Is hybrid work giving a headache for cybersecurity?

Cybersecurity is fast becoming critical for many organizations worldwide. It is no longer a “nice to have” but essential. Many organizations, from governments and multinational corporations to small businesses, rely heavily on credentials like passwords for their data and network access, especially in a hybrid work environment. However, threat actors can easily compromise passwords. What then?

Key industries

For many industries, cybersecurity is increasingly becoming critical to business continuity. Healthcare, government, finance, professional services, and retail—these represent some of the industries often affected by cybersecurity threats, with phishing, malware, and ransomware attacks. The human element in many such data breaches is often the weakest link, as many such sizable organizations will have cybersecurity defenses in place.

Main cybersecurity breaches

When we discuss cybersecurity breaches, we often think of malicious or criminal attacks, which occupy the largest portion of attacks and breaches. Some of these malicious attacks may also be entity-sponsored (including nation-states with massive financial and technological resources). These attacks can include phishing, abused credentials (such as passwords), ransomware demands, malware, and brute-force attacks. Brute-force attacks are quite common for CMS (content management system) websites such as WordPress.

Next are breaches caused by human errors, including communication sent wrongly to unintended recipients and subsequent data leaks or abuse.

We cannot dismiss system problems as well, including server and network breakdowns, which can cause a small proportion of vulnerabilities for intruders.

Could PAM help?

A sound privileged access management (PAM) implementation may be critical to helping any organization keep data and network access to the right people, thereby reducing the attack surface to would-be intruders.

“Credentials, such as passwords, can be ‘make-or-break’ for many organizations, from governments and multinational corporations to small businesses. Around APAC, from the Office of the Australian Information Commissioner (OAIC)’s Notifiable Data Breaches Report July to December 2024 (source), 62% of data breaches due to cybersecurity incidents were due to compromised credentials (combined from phishing, brute force attacks, and unknown methods). The hybrid work model, where VPN-based remote access from qualified employees and external contractors can complicate the task of managing data and network access within an organization. This is exacerbated by the heightened needs of security compliance now demanded by regional regulators and governments. A sound remote privileged access management (RPAM) implementation may be critical to helping any organization keep data and network access to the right people. In a nutshell, RPAM enforces the “least privilege” or ‘zero trust’ principles through session brokering to enable time-bound, session-specific, just-in-time, and logged access for users accessing remotely,” said Takanori Nishiyama, Senior Vice President, Asia Pacific, Keeper Security.

Moving forward

As AI, quantum computing, and communication technologies continue to evolve rapidly, ensuring adequate cybersecurity will become increasingly challenging. Organizations and practitioners must rise up to adapt to changes and adopt emerging technologies to fend off the combined AI and quantum technology onslaught.

Hybrid work is a persistent trend. More and more employees are looking at work-life balance and prize the benefit of working from home or remote locations more than mere remuneration. And with hybrid work comes even more challenging credential management and authentication, exacerbated by the accelerating AI and quantum technologies. The question is, are organizations committed to getting prepared?

###