Data from global cybersecurity firm Fortinet has revealed that the adoption of hybrid work has led to heightened risks due to unmanaged devices (laptops, mobile phones, and other work tools which are personally owned and not overseen by organisational IT controls).

According to the survey conducted among 450 cybersecurity leaders from nine different locations across Asia including Hong Kong, India, Indonesia, Malaysia, Philippines, Singapore, South Korea, Thailand, and Vietnam, 89% of respondents have a hybrid or fully remote working model, with more than half (53%) having at least 50% of their employees working in hybrid mode. 

The increase in the hybrid model has led to the rise of the ‘branch-office-of-one’ working from their homes or other locations outside the traditional office. Consequently, 65% of respondents anticipate managed devices to surge by more than 100% over the next two years (with some expecting growth of 400%). Additionally, 69% expect unmanaged devices to grow by over 50%. This is expected to compound the complexity and risk of security breaches, placing additional strain on already overburdened IT security teams.

Survey respondents came from nine industries, including manufacturing (14%), Retail (13%), Logistics (14%), Healthcare (13%), FSI (10%), and Public Sector (11%).

Unmanaged devices pose a risk: With cloud computing and remote work becoming more prevalent, an increasing number of users, devices, and data are located outside of enterprise networks and not managed by the company’s IT team. Currently, 30% of devices connecting to networks are unmanaged, raising the possibility of security breaches. Survey respondents expect this figure to rise, with 69% predicting a 50% increase by 2025.

The need to secure cloud: With hybrid work increasing, employees require multiple connections to external systems and cloud applications to remain productive. Survey respondents indicated that their employees need more than 30 connections to third-party cloud applications, increasing the risk of security breaches. Over the next two years, 100% of respondents expect this number to double, while more than 60% feel that this number will triple, exacerbating the risk. Maintaining network security while ensuring employee connectivity to third-party and cloud-based services is a significant challenge, as traditional security measures are inadequate.

Increased security incidents:  Hybrid work and the growth in managed and unmanaged connections have caused a significant rise in security incidents, with 54% of surveyed organisations reporting more than triple the number of breaches. According to the survey, 79% of respondents have experienced at least a two-fold increase in security incidents, with about 20% of companies experiencing at least a five-fold rise in breaches. The top security incidents include phishing, denial of service, data/identity theft, ransomware, and data loss. However, only 49% of organisations have dedicated security personnel, which leaves them more vulnerable to security incidents and breaches.

SASE: a game-changer for hybrid work: To tackle the challenges of hybrid work, many organisations plan to invest in a single-vendor SASE solution (secure access service edge, or the merging of different network and security services into a cloud-based model) to improve their security posture and provide consistency in the user experience for remote employees. The need for a comprehensive solution that offers a consistent security posture for users on and off the network while simplifying security policy management and enhancing the user experience for remote employees is driving many organisations to explore SASE.

The preference for a single vendor: As organisations adopt SASE to manage networking and security services, they are seeking a converged platform to streamline their operations. According to the survey, 78% of respondents prefer a single vendor for networking and security capabilities, with 76% consolidating their IT security vendors. More than half (57%) of the respondents prefer a single vendor for cloud-delivered security services and SDWAN, citing various benefits such as reduced security gaps, improved network performance, ease of deployment, and addressing integration and scalability challenges.

“As businesses across Asia continue to embrace the digital future and lead in the digital economy, it is essential that we acknowledge the increasing frequency and sophistication of cyber-attacks and data breaches. The shortage of skilled talent in the cybersecurity industry only makes this issue more challenging,” said Vishak Raman, Vice President, India, SEAHK and ANZ, Fortinet.

Rashish Pandey, Vice President of Marketing and Communications, Asia & ANZ, Fortinet said, "As the world shifts to hybrid work, organisations face the challenge of securing a 'branch-office-of-one' environment where employees and devices operate outside of traditional office boundaries. The survey underscores the urgency for organisations to adopt a comprehensive security strategy that addresses the complexity and risk posed by the growth of remote work. Single-vendor SASE, with its converged networking and security capabilities, is proving to be a game-changer for many organizations seeking a simplified and consistent security posture for users both on and off the network."

Simon Piff, Research Vice President, IDC Asia/Pacific, said, "These findings highlight the importance of prioritising security posture and investing in cloud-delivered solutions that seamlessly integrate with on-prem solutions to manage hybrid work environments and mitigate risks. The preference for a single vendor and infrastructure convergence demonstrates the need for efficient management, and zero-trust architecture can enhance security and usability. Organisations need to address these challenges and invest in security solutions to support their hybrid workforce and reduce security threats."