This post is part of our 2023 cybersecurity prediction series.
Mark Lee, CEO, Splashtop
Flexible/Hybrid Work Will Continue to Be the Norm, Exacerbating the Need for Secure Remote Access
The hybrid work train has left the station, and it’s not coming back. Initially fueled by external forces beyond the control of employers and employees, the shift to work-from-home for knowledge workers during the pandemic has shown no signs of slowing down. If you’re wondering how deeply rooted those habits have become, there’s plenty of evidence to back it up. A recent “Everywhere Workplace Report” found that employees would rather have the option of working from home than receive a promotion. Additional research has shown that half of employees who have transitioned to working from home would resign if they were told they must report back to the office full time.
Employees aren’t the only ones with a stake in the new paradigm. Recent research from The Future Forum found that workers with full flexibility are 29% more productive than their full-time office-bound counterparts. It’s a productivity boon that employers can get behind.
We all know that workplace flexibility is no passing fad. In 2023, employers will take the necessary steps to further entrench remote work as part of standard operating procedure. That means adopting policies, procedures and protocols that extend enterprise security across networks that are expanding into living rooms, bedrooms and home offices across the world. It is no longer acceptable for security and IT teams to turn a blind eye toward unsafe remote access habits. 2023 will be the year that policy catches up to real-life practice: we will see companies prioritize, update and enforce remote access policies that allow employees to access everything they need to do their jobs seamlessly without introducing unnecessary risk.
Malicious Actors Will Increase the Volume and Sophistication of Phishing Scams
Unfortunately for most organization, it’s not just employees and employers who have adapted to the new work-from-home reality. Malicious actors have had nearly three years to study how the changing workforce paradigm has affected corporate security. In that time, we’ve seen attacks targeting network infrastructure fade to the background in favor of social engineering attacks targeting individuals. Research from the World Economic Forum has found that a staggering 95% of cyber crimes are the result of human error. That’s why phishing attacks have gotten far more prevalent and far more sophisticated than ever before – they’re bearing fruit for the bad guys.
We know that malicious actors are opportunistic. Forward-thinking attackers will use current news events or trends to develop more realistic campaigns with a higher likelihood of success. The shift toward flexible work-from-home policies is a tectonic shift in work experience – and it’s not one that hackers have overlooked. Recent research from Gartner found that, by the end of 2024, the change in work will drive up the total remote worker market to 60% of all employees, up from 52% in 2020.
With more targets staying home in the coming year, we will see an increase in remote access scams: phishing campaigns that impersonate popular companies like subscription services, then trick people into installing remote access tools that enable attackers to deploy malware. As with all phishing campaigns, companies will need to take proactive steps to mitigate this threat, including regular employee training, encrypting critical data, and ensuring strict compliance to security patches and updates across their extended enterprise.
Zero Trust Principles Go Mainstream and Become a Priority for Enterprise and SMB
Cybersecurity has never been easy, but attacks have gotten more sophisticated in recent years. At one time, security was essentially about putting barriers in place that prevented bad actors from accessing your data and systems. Easier said than done, but still a straight-forward process. But now we live in a world where network perimeters are a lot less defined than ever before. When is the last time you heard one of your colleagues talk about their attack surface getting smaller? Whether you’re a multi-national enterprise or an SMB, odds are that your attack surface is moving in one direction: toward expansion.
This is why Zero Trust principles – the idea that no user or application with access to corporate networks or data should be trusted by default - have taken off in the past year or so. Security teams need more control. 2023 will be a year where Zero Trust principles further take root in organizations of all sizes as security and IT teams internalize the principles behind this strategy and create policies and protocols to enforce them.
The Industry Moves to Co-Managed IT
The skills gap in the tech industry continues to plague organizations: particularly SMBs, who must compete with large enterprises for top talent. Recent research from Spiceworks found that three in five companies (59%) believe it’s difficult to hire skilled IT workers, and as a result, businesses are increasingly turning to managed services to fill the gap. As a result, services spending will account for 18% of IT budgets in 2023, up from 15% in 2020.
In 2023, we will see a significant uptick in co-managed IT, where in-house IT teams partner with managed service providers and managed security service providers with specialized expertise, to fill these gaps and manage employee devices and IT needs around the clock. In turn, MSPs/MSSPs will increasingly turn to secure remote desktop access and support technologies to ensure efficiency, business continuity and high performance across their platforms.