.
Securing networks for hybrid workers
The hybrid work set-up started as a means for health safety during the pandemic. As it continues to grow in popularity due to its flexibility and convenience, cyber safety should also take the top priority, post-pandemic.
“With a robust plan in place, businesses can be prepared to mitigate risk and respond to threats before they prove to be costly,” concluded Marius Mihalec, CEO and founder of Pulseway in the Forbes article.