It’s a complicated time to be a CISO – perhaps even more than it usually is. Hybrid working offers business benefits of improved productivity, flexibility and general employee happiness, but it changes the landscape of cyber threats.
In times gone by, under the umbrella of what we might now call “traditional cybersecurity,” your devices, laptops and PCs were mainly onsite and inside your company’s network perimeter. It gave your IT department more control over devices and apps, and provisioning kit for your workers. It meant a more rigid protection level with a clearly defined border.
As hybrid work has evolved, there’s been a shifting threat landscape. There are many more devices and apps outside the traditional network perimeter. Threats are always evolving, too: according to Orange Cyberdefense, there was a 30% increase year-on-year in detected cybersecurity incidents, with 37% of detected incidents originating from internal actors. Furthermore, end-user devices were the most impacted asset in 2023, with 28%.
What this means in practice
There are new types of ransomware that can get into your organization through different routes, and ransomware can impact your business continuity and cause financial loss, and data leaks can lead to brand damage and fines through legal action by injured third parties.
How your workers work is changing, and that, too, presents new threats. If any of your employees are experimenting with insecure GenAI apps, for example, it could be opening the door to new cyber and compliance risks. Controlling this activity outside of the company perimeter can be tricky. It requires a top-to-bottom philosophical change in how you approach IT security.
Lots to manage for IT departments and CISOs
In addition to the many apps and devices that are now commonly located and used outside your enterprise perimeter, employees are finding their own paths to productivity. Since workers got used to hybrid, their expectations have changed. They want more devices and apps that enable them to be more productive, to the extent that they’re now often choosing their own productivity apps, with new solutions like ChatGPT growing in popularity.
These new apps, plus established productivity tools like Microsoft 365, need robust cybersecurity in place. So, the mission for IT teams and CISOs is to ensure workers get the maximum benefits and EX from devices and tools while minimizing risk.
Hybrid-working cybersecurity presents a bigger range of challenges to IT security teams. The enterprise ecosystem is now broader, the threat landscape is larger, and you have only limited resources to manage it. Microsoft 365 productivity tools come with quality cybersecurity built-in, but are your IT departments using that security capability in line with best practices? If remote workers want to use GenAI chatbot tools to be more productive, do your IT teams know how to deploy them without increasing cybersecurity risks?
All this is taking place at a time when cybersecurity skills are at a premium. Cybersecurity skills shortages continue at an alarming rate, with only 15% of companies saying they’re optimistic that cyber skills will improve significantly in the next two years.
The actions you should take
Cybersecurity for hybrid working requires a process of constant evolution. Your cybersecurity policies and practices must stay ahead of the curve, and your CISOs and IT teams must always be looking at what new working trends might be coming next.
To begin with, your cybersecurity for hybrid working requires seamless endpoint security with detection based on behavior and AI algorithms. This is a route to pre-empting new types of attacks and mitigating them before they can do damage. Businesses like yours should also implement modern identity and access management solutions to prevent impersonation, while early detection and response using managed detection and response solutions and cyber threat intelligence are business essentials.
It all adds up to the fact that the role of the modern CISO continues to evolve: it is no longer enough to be a technical security expert with lots of know-how. CISOs must become board-level visionaries, tasked with strategic cybersecurity and business growth.
CISOs should also be aware of the extent of their limitations and when an expert partner can provide exponential value to the business. Orange Business understands what businesses like yours should do to enable secured hybrid working that drives EX and productivity for your workers, and we have extensive expertise across all security-related consultancy and solutions. Our expertise includes supporting your Microsoft Teams use with advisory and auditing that anticipates and identifies cyberthreats, and we enable managed detection and response for Microsoft 365 to detect threats, respond and improve your security posture.
On top of that, we work with your IT teams to ensure they receive appropriate training and cyber awareness-raising so that your hybrid working approach and devices are as safe as possible thanks to managed secured access. We also specialize in helping you maximize ROI on your Microsoft 365 licenses, and we have the Microsoft Defender expertise to help prevent attacks across all your digital assets, endpoints, identities, cloud apps, email and shared documents.
Orange Cyberdefense has over 150 Microsoft Security certified experts and 3,000 cybersecurity experts and is a Microsoft security solution partner and one of only 40 MXDR vetted by Microsoft worldwide. Our expertise can help your employees stay productive, and we can help you give them world-class EX through secured hybrid working.
Learn more about secured hybrid working in our new solution guide.
Julien Ménissez, Product Manager at Orange Cyberdefense, is responsible for building service offerings to help businesses improve their cybersecurity. The Microsoft technology-based services he promotes simplify cybersecurity management and shape a more secure digital society.