Hacking hybrid: Closing security gaps in a distributed workforce 

When, where, and how we work has evolved. And in the past few years, the rise of flexible working patterns has helped improve employee wellbeing and created new opportunities to innovate. According to the Office of National Statistics, 44 percent of people in the UK work in a hybrid model -- making it almost as common as commuting to the office.

At the same time, these new freedoms have ushered in new priorities for security teams. Securing the enterprise is now more complex because the perimeter has become blurred. To address this, focus must be put on securing endpoints, such as PCs and printers -- the "ground zero" for most attacks. New cybersecurity strategies are needed to prevent, detect, and contain cyber-threats, but also enhance remote PC management to mitigate the risks associated with lost or stolen devices.

The endpoint: a cybercriminal’s first stop?

The endpoint is the center of the hybrid worker’s world. But whether it’s a laptop, tablet, PC, or smartphone -- or associated peripherals like printers -- these devices can be a favored point of entry for attackers. According to new research and a hybrid security report from HP Wolf Security, 84 percent of UK security leaders operating a hybrid work model have gaps in their organization’s security posture. And it’s easy to see why. In fact, 86 percent of security leaders say the endpoint is the source of most security threats and where the most business-damaging cyber-threats occur.

The endpoint is positioned at the intersection between fallible users and vulnerable technologies -- making it a key target. And because devices frequently don’t receive the protection provided by the enterprise perimeter, hybrid work exacerbates the problem. Remote workers’ devices and machines can be left unpatched and without adequate protection. Local networks may be misconfigured and potentially compromised.

And then there’s the risk of employees being in a more relaxed environment with no colleagues to consult, making them more susceptible to clicking on a risky link or opening an attachment containing malware. In fact, 74 percent of IT and security leaders say the greatest cybersecurity weakness in their organization is the potential for hybrid employees to be compromised. They cite phishing, ransomware, and attacks via unsecured home networks as the top risks. Employees also aren’t just working from home  -- they’re also in cafes, airports and perhaps even living the digital nomad lifestyle abroad.

The good news is that organizations appear to be focusing their investments on securing hybrid work. 81 percent of security leaders have increased budgets specifically for hybrid workers, and 66 percent expect this focus to increase further in 2023. However, it’s critical that budget is targeted at the right tools, focusing on making the endpoint front and center of any hybrid security strategy.

Where’s your work laptop?

With workers on the move more than ever, the risk of human error increases. And there will always be eagle-eyed thieves on the lookout for devices they can grab. This only increases risk, especially in highly regulated sectors such as government, where a lost or stolen laptop could represent a national security risk. 

In the hybrid era, it has become both more complex and necessary for IT and security teams to manage devices remotely. Cloud technologies have helped to reduce the workload, but they’re not 100 percent effective. Some 75 percent of security leaders say hybrid work increases the risk of lost or stolen devices. But what happens when remote machines are powered down or offline? Finding or securing the data on these devices could be impossible, which is a significant risk if they contain personally identifiable information (PII), intellectual property (IP), or trade secrets.

Keeping connected

Over the next year, 61 percent of organizations feel protecting their hybrid workers will get harder. But it doesn’t need to. So how can IT managers mitigate these concerns?

Step one is to find a new way to connect with remote computers over cellular networks, so devices can be managed even when turned off or offline. This would allow security teams to connect with lost or stolen devices -- and then lock and wipe them. As well as reducing the risk of data breaches, this could even lower IT costs by reducing the need for PC remediation or replacement. A more resilient and secure connection to remote computers will also reduce the time and effort needed to resolve support tickets. Teams can accurately report where and when devices went missing and how long it took to lock or erase them.

It’s time for a new approach to hybrid workplace security. Security teams need the ability to take account of the nuanced risks and challenges that characterize more flexible working. Around 78 percent of organizations already claim to have deployed different tools and policies to protect hybrid working staff. But what’s key here is that these tools and policies require a move away from old perimeter-focused thinking. Now, the endpoint must become the focus for applying protection in the hybrid era. Adopting hardware-enforced security features and protection above, in, and below the OS -- such as application isolation -- will be key for protecting users without infringing on the freedoms that hybrid work allows.

By enhancing remote management and adopting hardware-enforced security, organizations can unlock user productivity without inviting extra cyber risk. At a time when sustainable growth is critically important to all businesses, we must optimise the hybrid workforce.

Image credit: denisismagilov/depositphotos.com

Dave Prezzano, Managing Director, Northwest Europe at HP Inc. HP has been working on creating a type of IT management connectivity solution, and their new HP Wolf Connect service now enables IT to manage devices even when powered down or offline.