Mark Guntrip, Senior Director of Cybersecurity Strategy at Menlo Security, discusses the five common pitfalls companies fall into when trying to protect remote workers from cybersecurity threats.
Trying to protect remote workers has never been so complex or fraught with risk.
Working from home, hybrid working, SaaS, cloud migration, secure remote access, ransomware, phishing attacks, social engineering, credential theft, BYOD – the list goes on and on.
But the old methods of protecting remote workers are no longer fit for purpose.
VPNs are notoriously insecure and don’t scale. Backhauling Internet traffic to a secure data centre increases latency and can impact performance. Blacklisting shuts off entire sections of the dynamic Internet, preventing users from getting work done.
Yet, organisations continue to tackle new security problems with old technologies. Security strategies need to evolve to meet the needs of today’s business – where users can log on and access corporate resources from anywhere and anytime, no matter what device they are using. Users should expect to be protected from today’s highly sophisticated threats without impacting performance.
But old habits die hard. These are five pitfalls that organisations fall into when trying to protect remote workers:
1. Don’t ignore unmanaged devices
It’s easy to put your head in the sand and pretend that users are not accessing company systems on their personal devices. With corporate policies in place, people understand the security risks they are taking by using their phone, tablet, or laptop when logging in.
But they do it anyway. Unmanaged devices and networks (such as home or remote WiFi) pose a major security risk to the organisation.
The consumerisation of the cloud has also made it easier than ever for users to use a credit card to use own systems or create an infrastructure without following corporate policies or letting IT know.
It takes one click to give threat actors access to a device and then spread throughout the network. Businesses need to make sure they can secure the connection between unmanaged devices and corporate systems.
Isolation technology, for example, can create a virtual air gap between users and web content, stopping ransomware, drive-by attacks, and malware before they can access end devices. This is a user-centric rather than device-centric approach, ensuring that even unmanaged devices and infrastructure (that IT is not aware of) are protected.
2. Fail to plan, plan to fail
Malicious actors are becoming more sophisticated and adaptive in their methods.
Cybersecurity is a constant battle between threat actors and security teams. As soon as a new security control is developed, attackers quickly find a way around it. The gap is then plugged by a new tool, and attackers identify another way in.
What works today will not necessarily work tomorrow.
Today’s Highly Evasive Adaptive Threats (HEAT) target web browsers and employ techniques to evade multiple layers of detection in current security stacks, including firewalls, sandbox analysis, and phishing detection.
HEAT attacks can be used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware and other attacks.
Knowledge is power when trying to protect remote workers, and even more so when it comes to emerging threats like HEAT attacks.
3. Relying on VPNs
VPN appliances are not scalable enough to meet the needs of digital, agile organisations where users need to access applications quickly and reliably wherever they are.
Once credentials are compromised through social engineering, fake login forms, or phishing, threat actors have unrestricted access to the network with little to no east-west security controls in place.
Even when they do work, VPNs sap bandwidth and increase latency by backhauling Internet traffic to a secure data centre.
Organisations should look at alternative methods of secure remote access, such as cloud-based application isolation, providing connections to applications with a layer of threat prevention.
This offers enhanced Zero Trust access and maximises security posture without impacting the end user experience.
4. Over-consolidating security solutions
According to Anomali, organisations rely on an average of 50 to 80 security tools, which rises to 120 for large companies. This software sprawl can lead to higher capital and operating costs while causing integration and visibility issues.
In 2022, Gartner reported that 75% of global organisations plan to consolidate their security vendors over the next 12 months. But too much consolidation can result in a degradation of effectiveness.
No vendor can deliver a best of breed security solution that protects remote workers across all threat vectors. Anyone who attempts to develop or bolt together a complete solution inevitably will have to compromise.
While it makes sense to do some consolidation, relying on a single vendor introduces too much risk. Companies must be careful when trading simplicity for weaker protection.
5. Reliance on detect and respond
The trend in security over recent years has been to tell customers that breaches are inevitable and to focus on detecting malicious behaviour inside the network.
East-west security is critical, but it should not come at the expense of protection.
HEAT attacks bypass traditional detect-and-respond cybersecurity approaches by hiding in plain sight among seemingly innocuous technologies, such as JavaScript and VPNs.
Threat actors can breach the network avoiding detection for days, weeks, or even months. The problem is that the speed at which they make their move after the initial breach.
Despite what some security vendors say, protecting remote workers is not a losing battle – prevention works.