Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/4/2021
01:00 PM
Ian Pratt
Ian Pratt
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.

Remote working is here to stay, as at least 70% of the workforce will work remotely at least five days a month by 2025. While the rapid shift to remote work enabled business continuity in 2020, it will continue making life difficult for security teams. Today, organizations must review whether the temporary changes they made to help employees work remotely are sufficient in the long term.

The Vanishing Perimeter
When the first lockdowns began, many organizations had to rapidly adopt new technologies and processes, such as scaling virtual private network (VPN) deployments and switching to cloud-based solutions. The organizational perimeter vanished, leaving security with the challenge of gaining visibility across huge networks of remote workers accessing data from almost anywhere at all times of day. Changes in IT infrastructure exposed employees to technical challenges, like remote access inefficiencies and home network vulnerabilities. The rush to business transformation also confused data security processes, with security often added as an afterthought. It's no surprise 46% of C-level IT leaders are worried about maintaining security and compliance for remote workers.

Related Content:

How to Secure Employees' Home Wi-Fi Networks

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

As the perimeter melts away, securing the endpoint is more important — but it is harder. For a start, there is less visibility and control over how people connect to services. The lines between personal and professional have blurred as employees are mandated to work from home. As a result, more people are using work devices for personal uses — for example, online shopping or children playing video games. Trying to police such behavior is unlikely to go down well with staff; people have allowed work to encroach on their personal space, so being told how to behave in their own homes may be a step too far.

The Rise in COVID-19 Cybercrime
The shift to online has been a boon for hackers, widening the attack surface and creating new social engineering opportunities. Again, the endpoint and the user have been in the spotlight. Cybercriminals are using social engineering attacks, including sophisticated lures related to COVID-19, to trick users into clicking on attachments, links, and downloads. Attackers are also working on ways to ensure malicious emails can bypass email gateways and detection tools, land in employees' inboxes, and increase the chances of being clicked on. For example, a recent phishing campaign used Microsoft Office's legitimate "encrypt-with-password" feature to conceal malware until the user opens the document and enters the password. As the malicious file is password-protected, it prevents detection tools from scanning the malware.

Additionally, cybercriminals are using tactics such as thread hijacking to improve their odds and expand access within (and between) organizations. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. Stolen data is used to reply to conversations with messages containing malicious attachments, downloads, or hyperlinks, making them appear very convincing. We will continue to see cybercriminals create targeted and sophisticated attacks focusing on users and endpoints.

While user education is important, it will never be completely effective. Some users must engage in "risky" behavior to conduct their work — e.g., finance opening invoices or HR opening resumes. It's bad business to lock users down, and they shouldn't have to bear the burden of security.

Building Security From the Hardware Up
Detection tools can't be relied on to catch everything, nor can overburdened security teams and users. Sooner or later, an endpoint will be compromised. Clearly, a more architecturally robust process is needed to help secure remote workers.

Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint. This will combine the principles of least privilege, strong identity, mandatory access control, and strong isolation to protect what organizations care about most and prevent attackers from escalating their access. When it comes to strong isolation, just as you can have microsegmentation of a network, you can have microsegmentation of applications and data within an endpoint or server. This creates layers of compartments isolated from each other, preventing malware from spreading even if one compartment is compromised.

Application isolation is central to this approach. Running risky activities — such as opening email attachments, clicking on links, or downloading files — in micro virtual machines (VMs) greatly reduces the attack surface. This means organizations don't have to worry about vulnerabilities in Word, the Web browser, or even the operating system. It doesn't matter if vulnerabilities exist if any exploitation takes place within a micro VM. The malware cannot persist and will be evicted as soon as the user closes the document or navigates to a different website. Rather than worrying about malware evading detection and persisting on the network for months, organizations can contain it within the micro VM, with no documents or credentials to steal and no ability to move laterally.

From a user perspective, it's business as usual. The technology is transparent, and users can click on links in emails, visit webpages, download files, and open documents, knowing that any malware is rendered harmless.

Microvirtualization also has unique advantages for collecting threat intelligence, arming the security operations center (SOC) with detailed knowledge of attack methods and indicators of compromise that can inform detection-based tools how to spot the latest attacks. Isolation means you don't need to stop the attack immediately, instead letting it play out within the VM, knowing no harm can occur. This means organizations can mobilize an army of endpoints to capture threat intelligence and harden their overall security posture.

Time for a Long-Term Solution
As remote working persists and malicious actors continue successfully targeting users, organizations can't keep trying to plug the gaps with detection tools or employees spotting threats. They need a more architecturally robust approach to security that applies the sound engineering principles of zero trust. By focusing on protection instead of detection, organizations can defend themselves and their employees from targeted attacks without compromising security or productivity.

Ian Pratt is currently Global Head of Security at HP Inc. He heads a new security business unit that is building on HP's strengths in hardware, systems software, ML/AI, and ability to deploy at massive scale to create industry-leading endpoint security solutions that are ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36343
PUBLISHED: 2022-01-24
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
CVE-2021-36349
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.
CVE-2021-43588
PUBLISHED: 2022-01-24
Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.
CVE-2021-43589
PUBLISHED: 2022-01-24
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on...
CVE-2021-45222
PUBLISHED: 2022-01-24
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.