Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Ian Pratt
Ian Pratt
Connect Directly
E-Mail vvv

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.

Remote working is here to stay, as at least 70% of the workforce will work remotely at least five days a month by 2025. While the rapid shift to remote work enabled business continuity in 2020, it will continue making life difficult for security teams. Today, organizations must review whether the temporary changes they made to help employees work remotely are sufficient in the long term.

The Vanishing Perimeter
When the first lockdowns began, many organizations had to rapidly adopt new technologies and processes, such as scaling virtual private network (VPN) deployments and switching to cloud-based solutions. The organizational perimeter vanished, leaving security with the challenge of gaining visibility across huge networks of remote workers accessing data from almost anywhere at all times of day. Changes in IT infrastructure exposed employees to technical challenges, like remote access inefficiencies and home network vulnerabilities. The rush to business transformation also confused data security processes, with security often added as an afterthought. It's no surprise 46% of C-level IT leaders are worried about maintaining security and compliance for remote workers.

Related Content:

How to Secure Employees' Home Wi-Fi Networks

Special Report: Tech Insights: Detecting and Preventing Insider Data Leaks

New From The Edge: 10K Hackers Defend the Planet Against Extraterrestrials

As the perimeter melts away, securing the endpoint is more important — but it is harder. For a start, there is less visibility and control over how people connect to services. The lines between personal and professional have blurred as employees are mandated to work from home. As a result, more people are using work devices for personal uses — for example, online shopping or children playing video games. Trying to police such behavior is unlikely to go down well with staff; people have allowed work to encroach on their personal space, so being told how to behave in their own homes may be a step too far.

The Rise in COVID-19 Cybercrime
The shift to online has been a boon for hackers, widening the attack surface and creating new social engineering opportunities. Again, the endpoint and the user have been in the spotlight. Cybercriminals are using social engineering attacks, including sophisticated lures related to COVID-19, to trick users into clicking on attachments, links, and downloads. Attackers are also working on ways to ensure malicious emails can bypass email gateways and detection tools, land in employees' inboxes, and increase the chances of being clicked on. For example, a recent phishing campaign used Microsoft Office's legitimate "encrypt-with-password" feature to conceal malware until the user opens the document and enters the password. As the malicious file is password-protected, it prevents detection tools from scanning the malware.

Additionally, cybercriminals are using tactics such as thread hijacking to improve their odds and expand access within (and between) organizations. The technique automates the creation of spear-phishing lures by stealing email data from compromised systems. Stolen data is used to reply to conversations with messages containing malicious attachments, downloads, or hyperlinks, making them appear very convincing. We will continue to see cybercriminals create targeted and sophisticated attacks focusing on users and endpoints.

While user education is important, it will never be completely effective. Some users must engage in "risky" behavior to conduct their work — e.g., finance opening invoices or HR opening resumes. It's bad business to lock users down, and they shouldn't have to bear the burden of security.

Building Security From the Hardware Up
Detection tools can't be relied on to catch everything, nor can overburdened security teams and users. Sooner or later, an endpoint will be compromised. Clearly, a more architecturally robust process is needed to help secure remote workers.

Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint. This will combine the principles of least privilege, strong identity, mandatory access control, and strong isolation to protect what organizations care about most and prevent attackers from escalating their access. When it comes to strong isolation, just as you can have microsegmentation of a network, you can have microsegmentation of applications and data within an endpoint or server. This creates layers of compartments isolated from each other, preventing malware from spreading even if one compartment is compromised.

Application isolation is central to this approach. Running risky activities — such as opening email attachments, clicking on links, or downloading files — in micro virtual machines (VMs) greatly reduces the attack surface. This means organizations don't have to worry about vulnerabilities in Word, the Web browser, or even the operating system. It doesn't matter if vulnerabilities exist if any exploitation takes place within a micro VM. The malware cannot persist and will be evicted as soon as the user closes the document or navigates to a different website. Rather than worrying about malware evading detection and persisting on the network for months, organizations can contain it within the micro VM, with no documents or credentials to steal and no ability to move laterally.

From a user perspective, it's business as usual. The technology is transparent, and users can click on links in emails, visit webpages, download files, and open documents, knowing that any malware is rendered harmless.

Microvirtualization also has unique advantages for collecting threat intelligence, arming the security operations center (SOC) with detailed knowledge of attack methods and indicators of compromise that can inform detection-based tools how to spot the latest attacks. Isolation means you don't need to stop the attack immediately, instead letting it play out within the VM, knowing no harm can occur. This means organizations can mobilize an army of endpoints to capture threat intelligence and harden their overall security posture.

Time for a Long-Term Solution
As remote working persists and malicious actors continue successfully targeting users, organizations can't keep trying to plug the gaps with detection tools or employees spotting threats. They need a more architecturally robust approach to security that applies the sound engineering principles of zero trust. By focusing on protection instead of detection, organizations can defend themselves and their employees from targeted attacks without compromising security or productivity.

Ian Pratt is currently Global Head of Security at HP Inc. He heads a new security business unit that is building on HP's strengths in hardware, systems software, ML/AI, and ability to deploy at massive scale to create industry-leading endpoint security solutions that are ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...