Retrofixing The Remote Workforce

Uploaded on 2023-05-03 in TECHNOLOGY--Resilience, FREE TO VIEW

The rollout of infrastructure to support remote working en masse has been key to keeping businesses running over the past few years. But this was only ever expected to be a temporary solution - nobody expected the pandemic to last as long as it did, nor for remote and now hybrid working to become the norm. 

According to the UK Office for National Statistics, only 16 percent of workers now work solely from home, while 28 percent have a hybrid working arrangement, oscillating between the home and the office from September 2022 to January 2023. However, during 2022 those working from home rose and fell between 25-40 percent with no clear upward or downward trend, indicating a fluidity to people’s working arrangements. To accommodate this, businesses have to provide equally flexible infrastructure and so now need to look in earnest at the security of the systems rolled out in haste three years ago.

Prime Concerns

There are some very specific challenges associated with remote working. First and foremost is the problem of establishing a secure connection. Traditionally, organisations have relied upon Virtual Private Networks (VPNs) to facilitate this, but these have been compromised in the past. The likes of the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all since issued warnings following a ramp up in VPN attacks post-pandemic.

So, the VPN needs to be secure with no unencrypted connections, or the business needs to have a Zero Trust Network Architecture (ZTNA) in its stead.

Secondly, endpoint protection is a primary concern. Now situated outside the network perimeter and its associated security measures, these endpoint devices have become much more vulnerable. Some users will want to use a combination of personal and work devices, again elevating risk, so it’s important to ensure only authorised devices can connect to the business network. These require remote monitoring, updates and provisions to facilitate the rollout of new applications on an automatic basis and to avoid the need for self-install, which can then burden the help desk.

Managing and securing users, their devices and the infrastructure, is undoubtedly a complex issue, and it’s one that is keeping the cyber C-Suite awake at night, with 52% admitting this is their top source of stress, according to the 2022 Deep Instinct Voice of SecOps report. But the hybrid workforce is also symptomatic of a much wider change which is seeing accelerated use of public cloud, more tightly interconnected supply chains and the expansion of public-facing digital assets, all of which further heighten risk. So, what should be the CISO’s course of action?

Where To Begin

Cyber leaders need to be able to track and analyse activity from different sources across a complex and widely distributed IT infrastructure, but there’s also a need to control cost, particularly in the current economic climate. So, rather than adding to the cybersecurity stack, it pays to look at how it can be consolidated.

Combining technologies over a single platform can provide a cohesive security solution that can monitor endpoints, network access and look for anomalous behaviour without the need to invest in yet more point solutions. Endpoint detection and response is a case in point. Many medium sized businesses cannot justify the expense of investing in a dedicated solution, but by deploying an advanced agent integrated with the Security Information and Event Management (SIEM), it’s possible to remotely monitor endpoints. Endpoint logs and telemetry are fed into the SIEM, analysing and can then be automatically investigated and contextualised using another integrated solution, Security Orchestration, Automation and Response (SOAR).

SOAR enables the business to aggregate and prioritise security alerts through the use of additional contextual and intelligence information. Automated playbooks enable automated response, ensuring a much speedier Mean Time to Respond (MTTR). Essentially this means any attack coming from the remote worker can be qualified, flagged for investigation, and the attack thwarted before business assets are compromised.

User Monitoring

But there’s also the opportunity here to monitor the end users themselves. User Entity Behaviour Analytics (UEBA) can provide end user analysis. It builds user profiles based upon role, access privileges and more, with the net result that any deviation in activity is then flagged to the security team. These parameters can also be applied to specific teams and are highly nuanced so that exceptions can be made when it comes to certain access requests. Adding important context like this can help organisations align with key security frameworks, like MITRE ATT&CK, but more importantly help baseline the new normal from a working practices perspective. 

Given that many businesses are still reliant upon VPNs, a policy based approach that’s hard to enforce or audit, at the early stages of implementing a Zero Trust strategy, have limited or no endpoint detection, and are continuing to see their information estate expand, it makes sense to look at a converged approach.

Combining together these technologies over a converged SIEM can enable the business to more effectively monitor endpoints, run interrogations to uncover potential threats, analyse incidents, carry out automatic incident detection and response, and use behaviour-based threat modelling.

All of which ensures the security team is given more meaningful data that can be used to better protect the remote workforce and the business as a whole.   

Tim Wallen is Regional Director, UKI, US & Emerging Markets at Logpoint

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Is ISO 27001 Worth It?
Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Kaspersky Lab

Kaspersky Lab

Kaspersky Lab is one of the world’s largest privately held vendors of endpoint cybersecurity solutions.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Casaba Security

Casaba Security

Casaba are specialists in software security providing managed Software Development Lifecycle services as well as products for security testing.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

IoT Now

IoT Now

IoT Now explores the evolving opportunities and challenges facing CSPs, and we pass on some lessons learned from those who have taken the first steps in next gen IoT services.

CyberPoint

CyberPoint

CyberPoint delivers innovative, leading-edge cyber security products, solutions, and services to customers worldwide.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

SBD Automotive

SBD Automotive

SBD Automotive are specialists in automotive technology providing independent research and consultancy to help create smarter, more secure, better connected, and increasingly autonomous cars.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Kingston Technology

Kingston Technology

Kingston is a leading global manufacturer of memory and storage solutions including encrypted storage solutions to protect data inside and outside the firewall.

Crayon

Crayon

Crayon is a customer-centric innovation and IT services company. We provide guidance on the best solutions for our clients’ business needs and budget with software, cloud, AI and big data.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.

Oxford Information Labs (OXIL)

Oxford Information Labs (OXIL)

Oxford Information Labs brings together world-class software programmers and policy experts to provide a unique mix of expertise and hands on technical solutions.