How can business leaders mitigate cyber risk in hybrid working environments?

By on
How can business leaders mitigate cyber risk in hybrid working environments?
It’s clear that hybrid work models and a digital-first economy have brought cybersecurity front and centre.
Photo by Anton Maksimov juvnsky on Unsplash

With much of Australia opening its borders for international travel, life is certainly starting to feel more ‘normal.

For business leaders though, there’s still much debate surrounding what the future workforce will look like. There are some key questions being asked about how to redesign the workforce whilst maintaining employee flexibility and productivity along with ensuring enterprise data remains secure.

While the discussion continues to evolve, one thing is certain - remote work won’t be disappearing altogether. New data, drawn from ‘Beyond Boundaries: The Future of Cybersecurity in the New World of Work’, a commissioned study conducted by Forrester Consulting on behalf of Tenable, found that 59 per cent of Australian businesses plan to make remote work permanent in the next one to two years.

In thinking about the shift to a permanent hybrid workforce, there’s a bigger issue that needs to be addressed. Tenable’s research found that over the past 12 months, 73 per cent of Australian organisations were victims of cyberattacks targeting remote workers, and 70 per cent suffered an attack that resulted from vulnerabilities in systems put in place in response to the pandemic.

What’s more, over the next two years, organisations in Australia will be enhancing existing digital platforms (65 per cent), creating new digital platforms (57 per cent) and moving non-critical business functions to the cloud (55 per cent) to ensure employees have the right tech stacks to work efficiently in a hybrid environment.

As leaders look to navigate their future workforce strategy, here, I highlight the top cybersecurity priorities, and how leaders can combat increasing threats.

Redefine what constitutes as cyber risk

In Australia, the research found that two in five security leaders lack visibility into remote employee home networks and their connected devices, and a meagre 29 per cent felt they had enough staff to adequately monitor the attack surface. The research highlights the difficulty of maintaining visibility into the newly distributed work environment.

Given the attack surface is continuing to expand, and leaders clearly lack visibility, it means the notion of risk must now be reevaluated. In practical terms, this means gaining a better understanding and vetting of vendors in the supply chain, consistently evaluating third-party and contractor access to data and continuously scanning the environment for unmanaged assets connecting to the corporate network.

On top of this, gaining visibility and insight into the overall risks surrounding software vulnerabilities and misconfigurations will help better prioritise the vulnerability management processes, and viewing employees within the context of risk will limit insider threats and simple employee mistakes.

Establish risk profiles

Roughly nine in 10 Australian remote workers are connecting six or more devices to their home network, with many accessing financial records (43 per cent) and customer data (51 per cent) from a personal device. It’s becoming increasingly hard for businesses to protect valuable data. 

These changing conditions mean businesses must now take a more adaptive approach to evaluate how users are configured and managed. Establishing risk profiles that adjust security measures, based on changing conditions, behaviours or locations, is now essential to protect data and intellectual property. Such risk profiles should include behaviour data to identify whether or not an employee is truly who they say they are - as an example, verifying users by identifying the way they hold their device or swipe a touchscreen.

Adopt a Zero Trust Model

There was a time when it was sufficient for remote employees to log into a businesses’ system using a VPN and a strong password. However, this isn’t enough anymore. Businesses must now continuously monitor and verify every attempt to request access to data at all levels, whether that happens through a device, app, user or network attempting connection. Without this level of security, visibility, and segmentation, attackers can leverage vulnerabilities in the environment, move laterally, and infect other assets.

Today, businesses require multiple levels of authentication to enable employees access to company information, and this includes both checks of something they have (device compliance check) or something they are (fingerprint). While the adoption of a zero trust model - in which a business does not automatically trust anything inside or outside its perimeters - doesn’t happen overnight, it can play a vital role in an organisation’s overall cybersecurity strategy.

It’s clear that hybrid work models and a digital-first economy have brought cybersecurity front and centre but this means it’s time for business leaders to step up and adapt accordingly. It’s now critical that Australian business leaders are putting the systems and processes in place to ensure the safety of their employees, customers and the business overall - both in the physical and digital worlds.

Scott McKinnel is Country Manager for ANZ at Tenable.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?