AI and Machine Learning in Security AI and ML in Security Application Security Cloud Security Cybersecurity Data Security Malware Security Awareness Security Boulevard (Original) Threats & Breaches Vulnerabilities 

The Essential Guide to Securing Hybrid Workplace Environments

Avatar photo by Toni Buhrke on February 20, 2023

From here on out, hybrid and remote work are here to stay. Unfortunately, this seismic shift in the way we work has expanded the attack surface for opportunistic cybercriminals. Mimecast’s 2022 state of email security report (SOES) found that 72% of respondents experienced an increase in email-based threats over the previous 12 months. And in 2023, ransomware damages are expected to exceed $30 billion globally—making the need to secure hybrid workplace environments more urgent than ever.

The increased prevalence of malicious cyberattacks has caused many organizational leaders to view them as inevitable, driving a focus on mitigation rather than prevention. But reactive measures alone won’t be enough to protect organizations as threats increase in volume, velocity and complexity. By streamlining traditional human-based workflows, improving the accuracy of threat detection and prevention, and fostering company-wide cyber engagement, organizations can take proactive steps to work protected across an evolving threat landscape. From a cyberinsurance perspective, these preventative measures also help organizations minimize premium increases and avoid coverage loss.

Strong Cybersecurity Posture Amid Emerging Risk-Laden Hybrid Work Environments

Below are four key facets of a strong cybersecurity posture amid emerging risk-laden hybrid work environments.

1. Advanced email and collaboration security solutions

With employees scattered across locations near and far, there’s an increased reliance on email, video conferencing, and other collaboration tools. As digital communication volume increases, however, so does risk. The average data breach cost businesses $9.44 million in 2022 (up from $8.19 million pre-pandemic), heightening the importance of securing the critical data assets threat actors covet.

Investing in systems that address the hybrid environment’s critical vulnerabilities, such as advanced email and collaboration security solutions, is the foundation of any cybersecurity strategy. Organizations must invest in pervasive email security services that provide protection both at and beyond the email perimeter, as well as cloud services like Microsoft 365 and Google Workspace. Effectively leveraging best-of-breed solutions is also reliant on cultivating organizational cyber engagement from the top down and having a C-suite that prioritizes budget allocation towards email and collaboration security tools.

2. AI-powered automation tools

The use of AI in cybersecurity is gaining popularity in a post-pandemic hybrid work culture. The 2022 SOES found that 46% of organizations are already leveraging AI technologies, with another 46% planning to follow suit.
AI-powered cyber defenses help streamline work for security teams, reduce human error, optimize critical data center processes, and enhance threat prevention, detection, and remediation—making the technology a must-have facet of a strong cybersecurity framework.

The value-add for hybrid and remote environments is clear. Since the onset of the COVID-19 pandemic, cybercriminals have increasingly capitalized on a lack of face-to-face business interactions to deploy phishing attacks posing as remote coworkers or IT assistance. AI and machine learning technology can mimic human intuition by detecting anomalies in grammar usage, writing style, or communication patterns, blocking malicious messages and alerting employees accordingly. AI-enabled automation also streamlines monotonous tasks, allowing for more efficient threat mitigation by freeing up time for overworked security teams to focus on high-impact tasks.

3. User awareness training tailored to hybrid employees

90% of security breaches involve some degree of human error. Proactive user awareness training is essential in mitigating employee risk and bolstering the human firewall; in fact, employees who consistently receive training are five times more likely to identify and avoid malicious links. In order to foster cyber engagement that protects business-critical assets across disparate corporate, home, and on-the-go offices, cybersecurity must be established as a team sport within the organization.

Effective cybersecurity training, on top of being frequent and engaging, should be tailored to specific threats facing hybrid and remote workers. In the same way the healthcare threat landscape might vary from that of the education sector, security issues and needs of fully remote employees will vary from those working in a hybrid or in-office setting. Employees working out of sight from their bosses at home, for example, are more likely to use company-issued devices for personal use, thus broadening their risk profile. Remote employees might also find themselves working from coffee shops on less secure public wi-fi networks, which comes with additional security considerations.

Training should tackle these specific needs and instill a culture of accountability where cybersecurity is a top priority no matter the work environment. To enforce a true team sport approach, training must also frame employees as key assets in protecting the organization from email-borne attacks.

4. Strong API integrations library

In cybersecurity, complexity often breeds complexity. As the hybrid work attack surface continuously evolves and expands, so may the arsenal of tools an organization enlists to thwart off attacks. Industry reports put the average number of security tools in an enterprise at a staggeringly high 75, making for a disparate and overly complicated security framework that puts a strain on the employees tasked with monitoring it.

This makes tool consolidation essential. And yet, integration is vastly overlooked, with only 28% of organizations integrating into a SOAR or SIEM platform to orchestrate their ransomware response, according to Mimecast data.

To streamline practices without sacrificing efficacy, organizations should invest in best-in-class email and collaboration security tools that provide a deep library of API and third-party integrations. Consolidation allows organizations to work smarter, not harder, with the added benefits of improved threat protection via shared threat intelligence, enhanced efficiency via automation, and better prevention via consolidated tool data.

Conclusion

There isn’t a one-size-fits-all approach to protecting hybrid work from cyberthreats. And while it’s true that cyberattacks are inevitable to some degree, enterprises can vastly reduce their likelihood and resulting financial and reputational damage. With advanced email and collaboration security, AI automation, targeted user awareness training, and improved threat sharing across API integration libraries, organizations can develop a resilient security posture that enables them to work protected.

Toni Buhrke , , , ,
Avatar photo

Toni Buhrke

Toni Buhrke is a Director of Sales Engineering at Mimecast with more than 20 years of experience in the cybersecurity industry. Together, Toni and her team are responsible for designing customized email security solutions for Named and Enterprise customers in the Eastern region of the U.S. Prior to joining Mimecast, she was a Global Director of Systems Engineering at Forescout Technologies. During her 12-year tenure there she led various systems engineering teams focused on helping commercial and public sector organizations and channel partners architect and deploy security solutions to protect complex networking environments. Throughout her career, Toni’s focus has always been on bridging the gap between technology and her customers. She has a Master of Business Administration (MBA) and is a Certified Information Systems Security Professional (CISSP). Toni is also very active in Women in Technology initiatives throughout the industry.

toni-buhrke has 1 posts and counting.See all posts by toni-buhrke