Blog
The Operational and Security Functions of Building AI Applications
Read More
When it comes to your enterprise, or your personal data, emerging opportunities – such as AI – also translates to emerging threats.
According to IBM’s 2025 Global Cost of a Data Breach Report, the average cost of a data breach is $4.4 million and 97% of organizations recently reported an AI-related security incident. That’s in addition to the ongoing desktop threats workers face on-a-daily-basis.
For enterprises, it’s never been more urgent to stay ahead of the game. The Gartner Group is defining the category as “Workspace Security” –Shifting the focus from protecting individual endpoints or tools to protecting the worker at the center, regardless of the device they use. This entails a different way of thinking and securing your hybrid workforce through the integrated set of people, processes and technologies developed to protect credentials, devices, applications, data and the hybrid workforce.
Cyber-attacks are increasing in both sophistication and in their difficulty to detect. Oftentimes hackers breach the operating system or platform to affect widespread damage without using custom tools, but leveraging the vulnerabilities and tools that already exist. This is referred to as Living Off the Land (LOTL). The ongoing challenge is how to ensure the safe productivity of your employees regardless of where and how they work.
According to The Gartner Group, disjointed security infrastructure will result in increased operational cost and complexity and lower security effectiveness at a time of growing risk. Post COVID has drastically changed how and where employees work, traditional security tools and architectures aren’t effective.
Further, there is a high degree of complexity in sorting attacks and delivering protection. For example,
• 84% of major attacks (incidents with high severity) involved the use of LOTL binaries – Recent study from Bitdefender from 700,000 security incidents.
• In 75% of incidents, critical information is not effectively operationalized due to disjointed security infrastructure. – Forrester Consulting study commissioned by IBM
• 62% of detections were completely malware-free incidents relying on LOTL tools – indicative of the challenge in correctly blocking real threats. – Crowdstrike
In other data, the 2025 CrowdStrike Global Threat Report paints a stark picture – adversaries are becoming faster, more efficient, and more business-like than ever. Their tactics have evolved beyond traditional malware, shifting toward identity-based attacks, as attackers “don’t break in, they log in”.
The bottom line is that attackers are developing new techniques to circumvent traditional security controls including: LOTL and Fileless Malware; Multi Factor Authentification (MFA) Bypass; and Business Email Compromised (BEC) or Account Takeover (ATO). In response, solutions and architecture must adapt.
According to Jason Marocchi, cybersecurity architect at Sayers, the challenge is that historically most protective measures are set up as point solutions – which are not sharing information. This increases complexity and the risk of identifying real threats.
As an example, an employee may receive a malicious email, however, siloed point solutions that are not integrated or sharing information, may flag it as odd vs. blocking it outright.
Protection is built on common services such as asset discovery, configuration assessment, exposure management and vulnerability detection.
Foundational building blocks for Workspace Security include – Security Service Edge (SSE), Secure Email Collaboration, End Point Protection Platform (EPP), End Point Detection and Response (EDR), and Identity Threat Detection and Response (ITDR).
“The evolving building blocks and where the industry is going next includes Continuous Threat Exposure Management (CTEM), Security and Behavior Culture program (SBCP) and Automated Security Control Assessment(ASCA), Marocchi said.
“CTEM, ASCA and ITDR are also built on common services – and they provide continuous assessment over time as workforce and business evolves,” he continued.
According to Gartner, the goal of Workplace Security is to create unified security through integrated point solutions or a platform that continuously scans/assesses/prioritizes threats.
Gartner said that in less than 2 years, enterprises will be focused on delivering:
• Endpoint security for frontline workers
• Desktop as a Service
• Data Sanitization
• ZTNA (Zero Trust Network Access)
• Endpoint Detection and Response
And in 2-5 years, the evolutionary path will include:
• Endpoint Access Isolation
• AI Usage Control
• BYOPC Security (Bring Your Own Personal Computer)
• Generative AI
• Security Service Edge
• ITDR
• XDR (Extended Detection and Response)
• MDR Services (Managed Detection and Response)
• Content Disarm and Reconstruction
• SASE (Secure Access Service Edge)
• Workspace Security aims to provide unified security for devices, applications, data, credentials and the hybrid workforce. Focus on the way the each employee works to ensure security for that approach is solved.
• There are multiple adoption strategies – including platform, XDR, and MDR.
• Enterprises should consult with experienced security experts to discuss what success looks like, their evolutionary path, and the barriers and obstacles they might encounter on the way to implementation.
Businesses who want to learn more should contact Sayers at sayers.com
