Many enterprises have allowed many of their employees to work from home due to the pandemic. Unfortunately, even with the availability of vaccines, the pandemic does not show signs of going away. However, life must go on, and the economy must survive, so the Government allowed industries and businesses to operate, even with limited capacity.
Thus, the scenario is now the new normal. In the early days of the pandemic, companies offered their employees to work from home or go on a limited-hour shift so the business could continue, and the staff could still draw a salary.
But the year and a half of working from home show signs of fatigue. The current technology that supports work-from-home arrangements (WFH) is becoming less effective. In addition, remote workstations are not suited for collaboration, spontaneous interactions, and the growth of office culture. The WFH arrangement is productive for some employees, but some workers do not have a suitable environment to work at home.
In a late 2020 workplace survey of Gensler, they found out that 52 per cent of workers in the US prefer a hybrid work solution. This means they want to combine time working from home and working in the office. With the easing of public health and safety protocols, many companies now implement a hybrid workplace model. This more flexible solution supports a distributed workforce of both remote and in-office workers.
Cybersecurity nightmare potential
The hybrid workplace arrangement is beneficial to companies and workers because the working days in the office and at home are flexible and more balanced.
But the arrangement is a nightmare for cybersecurity personnel. The new structure means they have to secure the office environment and the remote work environment. This is a serious situation because the employees use various tools and personal devices, from email, conference tools, and collaboration tools to laptops, desktops, mobile phones, and tablets. In addition, they will access and send data, communicate online, and use the internet most of the time.
The arrangement exposes their access to data and their devices, becoming a fertile minefield for hackers. In addition, as most companies allow their employees to bring their own devices from their homes to the office and connect to the company network, they are more exposed to cybercriminals and can be infected with malware easily.
A worker may be a victim of phishing. Hackers can harvest the worker’s login information for all the devices the employee uses and those belonging to colleagues. Later, hackers can control their devices to launch various forms of attack and use the compromised devices to launch distributed denial-of-service (DDoS) attacks, which flood the target resource or network with massive amounts of traffic from distributed sources, which are mostly hijacked devices. This example explains the DDoS meaning in simple terms and illustrates why it’s challenging to provide network security with a hybrid workplace setup.
In the previous months, security officers protected the remote workforce because they were in single locations. They made sure that employees were able to work securely. But with the hybrid work environment, the situation will change once again as employees will constantly be shifting. New hires will also be entering the company, and projects that were put on hold for the past several months will resume. Now they are faced with providing security support to the changing mix of remote workers and office workers, along with home and office devices.
It’s a given that corporate security officers face more challenges due to the pandemic as the occurrence of cyberattacks increases. A Forbes article features alarming statistics about cybercrimes and the pandemic.
- About 80 per cent of senior IT leaders think their organisations still lack adequate protection against cybercrimes even if they increase their IT security investments in 2020 to handle work-from-home and distributed IT challenges
- Identity theft doubled in 2020, according to the US Federal Trade Commission, which said that they received 1.4 million identity theft reports last year
- As of 2020, the average cost of a data breach reached $3.86m
- Over 80 per cent of reported security breaches come from phishing attacks
- In the first half of 2020, about 4.83 million DDoS attacks occurred, translating to 18 attacks per minute or 26,000 attacks per day. Netscout reported that DDoS attacks in the first half of 2021 increased by 11 per cent over last year, reaching a record of 5.4 million.
Protecting the hybrid work environment
Remote users are vulnerable to cybercriminals because many remote workers are overwhelmed by the need to keep track of their account login information. In addition, they may have bad cyber habits, short attention spans, and apathy that make them forget about the importance of securing their network.
Security teams have to ensure that the employees’ different machines are up to speed by implementing the latest updates on the software they use. The process may take some time because the security officers will have to deal with the current users working from home. The bulk of their work will be office devices that were turned off for more than a year. These devices were not able to download several patches. The company has to ensure that these computers are secure before allowing the hybrid workforce to go back to the office.
Quarantine personal devices
As mentioned, most work-from-home employees are lax about securing their devices. Since they own the machines, they may be connected to public wireless networks, often considered insecure. As they will be allowed to bring their devices to the office, the security team should quarantine them. They should establish a quarantine network, which will prevent employees from connecting with the corporate network system until the personal devices are scanned to ensure they are not infected with malware, and security patches are installed.
Employ zero trust
It is often said that companies should provide their employees with network security training. But training does not always work. Typically, you secure the company network. But with the hybrid work system, employees connect and disconnect from the corporate network, leaving them open to possible attacks once they are outside the perimeter of cyber defense. Aside from instituting a multi-factor authentication system, the most viable method is to have zero trust. It runs in the background and continuously verifies whether users have clearance to access specific files or systems.
It will be a challenge to protect a company’s network and the hybrid workers. The most viable solution is to work with a cybersecurity expert to handle the different demands of the corporate and hybrid work environments. You need to accept the reality that it is not possible to prevent a DDoS attack. However, you can still provide a more robust defense by monitoring traffic to identify abnormalities, using third-party DDoS protection, installing a VPN, and the suggestions above.