The More Things Change: Hybrid Work Requires a New Approach to Security
With the delta variant looming large, organizations have taken the long view on hybrid work. Security spending is booming. It is time to reimagine our approach to protecting what matters most: identities are the keys to the kingdom.
I recently read a Wall Street Journal article that suggested remote work may now last for two years, worrying some bosses. My reaction is that it has already been a year and a half and the delta variant is spiking, so at least another six months of remote and hybrid work seems inevitable.
According to the WSJ, executives are concerned that the longer employees work from home the more reluctant they will be to return to the office. Pat Gelsinger, CEO of, Intel is quoted as saying, “There is no going back.”
Elsewhere, a survey of more than 3,500 workers in the US found that employees would sacrifice up to 50% of their salary to continue working from home. Imagine an organization that continues to offer full benefits to remote workers vs. a competitor that does not. The ability to work from home has become a competitive advantage.
What about Security?
It seems odd that so many of these mainstream discussions about returning to work vs. hybrid work seem to ignore the 800-lbs gorilla in the room: cybersecurity. According to an IST ransomware report, ransomware payments increased 311% in 2020 at a cost of more than $350 million. This is almost certainly related to remote work. Case in point, remote desktop protocol (RDP) has become the most valuable and most popular type of access listed on the dark web.
A big part of the challenge is that many organizations are still relying on traditional network security solutions, such as firewalls and VPNs, even as remote work has pushed endpoints beyond the perimeter. More than a decade of digital transformation and cloud migration trends have further complicated managing these complex ecosystems.
According to Microsoft’s Zero Trust Security Model, “Interactions with corporate resources and services now often bypass on-premises perimeter-based security models that rely on network firewalls and VPNs. Organizations which rely solely on on-premises firewalls and VPNs lack the visibility, solution integration, and agility to deliver timely, end-to-end security coverage.”
Without this visibility, organizations are blind to the unauthorized access and lateral attack movement typical of ransomware and advanced persistent threats (APTs). Ransomware attacks typically begin with initial access brokers, who leverage exposed credentials to establish a beachhead, which can be used to pivot to additional high-value targets.
If sensitive, confidential, or otherwise valuable data are the crown jewels of the enterprise, then identities are the keys to the kingdom. I would have to agree with Microsoft that identities define the Zero Trust control plane. Identity is the new perimeter.
The Future of Work is Now
It seems that remote work and hybrid work are here to stay, either by necessity or by competitive advantage. Yet for all the discussion of office culture, work-life balance, and other productivity issues, cybersecurity has remained conspicuously absent. During the transition to remote work, the best time to worry about cybersecurity was a year and a half ago, but the second-best time is now.
The bad news is that we have suffered more than a year of major ransomware attacks during this transition, but the good news is that it seems cybersecurity has become a mainstream issue. A recent White House cybersecurity summit prompted Microsoft to announce it would invest $20 billion over the next five years to accelerate cybersecurity efforts. And within the security industry, its decision makers are waking up to Zero Trust. According to Microsoft, 90% of security decision makers are familiar with Zero Trust today, compared to 20% pre-pandemic.
There is so much to discuss on this topic, which is why Illusive CEO, Ofer Israeli will be joined by Dave DeWalt, founder & managing director, NightDragon, and Alissa Knight, a recovering hacker, and partner, Knight Ink to a panel about the future of remote work, which will be hosted by Jon Swartz, Senior Reporter, Dow Jones. Sign up for it today, so that you can join the discussion with us. Hope to see you there!