Tim Wallen, Regional Director for the UK, US and Emerging at the platform Logpoint, discusses how to go about making the hastily rolled out remote workforce secure.
Rewinding back to March 2020, companies found themselves in a scramble. In an attempt to curb the spread of covid-19, the public was ordered to stay at home. Many sectors were closed, while those organisations that were able to continue operating had to make wholesale changes overnight.
Where a transition to hybrid working was induced out of necessity, the immediate priority for enterprises was operational continuity. The focus was on finding temporary solutions to temporary challenges, introducing solutions, applications and IT infrastructural tweaks on an interim basis to ensure productivity didn’t waver in remote settings. Fast forward to today, and that picture has changed almost entirely. Hybrid and remote models have become part and parcel of the new normal, with the Office for National Statistics previously reporting that just 8% of workers plan to return to the office full time.
Within this context, it is critical that companies revisit their hybrid working strategies. Those temporary tweaks must now be overhauled with more sustainable, effective, long term IT solutions capable of empowering employee productivity while keeping data and systems safe and secure. Ultimately, the IT landscape has changed dramatically. No longer is security simply a case of protecting one core network perimeter. Organisations are faced with defending expansive digital asset bases comprising a variety of business-critical applications that extend across highly connected global networks.
Understanding an evolving risk landscape
IT and security teams have faced an extremely taxing three years in adapting to this evolving landscape. However, these challenges have also presented opportunities.
C-level execs are beginning to see that there is little point in adopting an application designed to enhance productivity if that very same solution undermines security and exposes firms financially crippling breaches, with the average cost of a breach totalling $4.24 million in 2022, according to the 2022 Cost of data breach report.
For that very reason, security professionals have found themselves with greater recognition and influence in key business decisions, something that they have sought for years. However, in order to make the most of this at the top table, they must ensure initiatives are actually addressing those concerns that matter most.
The need to effectively secure the workforce is at the top of the list of many security teams. According to the 2022 Deep Instinct Voice of SecOps report, more than half (52pc) of the cyber C-suite admit remote worker security is their top source of stress. Of course, there is a reason that remote and hybrid models remain so widely adopted. They are representative of a wider shift towards operationally effective approaches underpinned by rapid digitalisation and the accelerated use of public cloud.
While the merits of this have been widely cited, we must also acknowledge that they have brought about a host of new risks, opening up new attack avenues and vulnerabilities for cybercriminals to exploit.
Cybercrime has spiralled to an all-time high as threat actors continue to evolve their methods to bypass outdated security frameworks. In 2019, the global cost of cybercrime was $1.16 trillion. In 2022, that figure increased sevenfold and then some to $8.44 trillion. And Statista now predicts that the total cost to the global economy stemming from cybercriminal activities will almost triple in the next five years.
It is clear, therefore, that the threat landscape is only set to become more of a problem. So, how exactly should organisations be looking to prepare and respond?
CISOs must gain a comprehensive understanding of potential risks, of which there are many. Remote workers may tap into unsecure public Wi-Fi, while those using their computers at home may be exposed to the risk of other family members accidentally deleting or exposing corporate data. Further, employees may be less likely to update company devices in a timely fashion, creating patch lag, while shadow IT has also become an increasingly common problem with individuals using unmanaged devices to access corporate networks.
Given this new range of risks, cyber leaders need to enhance their visibility, tracking and analysing potentially impactful activities across a complex and widely distributed IT infrastructure. However, while necessary, this approach brings its own set of challenges.
The importance of automation
In increasingly connected and digital operating environments, the amount of data that security teams are tasked with monitoring has expanded exponentially, creating significantly heightened workloads.
To overcome this issue, the (ISC)² reveals that nearly six in ten (57pc) enterprises are automating portions of their security operations, while a further quarter (26pc) plan to do so in the near future. By using technologies to carry out much of heavy lifting associated with repeatable processes, security professionals are freed up to work more efficiently and focus on higher value tasks. So, how should they be automating their security practices to improve performance in a cost-effective manner? Three key areas include:
#1 – User Entity Behaviour Analytics (UEBA)
UEBA is designed to support analysts in spotting, prioritising, and managing potentially threatening actions within a network by detecting anomalies and unusual patterns in user activity. In building baselines of normal behaviour for every employee or entity, abnormal or risky actions that stray outside of these are then automatically flagged to security professionals to be investigated.
#2 – Automated event interrogation
By tapping into a variety of both internal and external threat intelligence feeds, organisations can more easily identify evolving threats and protect themselves proactively. With that said, manually exploring such large streams of data to find potential threats essentially leaves professionals looking for a needle in haystack. By leveraging automation, this can be achieved in minutes, hours or days, not weeks or months.
#3 – Security Orchestration, Automation and Response (SOAR)
SOAR is an incident detection and response solution designed to accelerate threat investigation and remediation through alert aggregation and prioritisation. By automatically correlating and evaluating data, key contextual information and intelligence can be presented transparently to security teams, enabling them to respond quickly and effectively in an informed manner.
Critically, it’s important to note that there isn’t one single silver bullet technology that is the difference between being secure and insecure. Instead, organisations require a tailored combination of technologies to build an effective, automated security strategy fit for protecting remote workers in the new normal.
Indeed, organisations should centre their efforts on achieving a converged security setup where multiple tools are integrated into a single platform and operating in a seamless, complementary manner. Not only will this serve to reduce friction, complexity, and cost, but it will also enable security teams to monitor endpoints, achieve behaviour-based threat modelling, identify vulnerabilities and threats, respond to incidents, and protect business critical applications more effectively. One solution will not fix all. Instead, a converged solution comprising technologies such as SIEM, UEBA and SOAR can provide a comprehensive offering that covers numerous contingencies.
