How the Hybrid Work Model Increases Risks of Cyber Attacks

img blog How Hybrid Work Model Increases Risks Cyber Attacks r1

We all know that Covid upended our lives in countless ways. In addition to the health risks associated with the pandemic, the risks to businesses (and the labor force) increased exponentially. 

The threats, personally and professionally, were so new that society as a whole had to learn on the go, and many, if not all of us, responded in an ad-hoc manner. In times of crisis, we make choices as best we can, but it’s impossible to know the long-lasting impact of the decisions that were made – either by governments, businesses, or individuals. 

And while the health risks of Covid are decreasing, the risks to businesses and employees have not. In fact, according to excerpts from an article by Embroker, they wrote, “Cyber attacks have become the new norm across public and private sectors. This risky industry continues to grow in 2023 as IoT cyber attacks alone are expected to double by 2025. 

If you are one of the many that run a SMB, you know the landscape is ever-changing, and in 2020 the pandemic affected all types of businesses — big and small. If anything, the pandemic amplified cybercrime due to the uncertainty around remote working and how to protect your business.

Cybercrime, which includes everything from theft or embezzlement to data hacking and destruction, is up 600% as a result of the COVID-19 pandemic. Nearly every industry has had to embrace new solutions, and it forced companies to adapt, quickly. 

Cybercrime for Small and Medium Businesses

Cyber attacks on all businesses, but particularly small to medium-sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves. 

Not only does a cyber attack disrupt normal operations, but it may cause damage to important IT assets and infrastructure that can be impossible to recover from without the budget or resources to do so. 

Small businesses are struggling to defend themselves because of this. According to Ponemon Institute’s State of Cybersecurity Report, small to medium-sized businesses around the globe report recent experiences with cyber attacks:

  • Insufficient security measures: 45% say that their processes are ineffective at mitigating attacks. 
  • Frequency of attacks: 66% have experienced a cyber attack in the past 12 months.
  • Background of attacks: 69% say that cyber attacks are becoming more targeted. 

The most common types of attacks on small businesses include:

  • Phishing/Social Engineering: 57%
  • Compromised/Stolen Devices: 33%
  • Credential Theft: 30%

By understanding the targets of attacks and consequences, as a business leader, you can minimize the potential, gain value in your cybersecurity efforts, and even prevent future attacks.

Longtail Cost of Cyber Attacks 

The long tail costs of a data breach can extend for months to years and include significant expenses that companies are not aware of or do not anticipate in their planning. 

These costs include lost data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation.

Breach Discovery Time

Breach discovery is when the company or business becomes aware that the incident occurred. According to IBM, it takes a company 197 days to discover the breach and up to 69 days to contain it. 

Companies that contained a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days. A slow response to a data breach can cause even more trouble for your company. It can result in a loss of customer trust, productivity, or major fines.

A data breach response plan is a proactive way to be prepared in the event that a breach does occur. Having a risk management strategy in place to combat incidents such as breaches can minimize the impact on your company and bottom line. An incident response plan, for example, provides guidance for your team during the phases of detection, containment, investigation, remediation, and recovery.”

The article by Embroker is exhaustive, but the infographics do a great job of summarizing it. If you have the inclination, click on this link to learn more.

 The Hybrid Work Model

In this section, we’ll address what the hybrid work model is, and why it makes businesses more vulnerable to cyber-attacks.

In excerpts from an article by AccessOne, they wrote, “The hybrid work model is becoming a standard in many businesses, and it describes several work scenarios. (These arrangements can range from fully remote workers collaborating with on-site employees, or team members that split their time working onsite and remotely.) 

The growth of this model was driven by the need for remote work during the pandemic that started in 2020. It is ongoing because businesses find that it is an important tool to keep their organizations operating efficiently.

In addition to needing new tools for supporting remote work, you also need to address the increased cyber security risks that come with hybrid models.

Why Remote Work Leaves Businesses More Vulnerable 

to Cyber Attacks

With more employees working remotely, cybersecurity issues need to take top priority for IT leaders. There are several ways in which your business is more vulnerable.

1. Employees Are Using Their Own Devices

Most companies don’t plan to supply computers for their remote workers. When employees use their own devices, their connection to the company network is much less secure than employees working in the office. This provides a perfect opportunity for cyber criminals to gain access to your servers without needing to break through your cyber defenses.

2. Employees Are Using More Third-Party Apps

Third-party apps for productivity and collaboration are proliferating rapidly. If employees can’t meet face-to-face, they need collaboration technology to maintain the same level of interaction. In addition, employees using their own devices may use a variety of apps that an IT team isn’t even aware of.

Unfortunately, many of these third-party apps have very few cybersecurity tools, and their default settings aren’t always effective. If neither the IT team nor the employees change the app’s default cyber security settings, a new vulnerability is born. In addition, it’s often necessary to reset the cyber security settings every time the software is updated, and that is an easy thing to overlook.

3. Cyber Threats Can Be Ignored by In-House and Remote Workers

A global study¹ looking at cyber risk in companies using a hybrid workforce made some disturbing discoveries.

  • Do office workers use their work computers for personal tasks? 70% said yes
  • Do office workers use their personal laptops for work activities? 69% said yes
  • Do remote workers let others use their devices? 30% said yes

Have IT leaders seen an increase in cyber issues?

  • 54% saw an increase in phishing
  • 56% saw an increase in infections from web browsers
  • 44% saw infected devices used to spread infection throughout the business
  • 45% saw infected printers used to start a cyber attack

4. Cyber Security Training Is Often Inadequate

Cybersecurity training is critical, and it needs to be reinforced regularly. Human error accounts for 95% of cyber security breaches. Without adequate and consistent training, employees are much more likely to fall for things like phishing emails.

Whether or not you’re using a hybrid work model, it’s always a good idea to update your cyber security plans regularly. But, if you’ve recently instituted a hybrid work model, it’s even more important. Cyber attacks can bring your business to a halt and can have long-term effects.”

Remote Work Cybersecurity: 12 Risks and How to Prevent Them

In a fantastic article by TechTarget, they wrote, “Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention.

Remote work is now a standard option for most professionals, but the rising popularity of work from anywhere has driven a corresponding rise in cybersecurity incidents.

Remote work during the COVID-19 pandemic drove a 238% increase in cyber attacks, according to a March 2022 report by Alliance Virtual Offices, which provides services to the remote workforce. And Gartner’s “7 top trends in cybersecurity for 2022” called the expansion of the attack surface that came with remote work and the increasing use of public cloud a major area of cybersecurity concern. Trends such as these have made security improvements for remote employees and risk-based vulnerability management the “most urgent projects” in 2022 for 78% of CISOs surveyed by security software provider Lumu Technologies.

How does remote work impact cybersecurity?

A remote work environment can raise the risk of a data breach or other cyber attack for several reasons, according to multiple security experts. Remote work, particularly remote work at scale, significantly increases the potential attack surface that must be protected.

Gartner reported that 60% of knowledge workers are remote and at least 18% won’t return to the office. “These changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems,” Gartner warned, “have exposed new and challenging attack ‘surfaces’.”

Remote workers sometimes further expand the attack surface — and increase risk — by introducing unsanctioned technology. “There has been a growth of shadow IT, as people working from home were buying [technology] that may not be sanctioned by IT, but they needed to get their job done,” said Sushila Nair, vice president of security services at NTT Data Services and member of the Emerging Trends Working Group at professional IT governance association ISACA. And, because the technology may go undetected by IT, she added, shadow IT often lacks the security scrutiny and protection it requires.

Remote work not only expanded the potential attack surface but also moved it outside conventional perimeter defenses, such as firewalls and intrusion detection systems, that organizations traditionally built to thwart ransomware attacks, data breaches, and other types of cybercrimes.

“Those had been protecting the castle, but now, people aren’t working inside the castle,” said Ed Skoudis, president of SANS Technology Institute. “They’re out in the field, so those defenses don’t protect them there. We’ve been saying for years that the network perimeters we built were dissolving because of things like wireless and cloud, but then, COVID came and blew it all up.”

Moreover, cybercriminals are seizing the shift to remote work environments by exploiting vulnerabilities in the infrastructure that enables remote work and tweaking how they target the workers themselves. “Attackers have noticed,” Skoudis added. “They’re really focused on attacking home workers because they are no longer protected in these enclaves that organizations spent the last 30 years building.”

Most common remote working cybersecurity risks

Cybersecurity risks associated with remote work are many and varied, including expanded attack surfaces, security skills shortages, vulnerable networks, cloud-based infrastructures, and employee work habits.

1. Expanded attack surfaces

With more employees working remotely, organizations simply have more endpoints, networking, and software to secure, all of which greatly increase the workload for security departments that are often stretched thin.

2. Lack of security talent

Staffing challenges at some organizations can create delays in adequately securing remote workers. In its “2022 Cybersecurity Skills Gap Global Research Report,” network security provider Fortinet revealed that 60% of the 1,223 IT and cybersecurity leaders surveyed said they struggle to recruit cybersecurity talent, and 52% struggle to retain qualified workers, while 67% acknowledged that the shortage of qualified cybersecurity candidates presents greater risks to their organizations.

3. Less oversight by security staff

“Workers don’t have cybersecurity teams watching over what’s happening on the home network,” Skoudis said. By its very nature, remote work moves some of the system access, network traffic, and data outside the conventional perimeters of the enterprise technology environment and the security monitoring within that environment. Companies generally can’t extend monitoring out to all the endpoints, and along all the networks now supporting remote work environments, Skoudis explained.

4. Poor data practices and procedures

Workers, for various reasons, may be downloading sensitive information to their local devices, which may or may not be encrypted, said Scott Reynolds, senior director of enterprise cybersecurity at ISACA. For the sake of efficiency, they may also share sensitive company data over unsecured channels, such as unencrypted email or files, without realizing the risks involved.

5. Susceptibility to phishing attacks

Phishing “continues to be a persistent, pervasive threat,” Reynolds said, “and all it takes is for one person to click something they shouldn’t for something to get through.” The risk is heightened remotely since workers have a greater dependence on email and become less suspicious of a well-engineered phishing email attack disguised as a legitimate business request.

6. Unsecured and vulnerable hardware

The sudden shift to remote work at the start of the pandemic meant many workers used their personal devices to do their jobs, regardless of whether they had the skill to ensure their home routers, laptops, and smartphones were properly updated and adequately secured, said Glenn Nick, associate director for cybersecurity incident response at advisory services provider Guidehouse.

7. Unsecured and vulnerable networks

Remote work also increases the chance that employees will use unsecured networks, such as public Wi-Fi. Even home networks are often vulnerable to attacks. “People are placed at home working in an environment that they don’t have the technical expertise to secure,” Nick explained. “They may be told to update their routers or use VPNs but may not have the technical expertise to do so. And, at the same time, you have nation-states attacking home routers and home network devices.” So significant is the threat that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted the risk in a June 2022 alert.

8. Unsecured corporate network

CISA also noted that hackers are targeting a broad range of networks, including vulnerabilities in the enterprise networking equipment used to enable remote work.

9. Vulnerabilities in enabling technologies

Companies need to be aware of the technologies that enable remote work. “There is a tremendous amount of vulnerabilities being found in remote work support solutions,” Skoudis warned.

10. Misconfigurations in the public cloud

The cloud is an essential technology for remote work, yet it also comes with risks. One such risk lies in misconfigurations, particularly relating to access. Organizations can inadvertently grant users too much access or fail to implement access controls. According to the “2022 Cloud Security Report” by network security software provider Check Point Software Technologies, more than one-fourth of information security professionals surveyed said their organizations experienced a security incident in the public cloud infrastructure within the past year, and security misconfigurations were the leading cause.

11. Webcam hacking and Zoombombing

Enterprises increased their use of video conferencing and other online collaboration platforms and so did hackers. Cybercriminals can sabotage or disrupt online conferences or prowl around undetected to obtain information, such as proprietary data or corporate emails, which they can use to their advantage, Skoudis said.

12. Sophisticated socially engineered attacks

Hackers are becoming increasingly more sophisticated to capitalize on the corporate shift to remote work environments. “[D]espite defenders’ best efforts,” read the “2022 Social Engineering Report” by security software provider Proofpoint, “cybercriminals continue to be successful at exploiting the human element to recognize financial gain.”

Best Practices for Remote Working Cybersecurity

Proofpoint’s assessment reflects the longstanding acknowledgment that nothing is 100% secure. But companies that follow security best practices can drastically reduce their chance of suffering a costly and sometimes devastating cyber attack:

  • Implement basic security controls. Remote workers, Nick advised, should use virtual private networks to access enterprise systems, ensure devices accessing the enterprise network have antivirus software, and follow a strong password policy that requires unique passwords for different sites. Experts also recommended using encryption to protect sensitive data and cloud-based file sharing to keep data off worker devices.
  • Strengthen the corporate data protection program. “Know where your digital information is,” Reynolds said, “what information you are collecting, where your crown jewels are stored, and what you’re doing to protect the data.”
  • Establish a strong vulnerability management program. Use a risk-based approach to quickly address vulnerabilities that present the highest risks and reduce the overall number of unpatched vulnerabilities that hackers could exploit.
  • Review existing threat detection and incident response programs. “They need to be updated,” Nick suggested, “to make them match the current threats and the current environment.”
  • Implement and advance a zero-trust framework. All users and devices should be required to verify that they’re authorized to access the enterprise environment.
  • Deploy user behavior analytics (UBA). A key component of zero-trust UBA uses machine learning and data science to identify and understand a user’s typical pattern of accessing enterprise systems and to flag suspicious activities that could indicate a user’s credentials have been compromised.
  • Ensure proper cloud configurations and access. Misconfigurations are a leading cause of security incidents in public cloud infrastructures. Take measures to eliminate glitches, gaps, or errors that could expose the work environment to risk during cloud migration and operation and institute sensible user access controls.
  • Establish an ongoing security awareness program. Educate users on potential new security threats and the steps necessary to keep the organization safe. “It all comes down to user awareness,” Skoudis noted, “because, if you do all the other stuff but don’t tell users how to stay secure, you’re going to have problems.”

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at