Orgs Lack Confidence in Long-Term Hybrid Work Security

Just one in five companies are fully confident their infrastructure security can support long-term remote work, according to a survey of 200 North American business leaders conducted by the research firm Pulse on behalf of Sungard Availability Services.

The survey found nearly nine in 10 (89%) of organizations believe a mix of remote and in-office working is the ideal work situation, while 83% of businesses intend to employ this working model in that same time span.

Around three-quarters of organizations (74%) said they took input from both company leaders and employees into account when making decisions on working models.

Skepticism and Concern

John Morgan, CEO at Confluera, said there is a general skepticism and concern in the industry today regarding cybersecurity, partly due to recent high-profile breaches but also the fact that many organizations do not have a well-planned cybersecurity strategy.

“In the haste to support the remote workforce at the start of the pandemic, many organizations took the ‘get it working first’ mentality that sacrificed, among other things, security,” he said. “When the remote work model got prolonged, organizations began to address security concerns, especially regarding the cloud, but an overarching security strategy was still lacking.”

Morgan said on the bright side, many organizations are now coming to terms with the long-term remote work model and are starting to address it as part of their ongoing business requirements.

“With many organizations adopting the cloud, often at a more accelerated pace than initially planned, they must evaluate the appropriate security solutions designed for the unique challenges of the cloud,” he said. “The approach of extending existing approaches to the cloud and hoping for the best will not be successful in the long run.”

He pointed out it’s also important for organizations to share their security strategy and initiatives to instill employee confidence—something the survey indicated employers are actively doing.

Kevin Dunne, CEO at Pathlock, noted many companies struggled to enable remote work at the start of the pandemic.

“Remote work is a different animal altogether than allowing customers to access on-premises assets when connecting in-person on the local network,” he said. “Nevertheless, infrastructure and security teams were pushed into making quick fixes to allow access from anywhere, with enough bandwidth to support thousands of users now connecting remotely each day.”

He pointed out these solutions typically focused on making on-premises applications available via the public internet, leaving several security vulnerabilities open and requiring even more maintenance effort than before.

“Now, infrastructure and security teams are trying to catch up and cover the loopholes that were created during this accelerated process of allowing remote work,” he said. “This go-around, teams are looking at more sustainable methods of enabling remote work, like shifting applications to vendor-maintained SaaS infrastructure.”

From Dunne’s perspective, these are longer-term, more effort-intensive initiatives, but they ultimately result in a more sustainable, secure remote work environment.

Catching up to the Future of Work

Heather Paunet, senior vice president at Untangle, pointed out that while hybrid is the future of work, many companies are still approaching their network security as if all employees are in the office daily.

Untangle’s own 2020 SMB IT Security Report revealed that the top two barriers to IT security are budget and employees who don’t follow the guidelines–for example, using the VPN regularly.

According to that survey, most SMBs allocate less than $1000 in their budget for IT security.

“Even with a major shift to committing to hybrid work, companies still aren’t increasing their budgets or doing enough to change employees’ behaviors, leaving areas of attack open to cybercriminals,” she said.

Paunet said as workers moved to hybrid working, many added unknown software and applications to help while working remotely.

“While helpful at home, they could prove dubious once on the network. With the workforce spread out across locations, using a variety of networks and devices, the attack surface grows dramatically and becomes an opportunity for cybercriminals,” she said. “Because employees and their devices are not always behind an office firewall, workers that rotate in and out of the office could be bringing malware that is hiding in their laptops, waiting to move onto the corporate network.”

She said companies can ensure protection by auditing their whole networking infrastructure, assessing everything that might be vulnerable and then making a plan with a multi-layered approach to ensure that there are no exposed attack surfaces.

“To protect their networks, employees and critical data, companies will also need to invest in technology and create new safety protocols to keep their networks safe as employees rotate in and out of the office,” she said. “This should include effective policies such as network segregation and zero-trust. While perhaps not popular with employees, they are important to keeping networks safe from attacks.”

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 243 posts and counting.See all posts by nathan-eddy