Cyber security in a hybrid working world

Achi Lewis at Absolute Software explains how businesses can secure their devices in a work from anywhere world

 

The pandemic threw the working world into a frenzy, forcing in-house, desk bound workers – the majority – to now work from their own personal spaces. Organisations were provided with no warning, nor template to follow, in order to protect themselves and their employees from increased cyber threats.

 

Devices are no longer under one big company umbrella, within the safety of their buildings and systems, and what’s more is that staff are now working from their personal devices, drastically increasing the attack surface of organisations.

 

Cyber criminals are now looking to exploit potentially unprotected and unencrypted personal devices, causing havoc to an organisation’s security and data, often leading to huge financial and reputational loss. Research predicts that organisations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds in 2021.

 

With threats at an all-time high and hybrid working becoming a permanent feature of modern working life, ensuring outdated security measures are revaluated to serve the needs of our new working world is vital. Security processes must be scrutinised, and new supporting technology introduced, to allow for high quality, trusted protection. 

 

Managing the endpoint

Endpoint visibility has become increasingly hard to track, with a Cybersecurity Insiders report finding that the majority (60 per cent) of organisations are aware of fewer than 75 per cent of the devices on their network. Cyber attackers often target endpoint devices as a route of entry into a network, allowing them to move laterally once a successful breach has occurred and exploit further endpoints and applications.

 

To allow for secure and trusted security, sophisticated and planned management of endpoints is vital. Part of this process involves having the ability to freeze compromised devices and shut them off from the rest of the network to prevent further damage whilst the breached device is tended to.

 

Keeping up with Windows developments and updates can also reduce the vulnerabilities devices are exposed to. In fact, recent research from Absolute discovered that, on average, Windows 10 devices were 77 days out of date with their latest patching. Unpatched, unhealthy devices which are out of date give attackers opportunities to seek access.

 

Remote working has triggered a rise in applications, and ones that were once not needed, now play key roles in organisational success, seeing security controls increase and encryption applications installed more frequently.

 

An increase in apps means an increase in complexities, and a higher possibility of friction and failure. Surprisingly, research shows twenty-one percent of Microsoft Endpoint Configuration Manager (MECM) clients required repair or reinstallation within a 90-day period.

 

While deploying protections such as encryption, anti-virus and anti-malware is an important step in ensuring comprehensive security, but this alone is not enough. ‘Investing and forgetting’ can lead to a whole host of difficulties down the line. It is essential that organisations leverage self-healing to help applications recover if they are tampered with, disabled, or maliciously hit by an attack.

 

The need for resilient zero trust

Crucially, organisations need to leverage resilient zero trust solutions, giving themselves the ability to detect suspicious behaviour. With zero trust, suspicious devices are typically shut off from the network to immediately limit the potential for a breach.

 

However, with resilient zero trust, the focus is instead on establishing trust, protecting the network without the downtime associated with shutting off every device linked to suspicious activity. Rather than just securing and validating the identity of every connection to the corporate network, this validation also extends to the contextual security of the endpoint.

 

By relying on resilient zero trust, organisation can avoid disruption or denial-of-service to end users without administrator intervention, speeding up processes while prioritising end-point security.

 

Ensuring full protection for the future

While keeping staff desk-bound and in the realms of an organisation’s network may seem the easiest and most secure option, the benefits of hybrid working have been felt across the nation and jobs that are keeping up with the trend are in high demand. For organisations and their employees to enjoy a safe and secure balance of working in-house, as well as remotely, prioritising and understanding data risk management is key for this modern work life balance.

 

While this is by no means a straightforward task, IT teams cannot be relied on alone. Investing in technology that is readily available to allow transparency across endpoints and visibility of threats can ensure risks are detected, endpoints secured, and cyber criminals are prevented from breaching a network and causing major damage.

 

Organisations will be able to capitalise on this new era of working life, enjoying business models that embrace a modern make-up. With risk minimised, devices secure, and downtime reduced, hybrid working will continue to be welcomed with confidence.

 

---

 

Achi Lewis is Area Vice President EMEA for Absolute Software

 

Main image courtesy of iStockPhoto.com