The overall approach to work has changed so much that the hybrid model is expected to grow from 53% in 2022 to a massive 81% by 2024. But what does this mean for cybersecurity?
According to a study conducted by Verizon, 79% of companies believe that remote work had a negative impact on cybersecurity and a report by IBM discovered that, in 2022, the average total cost of a data breach increased by nearly $1 million as a result of remote work. This implies that the more prevalent hybrid work becomes, the more careful businesses need to be about their security posture. That being said, remote work is not the real issue at hand, nor should it be regarded as a threat by organisations. On the contrary, the possibility to work, learn, or cooperate from a distance has proved to be a key factor in increasing efficiency, productivity, and competitiveness.
The price we’re now paying in terms of cybersecurity is the result of what has been the fastest digital acceleration so far. From devices that do not have proper OS or application patches installed to outdated VPNs and weak antivirus software, the expansion of BYOD culture happened without clear and adequate policies thereby resulting in security vulnerabilities.
A shift from reaction to prevention
This shift requires businesses to adapt to the new working environment and prioritise cybersecurity. In order to assess possible security vulnerabilities, every business owner must be aware of basic cybersecurity pitfalls, regulatory compliance, and the company's security posture. Consequently, the entrepreneurs who are proactive in their security and risk management process and educate their employees on cybersecurity trends and programs will stay ahead of their competition.
That being said, raising awareness about the security risks enabled by BYOD and unregulated hybrid work policies is the first step in the shift from reaction to prevention.
This is especially important for SMBs. While implementing adequate resources and policies might be easier for big corporations, SMBs and individual businesses are more likely to underestimate threats and the impact that a data breach could have on their organisation.
The smaller the business, the bigger the consequences
Even though most SMBs owners tend to believe they are too small to attract cybercriminals, start-ups and small businesses, in general, are still entrusted with sensitive employee and customer information - which is exactly what hackers are interested in. An average of 43% of all cyberattacks target small businesses, and the smaller the business, the bigger the consequences. In fact, 60% of the small businesses that are victims of a data breach permanently close their doors within six months of the attack.
SMBs are more vulnerable to cyberattacks due to several reasons such as smaller budgets, limited security awareness, persistence of old security measures, and failure in securing endpoints. For instance, 47% of small businesses do not have a dedicated cybersecurity budget. To understand the impact of this issue, we need to acknowledge the fact that small and medium-sized enterprises form an essential part of the European economy. In fact, around 93,1% of non-financial European enterprises are micro-sized businesses.
It's becoming increasingly clear that hybrid work will be the reality for businesses of all sizes. While hybrid work models may look different from company to company, one thing is sure, cybersecurity risks must be considered and planned for.
It all starts with knowledge
Not only do we need to implement better security frameworks, but we also need to make sure these frameworks are effective, and for that, the mentality around cybersecurity also needs to change. With the raise in awareness around cybersecurity issues should also come an increase in cybersecurity training for employees, no matter their role in the organisation. After all, according to the IBM Cyber Security Intelligence Index Report, 19 out of 20 cyber breaches result from either skill-based or decision-based human errors.
Lack of knowledge and skills as well as negligence due to tiredness or distraction can seriously compromise the continuity of a business and its future. For this reason, companies are starting to provide employees with in-depth security training and additional tools such as password managers that ensure the safety of private information. Similarly, replacing VPNs and adopting simple measures such as updating security patches are the first steps towards preventing future cyberattacks.
Moving towards a “Zero Trust” approach
The increasing importance of cybersecurity was highlighted by the recent US White House memorandum which aimed to move the US government towards Zero Trust architecture. Essentially, the Zero Trust security framework guarantees the security of data by requiring the authentication, authorisation, and continuous validation of users, from both inside or outside an organisation’s network, in order to obtain access to the network’s data. More and more businesses are beginning to invest in Zero Trust architecture. In fact, in the EMEA region, 53% of companies are planning to implement Zero Trust frameworks within the next 12 to 18 months.
On the other hand, while the interest in Zero Trust security may be vast, solutions are not always accessible to SMBs, due to either lack of budgets or specialised professionals. Fortinet’s Zero Trust Report reinforced this as although a large number of businesses have implemented this security framework, more than half of them have experienced problems such as monitoring users post-authentication or authenticating users and devices regularly.
Even though we can expect the offer around Zero Trust solutions to become more extensive and diversified in the course of this year, it is now important to acknowledge that cybersecurity should be treated as a necessity, not as an option, especially for SMBs. For this type of companies, it is way more expensive to ignore possible security vulnerabilities and act when it is too late than it is to implement solutions that will grant them a sustainable and profitable future. All around the world, technology continues to be a crucial part of everyday life, a life where traditional work dynamics have permanently shifted toward a more efficient and personal idea of “work-life” balance. In order for this to remain a reality, we must adapt and prioritise cybersecurity.
Author details: Alexand Draajier, General Manager of EMEA, Splashtop