Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Top 5 cybersecurity challenges in the hybrid office

By Steve Durbin
cyber-security (1) freepik
June 16, 2021

The pandemic has caused a tectonic shift in how we live and work. Many companies are slowly returning to offices while an estimated 40% of the U.S. workforce continues to work remotely. A year into the pandemic and one thing is crystal clear, the future of work is hybrid.  83% of employers attest to the fact that their shift to remote work has been extremely successful and in fact, 82% of company leaders are planning to allow employees to exercise “flex days”, where workers can work from the convenience of their homes. Employees too have expressed a preference for a blend of home and office with research suggesting hybrid workplaces result in better workplace outcomes.

Regardless of whether employees are on-site or remote, this convenience is now a permanent cyber-risk for businesses. Listed below are the top 5 challenges in this new hybrid environment:

 

  1. Remote work infrastructure is facing a rising barrage of cyber-attacks

To enable remote working, companies are increasingly relying on cloud technology and leveraging the use of remote connectivity tools like VPN. Cyber-attacks on cloud services have grown more than 600% while hackers continue to exploit vulnerabilities in VPN gateways. A number of brute-force attacks on Windows Remote Desktop Protocol (RDP) is also rising significantly. In February 2021 there were 377.5 million brute-force attacks worldwide in comparison to 93 million at the beginning of 2020.

 

  1. Remote workers are easier targets

Weak or no home Wi-Fi security, laptops shared amongst family members, absent firewalls, unsecure mobile devices, poor security hygiene, etc. are some of the nightmares that security professionals face on a routine basis with remote workers. Remote workers also have lack of internet connectivity or lack of bandwidth which delays software-update patching and this could leave weak points open for cybercriminals to exploit. The use of unauthorized software and shadow IT can also jeopardize a business's entire cybersecurity posture.

 

  1. Need for stronger data protection and authentication

Data protection of sensitive information becomes a lot harder across the expanded internet-based perimeter. Access to sensitive data requires a stronger set of checks and balances than you would normally use in a standard traditional office environment. It’s easy for attackers to fake a digital identity and hijack data from a secure environment. Personally Identifiable Information (PII), emails, browsing habits and website visits, online purchases and financial content, social media and dark web data dumps can be easily leveraged to emulate a virtual identity.

 

  1. Absent physical security and monitoring of virtual workspaces

One of the reasons why physical offices of large businesses are brimming with security personnel is because the infrastructure helps manage the disposal of confidential information in its physical form. For example, entry barriers can help prevent tailgating while paper shredders can  help destroy physical assets that might contain sensitive information. In a digital world, managing the information lifecycle also becomes an important element as holding data for longer periods of time is both a high-risk policy and a liability.

 

  1. Human-centered security is taking a back seat

Home distractions are a major cause of security errors and the data from lockdowns prove it. Workers are prone to social engineering scams like phishing and vishing. One wrong move can instantly result in a breach, causing significant financial damages and irreversible loss of reputation. Cybercriminals have a deep understanding of human psychology and stress-related pandemic issues. In 2020 alone, Google registered a record two million phishing websites whereas ransomware attacks increased by seven-fold.

 

Getting the cybersecurity foundations right in the new hybrid workspace

Similar to the hybrid office, managing cyber-risks too needs a hybrid approach -- one that is a mix of technical controls and user behavior training that is secure by design. Here are two main foundational elements:

  1. Address the softer side of cyber: It’s important that businesses understand and apply psychological theory to influence behavior of its employees so that they follow cyber hygiene best practices and avoid putting the business at risk. There are two key areas where this improvement should be focused:
    1. Transformative Security Education, Training and Awareness: Ongoing security awareness training and live simulation exercises that develop muscle memory or instinctive behavior for employees to recognize, foil and report social engineering attempts.
    2. Secure behavior by design:  Developing security tools and techniques that have cybersecurity built-in, not bolted on. For example: incorporating visual guidance or inconspicuous cues and nudges to gently guide individuals in making sound security decisions.

 

  1. Applying risk-based techniques: Risk management is a continuous and ongoing process in a hybrid office environment. Here are two key areas of focus:
    1. Modular assessments: A modular, scenario-based risk assessment approach ensures you don’t have to reinvent the wheel every time the threat landscape evolves. Start by creating a behavioral baseline and set benchmarks for improvement. Once you have consolidated and prioritized cyber risks, chart out a plan to implement your controls.
    2. Evolve architecture with your business goals: Technology and architecture should not be static and that’s why this is a more ongoing, dynamic, evolutionary process. Once you have assessed performance gaps and identified potential vulnerabilities, technology and tools must also evolve with the identified priority areas. Technologies that have come to the forefront which are worth looking at include zero-trust architecture, User and Entity Behavior Analytics (UEBA) and Virtual Desktop Infrastructure.

The pandemic may not have invented new cyber-threats however the emergence of the hybrid office has certainly dialed up the volume. While humans are the weakest link in any cybersecurity program, they are also its strongest defense. A hybrid approach to cybersecurity that brings together the best of both worlds – awareness and technological controls, is certainly poised to take center stage in this new hybrid environment.

KEYWORDS: cyber security hybrid workforce information security remote work risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Steve durbin ceo isf
Steve Durbin is CEO at the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments. Previously, he was senior vice president at Gartner.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-data-freepik1170x658x82.jpg

    7 steps to combat cybersecurity threats in times of instability

    See More
  • New survey reveals insider threats more of a risk than external threat actors amid COVID-19 and race to work remotely

    Conquering security challenges in the hybrid workplace environment: The BYOD variant

    See More
  • 5 minutes with Jain

    5 minutes with Vishal Jain - Navigating cybersecurity in a hybrid work environment

    See More

Related Products

See More Products
  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • databasehacker

    The Database Hacker's Handboo

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!