1 day Ago
With hybrid work now the norm, business operations have undergone a dramatic transformation, making the security of both managed and unmanaged devices a pressing challenge. The modern workplace is defined by browser-based work environments, cloud applications and an increasing reliance on personal devices - factors that create new vulnerabilities for cybercriminals to exploit. Over 85 per cent of daily work now takes place in the browser - causing a cybersecurity rethink.
Credit: iStock Simon Green, president, Asia Pacific and Japan, Palo Alto Networks, says hybrid work has “fundamentally reshaped the way businesses approach cybersecurity”. “This shift has significantly expanded the attack surface, meaning cybercriminals are targeting these vulnerabilities with threats like phishing, malware, and account takeovers,” says Green. The modern work environment increasingly depends on a mixture of managed and unmanaged devices.
Cybercriminals take advantage of this new complexity, Green says. “Employees may now work from multiple locations, using both corporate and personal devices: as a result, the traditional security perimeter has disappeared.” Simon Green, president, Asia Pacific and Japan, Palo Alto Networks.
“At the same time, the widespread use of software-as-a-service (SaaS) applications as well as generative AI (GenAI) make visibility and control more challenging.” “This is particularly acute for critical industries like finance, healthcare, education, and government which handle highly sensitive data,” he says. A clear mandate for the modern era Arul Arogyanathan, CIO, Village Roadshow, says hybrid work forced a new approach to cybersecurity, with every employee essentially “a branch office of one”.
“With employees accessing systems remotely, we needed a strategy that provided consistent, secure access while reducing complexity,” says Arogyanathan. “We moved away from traditional network architectures and transitioned to a next-gen security architecture with SD-WAN, which enabled us to enhance security while reducing operational complexity. Arul Arogyanathan, CIO, Village Roadshow.
“We also recognised that every remote employee is essentially a branch office of one. That shift required us to adopt a zero-trust framework that ensures visibility, access control, and data protection across all locations.” Prisma SASE has enabled the firm to implement secure cloud access while preventing data loss, and automated threat detection allows staff to respond swiftly to evolving cyber threats.
“Securing unmanaged and personal devices has been a significant challenge - managing security across multiple vendor’s tools created fragmented oversight, inconsistent data collection as well as gaps in our visibility,” he says. “As our reliance on cloud applications and browser-based workflows grew, so did our exposure to browser-based security threats. We had to protect sensitive customer and business data from phishing, malware as well as unauthorised access.
” The State of Workforce Security , released with Omdia, found that 64 percent of web traffic is encrypted, making it harder for organisations to detect hidden threats. With limited visibility, cyber criminals find it easier to target vulnerabilities. “Cyber criminals use this blind spot to evade detection, especially as more organisations adopt hybrid work and AI-driven collaboration tools,” says Palo Alto Networks’ Green.
Unmanaged devices increase risk “Unmanaged and personal devices introduce major security risks because they often lack enterprise-grade security controls.” “Employees today are using their own laptops, smartphones, and tablets to access corporate applications, but often these devices may lack updated security patches, endpoint protection, or corporate access controls that attackers can exploit.” The shortcomings in security measures are compounded by the fact that web traffic encryption remains suboptimal.
Browser-based work environments create new vulnerabilities As organisations move away from traditional desktop environments, browsers have become the primary workspace, says Green. “The browser has become the new workplace for many employees.” Instead of relying on standard desktop applications, people may now use browsers to access cloud applications, collaborate with teams and even use AI-powered tools.
“This shift is significant - research shows that over 85 per cent of daily work now takes place in the browser. However, browsers were not built with enterprise security in mind. “They’re vulnerable to malicious extensions, phishing attacks, and data leaks,” he says.
Security solutions that work in the background Today’s security measures must be seamless and unobtrusive. When security controls become a hindrance, employees may bypass them, increasing risk. “If employees feel that security is slowing them down, they’ll look for workarounds such as using personal email accounts to send work documents or bypassing VPNs which increases the organisation’s overall risk,” he says.
“Organisations today must adopt a frictionless approach to security. This is security that’s integrated into daily workflows. “Zero trust security models help by ensuring that only verified users and devices can access corporate data, while browser-level security stops threats before they can spread.
” By embedding security into the work process, companies can protect data without disrupting productivity. Innovation in the digital age should not be stifled by security measures that slow progress. “Security should support innovation, not slow it down,” says Green.
“Businesses need to embrace AI-powered applications, hybrid work models, and cloud transformation while making sure their security policies don’t create unnecessary barriers.” To find out more, and to read the Palo Alto Networks report, please visit here ..
