Distributed remote working and security implications

The cybersecurity strategies developed last year are already insufficient. IT managers face more complex attacks, and the move to remote teams creates an increasingly distributed and challenging threat ecosystem. The latest Thales Data Threat Report shows that 79% of IT decision makers are concerned about remote security risks, as employees have more power over their environment and leaders lose direct control over day-to-day cybersecurity decisions. With remote workforces now a business norm, companies need to change the way they think about security and get their employees to partner with them.

Change the mindset

The main shift in mindset is how companies used to control access versus how they need to manage security in digitally transformed environments.

In traditional environments, the central thinking focused on controlling what came in and went out of the networks. People walked into the office and connected to networks with firewalls acting as gatekeepers and protecting everything inside that locked area. With a distributed and remote workforce, those perimeters no longer exist.

People working from home means businesses can no longer control that door. People are working from home or at a local cafe, bringing company-provided devices.

Purchasing the most expensive firewalls, latest Intrusion Prevention System (IPS) or Distributed Denial of Service (DDoS) protections fail to protect users working from home.

When people use their own devices, the risks increase further because organizations may not be able to control configurations. With the move to the cloud, users can use their personal devices just as easily as their business devices. Unfortunately, these personal computers may not have any protection, and the company may not be able to force the person to install protection.

Since the personal computer has access to corporate data, a successful phishing campaign means that threat actors can grab the data and siphon it off undetected.

Capturing the audience

Fostering security awareness among remote workers is a never-ending battle. Companies offer security awareness training, and most of the time, employees go through it quickly.

Capturing the public’s attention is fundamental. Logically, employees know not to click on every email requesting a password reset. Yet, malicious actors use targeted campaigns, such as spear phishing attacks tailored to people who work in a company. They send an email that appears to be from the CEO or supervisor asking for a favor. These attacks focus on exploiting emotion, not logic. Since people are inherently curious and helpful, people don’t respond logically.

With a remote workforce, cybersecurity awareness needs to be different. He should focus more on the idea of ​​questioning everything. Do I expect this person to contact me? Does this person usually ask me for favors? Is this something unusual?

The lesson should be: don’t click on it and don’t respond to it if it’s unexpected.

Validate all

IT and security teams should take this same lesson with them. Remote work shifts security to an “always verify, never trust” model. Just as employees need to be wary of the unexpected, IT and security teams need to be wary of unmanaged devices or shadow IT.

Companies lack visibility into the software people are installing on their own devices. IT and security teams may not be able to require agents to be installed on personal devices, which means they don’t have the ability to embed shadow IT into their agents. software inventory. Meanwhile, on a corporate device, they can implement and enforce controls such as requiring employees to use a specific hardware or token when accessing services.

Next, they need to find a way to protect cloud resources without affecting employee productivity. They need to provide good access to the business, so people are happy at work. The challenge here is balancing what may be competing organizational needs.

Changing the security mindset along with the perimeter means rethinking how security teams define “gates.” Instead of thinking “you won’t succeed,” IT and security teams need to focus on “you can only succeed if.” The “if” is the validation process. You can also be successful if:

  • We know you are who you say you are.
  • You have the latest operating system on the device.
  • Your IP address comes from a geographical location that we recognize.

Manage compliance challenges

To validate everything, IT and security teams must monitor everything. For example, employees who manage cloud infrastructure should only be allowed to work from an encrypted corporate device with scanners.

This is where monitoring logs can help. All of the tools companies use to manage the remote workforce generate log data. Too often, companies collect the data, but no one reviews it regularly.

It is important to collect all this information in the log and then analyze, normalize, correlate and analyze it. IT and security teams can create the necessary documentation to prove compliance.

For example, if they absorb the logs into their infrastructure, they will be able to correlate:

  • User ID
  • Assets from services
  • Running web browser
  • host name

With this information, they can create alerts that detect when an employee is accessing a company asset from their personal device. Collecting log data can also help IT and security teams detect invalid access by dangerous malicious actors who may have hacked into corporate infrastructure through the employee’s computer. Regardless of what’s going on, the logs paint a picture that helps IT and security teams see what’s going on, even when people are working from anywhere.

Provide the right solutions

More than anything else, companies need to empower their employees with the right solutions to manage security. This can mean supporting how employees access the network by providing a password manager or requiring multi-factor authentication for the standard worker. For IT and security teams, that means finding the solution that answers their questions and meets their needs.

For businesses with smaller teams, it’s important to keep in mind that “good” doesn’t always mean “most expensive.” They need to look for solutions that give their employees the information they need with an interface they can use. Many expensive cybersecurity tools require experience with proprietary languages, which means many small IT and security teams don’t use all the fancy bells and whistles.

All employees need tools to meet them where they are and grow with them. While focusing on building barriers used in the past, modern businesses with modern IT and security teams need solutions that help change their mindset while providing the flexibility to deal with the future threat landscape.

The shift to #remote work is creating an increasingly distributed and empowering #cyberthreat ecosystem. Businesses need to change the way they think about #security and get their employees to partner with them. #respectdataClick to tweet

Distributed remote workers are here to stay. A partnership between IT and security and employees will emerge by providing solutions that support this style of working. The result is a robust security posture and happy, productive employees.

Michael A. Bynum