A recent proofpoint report revealed that more than half of cybersecurity managers in companies feel unprepared to deal with a cyberattack, the repercussions of which may be even more worrying than last year.
Given the increase in teleworking and targeted threats, 7 out of 10 CISOs consider human error the most significant vulnerability in their organization.
This scenario poses a new challenge for companies: How to protect organizations and their professionals in a hybrid work environment? Analyzing the prominent security breaches of the last two months, the researchers have identified what attacks can be like in these hybrid environments where employees divide their day between the office and home.
The connection to corporate networks with tighter controls, the jump to home networks, the sharing of devices for work and personal activities, or the use of company equipment by other family members are some of the causes of reduced security.
Added to this is that the behavior of the employees has changed, as well as the way of working as a team, and more people have been told to them who did not include in the equation before.
Those responsible for cybersecurity in companies should focus on five points to secure the new hybrid work environments.
Configuration of devices on the network: It is crucial to manage the vulnerabilities of the devices after more than a year of being connected to home networks. Before reconnecting them to the corporate network, it is essential to analyze their security thoroughly to ensure they are clean.
This can prevent potential malware infections that could compromise the organization’s systems. Must make a great effort in asset management, control, and reconfiguration, as well as checking that all devices are patched and updated.
Many users do not even reboot their machines, so basic actions are required.
Analyze new employee behaviors and define new policies – Typically, users have relaxed their security habits, which requires more effort to retrain them. People have been creating new cultures and ways of working, so security teams must reinforce “good” practices among employees.
It is necessary to define what is good in this new hybrid world and then underpin these concepts with security awareness that adapts to behaviors.
Maintain collaboration: Although email remains the main communication channel between employees and third parties, users have begun to use more and more telecommunications services that were not usual in the day-to-day of the company.
Cybercriminals know that collaboration tools are an easy target for spreading malware throughout an organization, even in this hybrid work environment.
Any new channel, application, or service can become an attack vector. You don’t need to lock down systems or prevent these new ways of working, but you do need to be aware of and protect them.
Same threats for many targets: People continue to be the main target for cybercriminals, regardless of where they work. A Verizon study demonstrates this: the most used tactic in the attacks was phishing (35%), and the human factor was vital in 85% of the attacks.
A single click is enough for a successful cyber attack, and that click can happen in the office, at home, or on the go. Furthermore, user data and passwords are the new jewels in the crown: they provide access to data that is increasingly moving to the cloud—used credentials in 61% of incidents last year.
New faces, new threats: Incorporating new professionals also risk security. Their situation makes them easy targets for social engineering:
- They don’t know all of their peers yet.
- They probably haven’t received security training from the organization.
- They are eager to please.