We’ve established that hybrid working is here to stay. Yet, this new way of working has resulted in corporate reliance on email, which has led to more email-based threats. As a result, organizations are becoming more vulnerable and the pressure from ransomware attacks is taking a toll on professionals. In fact, cyberattacks are growing increasingly sophisticated, with 97% of companies being targeted by email-based phishing attacks in 2022.
This increase in cyber threats is having a real impact on business leaders, showing that cyber risk is not just an IT problem but a critical vulnerability for the organization. From a cyber insurance perspective, implementing preventative measures will help organizations avoid coverage loss and strengthen cybersecurity posture.
Organizations can reduce the likelihood of cyberattacks which can protect them from financial loss and reputational damage. However, there isn’t a one-size-fits-all approach to protecting the hybrid environment from cyber-attacks. So, what proactive steps can organizations take to protect themselves from the evolving threat landscape?
Toni Buhrke is a Director of Sales Engineering at Mimecast.
1. Invest in advanced email and collaboration security solutions
The hybrid workforce has scattered employees across different locations, causing a reliance on email and collaboration tools such as instant messaging, project management, and video conferencing. As a result of digital communication volume increasing across the workforce, organizations should be looking to invest in systems that address the working environment’s vulnerabilities, especially given the fact that the number of attacks due to collaboration tools is on the upswing.
Advanced email and collaboration security solutions provide organizations with a base of cybersecurity, enabling them to protect both at and beyond the email perimeter. Most organizations use cloud services like Microsoft 365 across the workspace, so ensuring that they invest in email security services that align with their cloud solutions will ensure that communications are effectively protected.
2. Reduce cyber risk with next-gen technology
Artificial intelligence is already being used by organizations to improve employee productivity, better understand customers and meet customer demand. Now, we are seeing the use of AI in cybersecurity gaining popularity in the hybrid workforce due to the long list of benefits it provides, including streamlining work for cybersecurity teams offering more accurate threat detection, improved threat blocking and a faster attack response.
Though the value of AI is clear, it’s important to note that this will also drive cybercriminals to invest further in using artificial intelligence to boost ransomware, phishing scams and other cyberattacks. For organizations with only basic cybersecurity, this will cause trouble and put them at risk. To protect against these kinds of attacks, organizations should not only look to implement cybersecurity products and technology in artificial intelligence but also look for more AI expertise to implement security systems.
3. Encourage tailored cybersecurity training for hybrid employees
Over 95% of data breaches are due to human error, with user complacency being one of the top reasons for errors that benefit cybercriminals. As employees are so used to sending and receiving large amounts of emails each day, they tend to overlook malicious links in emails and are quick to download files. Not to mention the attacks are becoming more sophisticated and harder to identify. Cybercriminals count on users trusting emails by default, so businesses need to ensure that they are training employees to protect the organization from email-borne attacks.
While cybersecurity training is critical to empower employees, it’s important that organisations foster cyber engagement that is tailored to specific threats for hybrid and remote workers. Organisations need to regularly review their cybersecurity strategy and implement appropriate tools to address their weakest links such as less secure public Wi-fi networks for remote employees working in public spaces such as coffee shops, which come with additional security considerations. Safeguarding communications, people and data whilst encouraging frequent and engaging training will ensure that cybersecurity is a top priority no matter the work environment.
4. Minimize complexity with security integration
As cyberattacks continue to evolve, many organizations are using dozens of security tools to fight back resulting in a complicated security framework and stressed security team. Tool consolidation is critical for organizations to run efficiently, streamlining practices and enabling security teams and IT leaders to work smarter, not harder against threats.
Understanding the value of cybersecurity integration will help organizations to remove some of the complexity from security operations and tool administration to ensure that applications are able to run efficiently. Integrated tools will offer greater visibility of the security landscape for organizations, making it easier to close security gaps before incidents occur. An open application programming interface (API) platform allows for easy integration with other tools already in the organization's ecosystem, enabling tools to cooperate and allow for orchestrated mitigation.
The increased dependence on communication in organizations reveals that reactive measures alone will not be enough for safety. Streamlining traditional workflows, investing in artificial intelligence to improve the accuracy of threat detection and prevention and making sure cyber engagement is a company-wide initiative will help to protect across the evolving landscape. No security tool is 100% effective but doing as much as possible can help organizations develop a resilient security framework that will protect them.