Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Ian Pratt
Ian Pratt
Connect Directly
E-Mail vvv

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.

Remote working is here to stay, as at least 70% of the workforce will work remotely at least five days a month by 2025. While the rapid shift to remote work enabled business continuity in 2020, it will continue making life difficult for security teams. Today, organizations must review whether the temporary changes they made to help employees work remotely are sufficient in the long term.

The Vanishing Perimeter
When the first lockdowns began, many organizations had to rapidly adopt new technologies and processes, such as scaling virtual private network (VPN) deployments and switching to cloud-based solutions. The organizational perimeter vanished, leaving security with the challenge of gaining visibility across huge networks of remote workers accessing data from almost anywhere at all times of day. Changes in IT infrastructure exposed employees to technical challenges, like remote access inefficiencies and home network vulnerabilities. The rush to business transformation also confused data security processes, with security often added as an afterthought. It's no surprise 46% of C-level IT leaders are worried about maintaining security and compliance for remote workers.

Related Content:

How to Secure Employees' Home Wi-Fi Networks

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

As the perimeter melts away, securing the endpoint is more important — but it is harder. For a start, there is less visibility and control over how people connect to services. The lines between personal and professional have blurred as employees are mandated to work from home. As a result, more people are using work devices for personal uses — for example, online shopping or children playing video games. Trying to police such behavior is unlikely to go down well with staff; people have allowed work to encroach on their personal space, so being told how to behave in their own homes may be a step too far.

The Rise in COVID-19 Cybercrime
The shift to online has been a boon for hackers, widening the attack surface and creating new social engineering opportunities. Again, the endpoint and the user have been in the spotlight. Cybercriminals are using social engineering attacks, including sophisticated lures related to COVID-19, to trick users into clicking on attachments, links, and downloads. Attackers are also working on ways to ensure malicious emails can bypass email gateways and detection tools, land in employees' inboxes, and increase the chances of being clicked on. For example, a recent phishing campaign used Microsoft Office's legitimate "encrypt-with-password" feature to conceal malware until the user opens the document and enters the password. As the malicious file is password-protected, it prevents detection tools from scanning the malware.

Additionally, cybercriminals are using tactics such as thread hijacking to improve their odds and expand access within (and between) organizations. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. Stolen data is used to reply to conversations with messages containing malicious attachments, downloads, or hyperlinks, making them appear very convincing. We will continue to see cybercriminals create targeted and sophisticated attacks focusing on users and endpoints.

While user education is important, it will never be completely effective. Some users must engage in "risky" behavior to conduct their work — e.g., finance opening invoices or HR opening resumes. It's bad business to lock users down, and they shouldn't have to bear the burden of security.

Building Security From the Hardware Up
Detection tools can't be relied on to catch everything, nor can overburdened security teams and users. Sooner or later, an endpoint will be compromised. Clearly, a more architecturally robust process is needed to help secure remote workers.

Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint. This will combine the principles of least privilege, strong identity, mandatory access control, and strong isolation to protect what organizations care about most and prevent attackers from escalating their access. When it comes to strong isolation, just as you can have microsegmentation of a network, you can have microsegmentation of applications and data within an endpoint or server. This creates layers of compartments isolated from each other, preventing malware from spreading even if one compartment is compromised.

Application isolation is central to this approach. Running risky activities — such as opening email attachments, clicking on links, or downloading files — in micro virtual machines (VMs) greatly reduces the attack surface. This means organizations don't have to worry about vulnerabilities in Word, the Web browser, or even the operating system. It doesn't matter if vulnerabilities exist if any exploitation takes place within a micro VM. The malware cannot persist and will be evicted as soon as the user closes the document or navigates to a different website. Rather than worrying about malware evading detection and persisting on the network for months, organizations can contain it within the micro VM, with no documents or credentials to steal and no ability to move laterally.

From a user perspective, it's business as usual. The technology is transparent, and users can click on links in emails, visit webpages, download files, and open documents, knowing that any malware is rendered harmless.

Microvirtualization also has unique advantages for collecting threat intelligence, arming the security operations center (SOC) with detailed knowledge of attack methods and indicators of compromise that can inform detection-based tools how to spot the latest attacks. Isolation means you don't need to stop the attack immediately, instead letting it play out within the VM, knowing no harm can occur. This means organizations can mobilize an army of endpoints to capture threat intelligence and harden their overall security posture.

Time for a Long-Term Solution
As remote working persists and malicious actors continue successfully targeting users, organizations can't keep trying to plug the gaps with detection tools or employees spotting threats. They need a more architecturally robust approach to security that applies the sound engineering principles of zero trust. By focusing on protection instead of detection, organizations can defend themselves and their employees from targeted attacks without compromising security or productivity.

Ian Pratt is currently Global Head of Security at HP Inc. He heads a new security business unit that is building on HP's strengths in hardware, systems software, ML/AI, and ability to deploy at massive scale to create industry-leading endpoint security solutions that are ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file