Savvy security needs SASE: Addressing the security challenges organizations are grappling with

With the threat landscape becoming increasingly sophisticated, companies need agile approaches to improve their defenses and mitigate risks. After all, hackers are adapting their strategies and introducing new tools and technologies to improve their success rates. The resulting rise in cyber-attacks is evident in Xalient’s latest research report ‘Why SASE is the Blueprint for Future-proofing Your Network in 2025 and Beyond’, where  a staggering 99 percent of respondents say they have experienced an attack in the last 12 months.

It is no surprise that cyber security is gaining attention from across the C-suite, with 58 percent of CEOs considering cyber-attacks a very big threat to business operations, as PwC's 25th CEO Survey finds. With security moving further up the boardroom agenda, security teams are under greater scrutiny as they work to safeguard the company, its data and its employees. But what are the biggest security challenges and how can security teams improve the security posture of their organisations?

The expanded attack surface

The shift to remote working has reset the world of work and fundamentally altered the cybersecurity landscape. Software has evolved rapidly to support ubiquitous access and driven user expectation around working from anywhere, by any means. Security solutions have struggled to keep pace.

Unsecured Wi-Fi connections and unattended computers heighten the chance of unwanted exposure for corporate networks and increase an organization’s vulnerability to cyber risks and attacks. Limited oversight of employees who are working outside of the office environment makes it more difficult for security teams to implement security policies and secure the organization’s systems and networks. This is made clear when looking at Xalient’s research results, which state that nearly half (44 percent) of organizations have experienced an attack resulting from remote or hybrid working, 40 percent were caused by a subsidiary operation and 39 percent via a roaming worker.

While remote working is no longer a new concept, security teams are still grappling with putting the right protection and security mechanisms in place. Managing different security policies across multiple locations and devices is complex and can lead to gaps in protection. Perimeter-based security doesn’t meet the security needs of a remote workforce as it assumes trust within the network. This has security teams thinking hard about improving security systems without impacting network performance or employees’ ability to access the apps and data they need wherever they may be.

More hardware and insecurity

In addition to a dispersed workforce that requires enhanced security, people no longer only work on a single device and often combine work and personal devices to perform job functions when away from their desks. For example, personal smartphones connected to company networks and emails can offer employees unlimited access to organizational data while they are away from their company-provided laptops.

Personal devices, however, often lack the stringent security measures and protocols that are implemented on work devices. Security teams may encourage certain measures to be put in place, but unfortunately, their hands are tied, and they cannot enforce security protocols beyond this as they do not have full visibility of whether employees comply with security mandates. Hackers know this, and as such personal devices add risk to an organization’s security posture with Zimperium's 2024 zLabs Global Mobile Threat Report finding that 82 percent of all phishing sites were specifically designed to target mobile devices and mobile users.

Smarter security

While there is no single answer to address all the security challenges companies face today, there is a tried and tested solution that has proven to deliver significant business benefits to help organizations strengthen their security posture, particularly when having to keep remote and hybrid environments secure. Secure Access Service Edge (SASE) helps organizations reduce security risks, aligning with zero trust principles like least privileged access and micro segmentation, enforcing consistent security controls across distributed environments by ensuring that every user or device is authenticated and authorized before accessing network resources. This has the added advantage of minimizing the risk of insider threats and unauthorized access, reducing the attack surface. Further, SASE’s integrated security tools also help detect and block malware, ransomware, and other cyber threats in real time, across all network edges.

According to Xalient’s research, which surveyed 700 IT, network and security leaders that have implemented SASE solutions, a key motivator for adopting this approach was the ability to provide secure remote access for a hybrid/remote workforce. 28 percent of respondents cited updated threat protection and 27 percent noted improved security surrounding breaches, as key benefits of implementing SASE solutions. An added benefit cited by 30 percent of respondents was the improved performance of business-critical SaaS apps.

The shift to hybrid and remote working has altered the threat landscape, adding further complexity to cybersecurity. To counter this, security teams must move beyond traditional security measures and implement solutions that address the new challenges of the working world. SASE is an innovative, strategic approach that helps security teams secure organizations’ networks, data and employees in a world of work that is constantly changing.

Image credit: mc_stockphoto.hotmail.com/depositphotos.com

Stephen Amstutz is Director of Innovation at Xalient.