Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

5/4/2021
01:00 PM
Ian Pratt
Ian Pratt
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.

Remote working is here to stay, as at least 70% of the workforce will work remotely at least five days a month by 2025. While the rapid shift to remote work enabled business continuity in 2020, it will continue making life difficult for security teams. Today, organizations must review whether the temporary changes they made to help employees work remotely are sufficient in the long term.

The Vanishing Perimeter
When the first lockdowns began, many organizations had to rapidly adopt new technologies and processes, such as scaling virtual private network (VPN) deployments and switching to cloud-based solutions. The organizational perimeter vanished, leaving security with the challenge of gaining visibility across huge networks of remote workers accessing data from almost anywhere at all times of day. Changes in IT infrastructure exposed employees to technical challenges, like remote access inefficiencies and home network vulnerabilities. The rush to business transformation also confused data security processes, with security often added as an afterthought. It's no surprise 46% of C-level IT leaders are worried about maintaining security and compliance for remote workers.

Related Content:

How to Secure Employees' Home Wi-Fi Networks

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

As the perimeter melts away, securing the endpoint is more important — but it is harder. For a start, there is less visibility and control over how people connect to services. The lines between personal and professional have blurred as employees are mandated to work from home. As a result, more people are using work devices for personal uses — for example, online shopping or children playing video games. Trying to police such behavior is unlikely to go down well with staff; people have allowed work to encroach on their personal space, so being told how to behave in their own homes may be a step too far.

The Rise in COVID-19 Cybercrime
The shift to online has been a boon for hackers, widening the attack surface and creating new social engineering opportunities. Again, the endpoint and the user have been in the spotlight. Cybercriminals are using social engineering attacks, including sophisticated lures related to COVID-19, to trick users into clicking on attachments, links, and downloads. Attackers are also working on ways to ensure malicious emails can bypass email gateways and detection tools, land in employees' inboxes, and increase the chances of being clicked on. For example, a recent phishing campaign used Microsoft Office's legitimate "encrypt-with-password" feature to conceal malware until the user opens the document and enters the password. As the malicious file is password-protected, it prevents detection tools from scanning the malware.

Additionally, cybercriminals are using tactics such as thread hijacking to improve their odds and expand access within (and between) organizations. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. Stolen data is used to reply to conversations with messages containing malicious attachments, downloads, or hyperlinks, making them appear very convincing. We will continue to see cybercriminals create targeted and sophisticated attacks focusing on users and endpoints.

While user education is important, it will never be completely effective. Some users must engage in "risky" behavior to conduct their work — e.g., finance opening invoices or HR opening resumes. It's bad business to lock users down, and they shouldn't have to bear the burden of security.

Building Security From the Hardware Up
Detection tools can't be relied on to catch everything, nor can overburdened security teams and users. Sooner or later, an endpoint will be compromised. Clearly, a more architecturally robust process is needed to help secure remote workers.

Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint. This will combine the principles of least privilege, strong identity, mandatory access control, and strong isolation to protect what organizations care about most and prevent attackers from escalating their access. When it comes to strong isolation, just as you can have microsegmentation of a network, you can have microsegmentation of applications and data within an endpoint or server. This creates layers of compartments isolated from each other, preventing malware from spreading even if one compartment is compromised.

Application isolation is central to this approach. Running risky activities — such as opening email attachments, clicking on links, or downloading files — in micro virtual machines (VMs) greatly reduces the attack surface. This means organizations don't have to worry about vulnerabilities in Word, the Web browser, or even the operating system. It doesn't matter if vulnerabilities exist if any exploitation takes place within a micro VM. The malware cannot persist and will be evicted as soon as the user closes the document or navigates to a different website. Rather than worrying about malware evading detection and persisting on the network for months, organizations can contain it within the micro VM, with no documents or credentials to steal and no ability to move laterally.

From a user perspective, it's business as usual. The technology is transparent, and users can click on links in emails, visit webpages, download files, and open documents, knowing that any malware is rendered harmless.

Microvirtualization also has unique advantages for collecting threat intelligence, arming the security operations center (SOC) with detailed knowledge of attack methods and indicators of compromise that can inform detection-based tools how to spot the latest attacks. Isolation means you don't need to stop the attack immediately, instead letting it play out within the VM, knowing no harm can occur. This means organizations can mobilize an army of endpoints to capture threat intelligence and harden their overall security posture.

Time for a Long-Term Solution
As remote working persists and malicious actors continue successfully targeting users, organizations can't keep trying to plug the gaps with detection tools or employees spotting threats. They need a more architecturally robust approach to security that applies the sound engineering principles of zero trust. By focusing on protection instead of detection, organizations can defend themselves and their employees from targeted attacks without compromising security or productivity.

Ian Pratt is currently Global Head of Security at HP Inc. He heads a new security business unit that is building on HP's strengths in hardware, systems software, ML/AI, and ability to deploy at massive scale to create industry-leading endpoint security solutions that are ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...