Three in four organizations are currently utilizing a hybrid work model. Employers and employees alike feel this is the best path moving forward. However, only roughly one in five companies (21%) are fully confident their infrastructure security can support long-term remote work.
The Sungard Availability Services (Sungard AS) survey found that roughly 89% believe a mix of remote and in-office working is the ideal work situation following Labor Day.
This survey was conducted within the Pulse technology executive community from June 24, 2021, to August 1, 2021, where 200 North American IT, Information Security, HR, and Operations leaders responded, representing seven industries at the director level and above in North America.
Eighty-three percent of businesses intend to employ this working model in that same time span. Around three-quarters of organizations (74%) took input from both company leaders and employees into account when making decisions on working models.
While hybrid is the future of work, many companies are still approaching their network security as if all employees are in the office daily, says Heather Paunet, Senior Vice President at Untangle.
Untangle’s 2020 SMB IT Security Report, for example, revealed that the top two barriers to IT security are budget and employees who don’t follow the guidelines (for example, using the VPN regularly), and most SMBs allocate less than $1000 budget for IT security.
“Even with a major shift to committing to hybrid work, companies still aren’t increasing their budgets or doing enough to change employees’ behaviors, leaving areas of attack open to cybercriminals,” Paunet explains. “As workers moved to hybrid working, many added unknown software and applications to help while working remotely. While helpful at home, they could prove dubious once on the network. With the workforce spread out across locations, using various networks and devices, the attack surface grows dramatically and becomes an opportunity for cybercriminals. Because employees and their devices are not always behind an office firewall, workers who rotate in and out of the office could be bringing malware hiding in their laptops, waiting to move onto the corporate network.
Another mistake that companies continue to make is only protecting part of the network. Paunet adds that an example of how companies continue to make the mistake of only securing part of the network is the 2015 Landry data breach, which affected the company’s point-of-sale terminals. Though Landry’s put in place systems so that this type of breach would not happen again, they were breached once again. This time, from a different point of entry that was still not secured.
Paunet says, “Companies can ensure protection by auditing their whole networking infrastructure and assessing everything that might be vulnerable, and then making a plan with a multi-layered approach to ensure that there are no exposed attack surfaces. To protect their networks, employees and critical data, companies will also need to invest in technology and create new safety protocols to keep their networks safe as employees rotate in and out of the office. This should include effective policies such as network segregation and zero-trust. While perhaps not popular with employees, they are important to keeping networks safe from attacks.”
The Sungard AS study also showed that although less than one in 10 (7.5%) are very confident their security protections against phishing and ransomware attacks are adequate in a largely virtual environment, the vast majority of respondents agree that good security is a must-have for employees to be successful when working from home. Security software that keeps work devices secure (79%), an easy-to-use system that enables employees to share files securely (76%), IT support that specializes in supporting remote workers (71.5%), and high-speed internet connection (60%) are all considered essential items for remote employees.
Businesses still have more work to do to build a more resilient and sustainable remote working environment. The data shows that 43% of business leaders need to provide employees with improved or more technology to support a thriving remote working environment. Almost every organization (97%) noted plans to adjust their business continuity plans to account for a more permanent remote working environment.
John Morgan, CEO at Confluera, says, “There is a general skepticism and concern in the industry today regarding cybersecurity partly due to the recent high profile breaches but also the fact that many organizations do not have a well planned cyber security strategy. In the haste to support the remote workforce at the start of the pandemic, many organizations took the “user productivity first” mentality that sacrificed, among other things, security. When the remote work model got prolonged, organizations began to address security concerns, especially regarding the cloud, but an overarching security strategy was still lacking.
Fortunately, many organizations are now coming to terms with the long-term remote work model and are starting to address it as part of their ongoing business requirements. With many organizations adopting the cloud, often at an accelerated pace than initially planned, they have lost ground in their overall security posture. Extending existing approaches to the cloud and hoping for the best will not be successful in the long run. It’s also important for organizations to share their security strategy and initiatives to instill employee confidence.”