What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

source: securitymagazine.com

A quick “work from home new normal” search on Google will return results somewhere in the ballpark of 2 billion. On the other hand, searches for “cybersecurity risks work from home” result in far less—around 32 million. While that may seem like a lot of coverage on any scale, it reflects the chasm between what we focus on and what we understand about this new environment as we begin 2021.

By now, most companies recognize there is no turning back the hands of time to the way it was before the pandemic. The digital transformation is not just upon us but part of life moving forward. That’s likely to mean digital or hybrid workforces, digital currency and digital content, all of which can be hacked, causing significant damage to enterprises and employees alike. And while cybersecurity has been a concern for as long as the Internet became a staple of life, the difference now is that instead of organizations considering a strong culture of cybersecurity “nice to have,” it is a necessity—regardless of where workers are located.

This has undoubtedly sparked a great debate on how to achieve a secure environment. Particularly when it comes to distributed workforces, whether an employee is at home or in a café somewhere, standards and governance are often front and center. But without recognizing the importance of training employees and  building the right infrastructure, it is an incomplete strategy that leaves vulnerabilities hidden from sight.

Working remotely is nothing new, but it is very different from the way it was even a year ago when considering scale and types of work. Even the things employees expected and relied on in a physical office are now remote as well—hence more complex. Certainly, most agree that being aware of one’s surroundings has always been important when working outside of the office. For example, most understand that caution should be taken with screen visibility. It’s an unspoken rule to make sure the contents of a screen, or phone calls for that matter, are not being seen and heard by strangers. It’s just good practice. But with work from home becoming the norm, employees are likely letting their guards down, allowing people in the same household, whether family or visitors, to have access to work-related content. That is why a good cybersecurity strategy starts with people—and a zero trust approach.

Training programs are essential to ensure employees are aware of how to treat both digital and physical assets like phones, laptops and desk top computers. Especially with laptops providing employees with more mobility, in the event the laptop is left behind somewhere or stolen, good encryption software can prevent company data from falling into the hands of nefarious characters by denying access to unauthorized users.

Most companies are not used to having a fluid perimeter. In fact, up until now, most assumed that they could trust their ring fencing, with the idea that it was safe for employees to work within a corporate environment. Because many employees are now outside of their corporate network, control has obviously weakened. At the same time, having a trusted device has never been more important, which is why solutions are also much more important.  Particularly for accessing a trusted Virtual Private Network (VPN), which relies on bi-directional identification of both the server and the end point (laptops, phones, etc.), a layered approach providing integrated encryption is recommended in order to build a scalable zero trust environment. This includes:

  • Layer Two Tunneling Protocol (L2TP) – tunnels L2 traffic over an IP network.
  • Internet Protocol Security (IPSec) – provides data authentication, integrity and confidentiality.
  • Web Application Firewalls (WAF) – helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet.
  • Network Traffic Analysis (NTA) – detects targeted attacks and previously undetected hacks through real-time and saved traffic data.
  • Cloud Access Security Brokerage (CASB) – acts as an intermediary between users and cloud service providers.

Part of assessing and mitigating cyber threats is understanding the blast radius. Micro-segmentation and SASE (Secure Access Secure Edge) is especially important now for controlling blast radius and impact spread, as is having proper security for monitoring the endpoints. That’s why an enterprise-wide policy should always start with the weakest link to assess risk. The cloud is also now central to ensuring a secure infrastructure. With COVID accelerating and in some cases forcing enterprises to shift storage options, focusing on best practices and processes for employee access is critical. This is where hyper-automation comes in.

Hyper-automation deals with the application of advanced technologies, including artificial intelligence (AI) and machine learning (ML), to increasingly automate processes and augment humans. While it extends across a range of tools that can be automated, it also refers to the sophistication of the automation to discover, analyze, design, automate, measure, monitor and reassess. This is critical, as it shifts the focus away from individual technology to holistic business transformation and continual improvement, which in practice are rarely, if ever, successful using just one tool or technology. Specifically, AI and ML are components that are commonly considered today as a long-term investment for their strategic value. However, when applied to the right use case, they can also uncover tactical opportunities by identifying weaknesses throughout the business, including security vulnerabilities.

Automation is invaluable as long as it is coupled with high-level analytics that can discover irregularities in a system or in user behavior. It’s one thing to monitor the network, but a dump on a CRM database at 2 a.m., for example, should be easy to flag and interrupt. With the right governance, monitoring and threat response capabilities in place, expected and unexpected network patterns and anomalies can be identified quickly and remediated or corrected to ensure a fluid network perimeter. It’s worth emphasizing the need for good employee monitoring software. With the pandemic sending millions off site, companies have a real opportunity to recast this solution as something that is intended to help employees work safer rather than spy on them.

How this is communicated will make all the difference in how employees perceive it.

Many organizations make the mistake of trying to solve security problems with either governance or infrastructure alone. But a balanced three-prong approach is key, allocating budgets in equal measure. Investing in employee training and awareness is as important as investing in infrastructure and governance. Do not assume everyone has even the basics down. Better to assume cyberhacks will be the rule, not the exception. For companies still unsure of the best route to take, schedule some time with a cybersecurity expert to develop a strategy that shines a light on all of the dark places.