Tech Interviews
Navigating the Cybersecurity Landscape in Hybrid Work Environments
As hybrid work becomes the new norm, organizations face a dynamic cybersecurity landscape. Embracing remote and in-office work models, companies must prioritize cybersecurity measures to safeguard against evolving digital threats.
The Integrator recently conducted an exclusive interview with Emile Abou Saleh, Senior Director of Proofpoint Middle East, Turkey & Africa, and dwelled into key areas of focus, tools and technologies used to secure data, the importance of cybersecurity training, and unique risks associated with hybrid work.
What are the key areas of focus for enhancing the hybrid work environment within your organization?
After approximately four years of embracing the remote work model accelerated by the pandemic, companies in the Middle East and across the globe have accepted hybrid work as a regular feature of modern business.
The shift to this working model has continued to drive a human-centric approach from cyber criminals, focusing their efforts on individuals rather than the technological infrastructure. With employees now forming a defensive perimeter wherever they work, whether in the office or outside, our recent research shows that email-based threats, such as Business Email Compromise (BEC), ransomware, credential phishing, compromised cloud accounts, and social media hijacking attacks, are being employed by cybercriminals to steal credentials, siphon sensitive data, and fraudulently transfer funds.
As a result, organizations must secure their hybrid work environment by prioritizing compliance risk management, advancing secure collaboration, and strengthening IT and security infrastructures.
Recognizing the shift towards hybrid work, organizations must implement technology that facilitates seamless communication and collaboration so employees can work wherever they are, minimising operational downtime.
When using collaboration tools, we must ensure they are secure, and such tools may raise compliance issues.
To address these compliance risks, organizations must implement tools and applications that meet regulatory standards to enable teams to stay connected efficiently. This involves a careful balance of enabling productivity tools while managing the risk-cost-benefit ratio effectively.
Lastly, IT and security are paramount. Providing corporate hardware equipped with robust antivirus software and enforcing IT-approved security protocols is key. Our goal is to minimize shadow IT by offering authorized, secure apps that enable our employees to work effectively from anywhere.
- What tools and technologies are you using to secure data in a hybrid work environment?
To secure data within a hybrid work environment, we leverage a host of innovations across our Threat Protection, Identity Threat Defense, and Information Protection platforms. These innovations are designed to stop malicious email attacks, detect and prevent identity-based threats, and defend sensitive data from theft, loss, and insider threats.
Our approach includes advanced email security measures to block phishing and BEC attempts, identity protection to guard against unauthorized access and account compromise, and data loss prevention strategies to secure data across our network.
Our Identity Threat Defense platform offers enhanced protection for productivity tools like Microsoft 365, ensuring that our employees can work safely from anywhere.
- In hybrid work environments, how critical is targeted cybersecurity training in safeguarding against emerging digital threats?
In today’s hybrid work environment, targeted cybersecurity training is essential for combating sophisticated digital threats. The evolving threat landscape in the Middle East demands a comprehensive cybersecurity strategy that includes both technology and education to make employees proactive defenders.
A security awareness program that educates employees on cybercriminal tactics is therefore crucial. It helps them recognize and respond to threats, improving the organization’s security posture. However, a recent Proofpoint study reveals that not all employees receive such training. The UAE stands out positively, with 64% of organizations training their workforce and 52% targeting those most at risk. Additionally, 74% of UAE organizations provide customized security training, the highest among the 14 countries surveyed.
This approach reiterates that cybersecurity is more than an IT issue; it is vital for organizational resilience. Targeted cybersecurity training in hybrid work environments is, therefore, key for safeguarding against emerging threats.
- Could you elaborate on some unique cybersecurity risks associated with hybrid work?
The move to hybrid work has introduced several cybersecurity challenges, requiring organizations to navigate a new threat landscape. One significant threat is the increased risk of insider attacks. As workplaces become more dispersed, controlling and monitoring access to sensitive information has become more complex, and widening cybercriminal attacks surface. A Proofpoint study highlights this concern, with data showing that 32 % of CISOs in the UAE agreed that they had seen an increase in targeted attacks on their organization in 2022 as a result of long-term hybrid work, which made protecting data a top challenge.
Furthermore, employees demonstrated risky behaviors outside of the office – more than half (51 percent) of employees in the UAE and 44 percent of employees in KSA have connected to home or public Wi-Fi networks without knowing if they are secure – an increased occurrence with the hybrid working model.
As traditional working models evolve, the old ways of protecting data no longer suffice. Data loss for organizations is more than just an IT problem, and employees must understand that they play a critical role in preventing data breaches.