Retrofixing The Remote Workforce

The rollout of infrastructure to support remote working en masse has been key to keeping businesses running over the past few years. But this was only ever expected to be a temporary solution - nobody expected the pandemic to last as long as it did, nor for remote and now hybrid working to become the norm. 

According to the UK Office for National Statistics, only 16 percent of workers now work solely from home, while 28 percent have a hybrid working arrangement, oscillating between the home and the office from September 2022 to January 2023. However, during 2022 those working from home rose and fell between 25-40 percent with no clear upward or downward trend, indicating a fluidity to people’s working arrangements. To accommodate this, businesses have to provide equally flexible infrastructure and so now need to look in earnest at the security of the systems rolled out in haste three years ago.

Prime Concerns

There are some very specific challenges associated with remote working. First and foremost is the problem of establishing a secure connection. Traditionally, organisations have relied upon Virtual Private Networks (VPNs) to facilitate this, but these have been compromised in the past. The likes of the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all since issued warnings following a ramp up in VPN attacks post-pandemic.

So, the VPN needs to be secure with no unencrypted connections, or the business needs to have a Zero Trust Network Architecture (ZTNA) in its stead.

Secondly, endpoint protection is a primary concern. Now situated outside the network perimeter and its associated security measures, these endpoint devices have become much more vulnerable. Some users will want to use a combination of personal and work devices, again elevating risk, so it’s important to ensure only authorised devices can connect to the business network. These require remote monitoring, updates and provisions to facilitate the rollout of new applications on an automatic basis and to avoid the need for self-install, which can then burden the help desk.

Managing and securing users, their devices and the infrastructure, is undoubtedly a complex issue, and it’s one that is keeping the cyber C-Suite awake at night, with 52% admitting this is their top source of stress, according to the 2022 Deep Instinct Voice of SecOps report. But the hybrid workforce is also symptomatic of a much wider change which is seeing accelerated use of public cloud, more tightly interconnected supply chains and the expansion of public-facing digital assets, all of which further heighten risk. So, what should be the CISO’s course of action?

Where To Begin

Cyber leaders need to be able to track and analyse activity from different sources across a complex and widely distributed IT infrastructure, but there’s also a need to control cost, particularly in the current economic climate. So, rather than adding to the cybersecurity stack, it pays to look at how it can be consolidated.

Combining technologies over a single platform can provide a cohesive security solution that can monitor endpoints, network access and look for anomalous behaviour without the need to invest in yet more point solutions. Endpoint detection and response is a case in point. Many medium sized businesses cannot justify the expense of investing in a dedicated solution, but by deploying an advanced agent integrated with the Security Information and Event Management (SIEM), it’s possible to remotely monitor endpoints. Endpoint logs and telemetry are fed into the SIEM, analysing and can then be automatically investigated and contextualised using another integrated solution, Security Orchestration, Automation and Response (SOAR).

SOAR enables the business to aggregate and prioritise security alerts through the use of additional contextual and intelligence information. Automated playbooks enable automated response, ensuring a much speedier Mean Time to Respond (MTTR). Essentially this means any attack coming from the remote worker can be qualified, flagged for investigation, and the attack thwarted before business assets are compromised.

User Monitoring

But there’s also the opportunity here to monitor the end users themselves. User Entity Behaviour Analytics (UEBA) can provide end user analysis. It builds user profiles based upon role, access privileges and more, with the net result that any deviation in activity is then flagged to the security team. These parameters can also be applied to specific teams and are highly nuanced so that exceptions can be made when it comes to certain access requests. Adding important context like this can help organisations align with key security frameworks, like MITRE ATT&CK, but more importantly help baseline the new normal from a working practices perspective. 

Given that many businesses are still reliant upon VPNs, a policy based approach that’s hard to enforce or audit, at the early stages of implementing a Zero Trust strategy, have limited or no endpoint detection, and are continuing to see their information estate expand, it makes sense to look at a converged approach.

Combining together these technologies over a converged SIEM can enable the business to more effectively monitor endpoints, run interrogations to uncover potential threats, analyse incidents, carry out automatic incident detection and response, and use behaviour-based threat modelling.

All of which ensures the security team is given more meaningful data that can be used to better protect the remote workforce and the business as a whole.   

Tim Wallen is Regional Director, UKI, US & Emerging Markets at Logpoint

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Is ISO 27001 Worth It?
Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

Hong Kong Broadband Network (HKBN)

Hong Kong Broadband Network (HKBN)

HKBN are a leading integrated telecom and technology solutions provider that offers a comprehensive range of premier ICT services to both the enterprise and residential markets.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Twine Security

Twine Security

Twine is pioneering the creation of AI digital cybersecurity employees to help improve efficiency for cybersecurity teams.

METCLOUD

METCLOUD

METCLOUD is driving a cloud evolution. A cloud that promises relentless cybersecurity, performance, resilience and sustainability.