The Impact of Hybrid Work Models on Corporate Cybersecurity

Now what? Many organizations are asking themselves that question as the number of Covid cases wane, vaccinations wax, and companies start to recall employees back to the office.

The New Normal will look much different from both the old way and the “no employees in the office” motif that was evident in the last year or so. Businesses will need to offer remote work options to their employees. But a hybrid model where they come into the office some days and work at home on others also requires a rethinking of the current enterprise network.

The pandemic quickly moved employees from their desks to their homes. They shared network connections with their spouse and children, who all were home 24/7. The sudden change rippled throughout the IT organization.

The Complexity of Securing Corporate Endpoints Grows

The IT department saw a dramatic increase in the number of endpoints that sat outside of the corporate LAN over the last year and a half. Staff had to accommodate existing systems as well as new ones at home. Employees were no longer limited to corporate issued laptops, so corporate IT departments found themselves with network devices that they neither purchased nor fully controlled. They suddenly had a wide – and growing – range of systems to secure.

As a result, the potential corporate attack surface area increased exponentially. Each remote device becomes a potential entry point for an outsider. Since each system has a distinct configuration, the challenge of securing remote systems increases exponentially. At the same time, bad actors saw these trends and amplified their attacks knowing that organizations and their employees were in a stage of transition.

Most users have only surface level knowledge about IT systems and began using systems that lacked enterprise security features. They also were accessing applications over residential WiFi networks and best effort internet connections. All the while sharing these systems with their spouses and children, who can consume massive amounts of bandwidth and may also frequent insecure sites and may inadvertently download malware.

Furthermore, best practices morphed. Corporations had previously spent significant time and put a lot of effort into designing enterprise security framework to thwart would-be hackers, but many rules HAD to be loosened in order to get employees online and to work.

The Corporate Attack Vector Grows

Make no mistake: corporate systems are under attack. In 2021, cybercrime is expected to inflict $6 trillion in damages globally, according to market research firm CyberSecurity Ventures.

IT organizations were forced to provide secure access to a growing base of remote users, deliver consistent and predictable experiences when accessing business applications, and ensure that every transaction is secure.

Some companies did a good job adjusting to the changes, while others did not. One reason is that the bad guys are agile: they began targeting new remote users with Covid related attacks: masquerading as financial institutions offering clients Covid relief funds and health care providers supplying medical information. In addition, phishing attacks doubled and ransomware attacks grew an astounding 485% in 2020.

Back to What Exactly?

As they adjusted to that upheaval, another one looms. Corporations have begun calling employees back to the office, and one thing has become clear: many became comfortable with the new work arrangements. In fact, only 4% want to go back to working in the office full time, according to Gartner.

Not only do employees not want to return to the office, but also in many cases, forcing them back may have unintended consequences. Close to four out of ten (39%) of workers said they are likely to leave their jobs if forced back into the office full time, according to Gartner. Further evidence of workplace flexibility becoming a Must Have rather than a Nice to Have: 55% of employees say whether or not their boss offers that option will determine whether or not they stay with their employer or look for another job.

It is now incumbent upon IT teams to find ways to not only secure a swath of different endpoints and systems, but also ensure that employees can access their networks and applications, and do so in a way that allows for them to be productive. The reality is that many of their users are accessing the corporate network over cheap ISP connections and broadband routers. IT teams need a means to get visibility into these networks and help troubleshoot connectivity issues that may prevent an important Zoom call from happening. In many ways, employees' private residences have become critical network nodes.

Close Cybersecurity Holes

What has become evident through all of the chaos is that enterprises need flexible enterprise networks and users need to be able to access core applications at any time, from any place on any device. Many of yesterday’s legacy equipment is static, so making changes during a dynamic time can be challenging.

What is needed is a suite of network services that are easily adapted as the business evolves. Whether self managed or through a managed services model, your enterprise can gain the flexibility needed to support the New Normal.

The pandemic threw the world and IT departments into chaos. The impact was significant, and many organizations’ network posture has been out of step with employees’ rapidly changing needs. As a new day dawns, they must find services capable of supporting both the traditional company profile as well as the growing number of individuals working at home.

Did you enjoy this blog? You should check out our DIA Pricing Guide, WAN Pricing Guide, and SD-WAN Buyers Guide, if you haven’t already!