How to secure the hybrid workforce to ensure business continuity

It is interesting to observe how 'off-site' or 'remote' working is no longer considered a particular case or a privilege. Instead, it has become a mainstream component of numerous organizations worldwide. As a result, zero-trust network access (ZTNA) and cloud-based delivery models are increasingly being adopted by businesses globally.

The rollout of 5G services has accelerated this trend, resulting in a massive increase in security risk. As per a recent report, the cost of security and risk assessment services will see a spike of 11.3% to reach $188.3 billion globally.

The sophistication of cyber attacks and the approach cyber criminals take continues to evolve rapidly. According to recent studies, cybercriminals are steering away from regular business email targeting to a more personalized approach, using extensive social-engineering techniques such as text messages and third-party messaging apps like Whatsapp. Moreover, there are a lot of challenges stemming from hybrid work environments, such as

• Data privacy gaps
• Increased attack surfaces and risk exposure
• Limited security response architecture
• Compliance violations

Despite challenges, it is possible to secure the hybrid/ remote workforce with the right strategies, implemented with the right resources (e.g., Managed XDR services) at the right time. Our cybersecurity consultants, through their daily business interactions and with the help of observations by security leaders, have compiled the following best practices, which enterprises can adopt to step up their cyber defense.

• Identity-centric working models: Traditional password or Multifactor Authentication (MFA) is quickly turning archaic. Owing to rising consumer demand for easy and convenient user experiences, security leaders are rethinking identity access and management. This has led to modernized authentication methods deploying technology agnostic specifications like Fast ID Online (FIDO)-based password authentication, Single sign-on (SSO), cryptographic passkeys, etc.
• Boost endpoint security: Businesses need to understand that the concept of the endpoint is no longer limited to their physical premises. Identifying Laptops, tablets, phones, and emerging devices, such as wearables, enables better endpoint acknowledgment. In addition, deploying Multifactor Authentication (MFA) can improve overall security. On a global scale, almost 57% of businesses use MFA. It is also wise to consider deploying Endpoint Data Loss Prevention (DLP) tools to safeguard business-critical data.
• AI-driven surveillance: Artificial intelligence-based models are fast gaining relevance in cybersecurity. For example, AI-driven surveillance has been identified as a powerful tool in securing hybrid workforces due to its superior capabilities, such as user surveillance, suspicious activity detection, facial suspicion, external device detection, and unauthorized facial identification. Additionally, its comprehensive set of features covers external physical threats while requiring very little administrative intervention. Leading American MNC - NOV Inc. recently deployed a Managed XDR service (managed extended detection and response service) to secure its globally distributed workforce. Within a few hours, the XDR platform was able to detect, block, and remediate a cyber attack promptly. This superior performance can be attributed to its modernized Artificial Intelligence (AI) and Machine Learning (ML) capabilities.
• Strengthen collaborative security: In hybrid workplaces using multiple tools and platforms such as Teams, Slack, Zoom, and other HR apps, it is generally assumed that they might have their security controls. But often, this is incorrect. Disparate tools and technologies end up exposing vulnerabilities that cybercriminals can leverage. As a result, cybersecurity practitioners and businesses must keep an extra vigil on collaborative security, wherein a unified platform integrates all software and tools and helps iron out policy, functional, or security fragmentations.

As workplaces and industries gear up to become more collaborative and hybrid in the future, it becomes essential for them to strengthen their cyber preparedness. The first step would be propagating a security-first culture from the employee level. Then, joining forces with professional cybersecurity counterparts can help businesses allocate their investments, energy, and time to more mission-critical goals while achieving the desired cyber resilience.