In a process accelerated by the pandemic, remote work has exploded over the last five years — and with it, the number of devices and networks used by employees, says Arun Kumar J, regional director, at the IT operations management product company ManageEngine, pictured.
As the classic security perimeter fades into the rearview mirror, organisations’ attack surfaces are growing rapidly, all while the threat landscape is growing exponentially more complex.
With the workforce no longer bound to a particular location, data is moving more freely between endpoint devices and the internet. As attackers make use of more advanced tools, the defences companies have relied on for years are becoming inadequate.
All of this means that flexible work is emerging as one of the biggest cybersecurity threats for modern businesses. As the workforce spreads out, it’s getting harder and harder to bring clarity, order, and discipline to security. So, what’s the scale of the challenge — and what does a proper response look like?
Cybercrime on open market
A key issue is that many powerful attack tools are now available as a commodity from the grey market. The ease and anonymity of collecting payment in cryptocurrency has driven an explosion in ransomware like Petya and WannaCry for digital extortion. Ransomware as a Service (RaaS) has become a full-blown subscription-based business model, accounting for nearly two-thirds of ransomware attacks in the last year.
In other words, you don’t even have to be technically skilled to launch an attack — you can simply pay someone who is and reap the profits. Competing RaaS vendors even offer special deals to potential clients, exposing more and more organisations to threats. And it doesn’t stop with ransomware. Other ready-to-use malware tool kits are also easily accessible on the web, including phishing tool kits and botnets.
So the number of devices is increasing, the number of potential attack vectors is rising, and the number of attackers with access to next-generation malware is rising. It’s a less than encouraging picture. But there are answers.
Trust in digital work places
First off, organisations need to make sure they’ve checked the obvious boxes: actively monitoring for vulnerabilities, securing endpoints, managing access rights, limiting permissions, and automating security updates.
But defences are evolving as fast as attacks are. Emerging tools like enterprise data replication (EDR) and extended detection and response (XDR) can help promptly detect and remediate threats. Paired with a data loss prevention solution that monitors and prevents leakage of sensitive corporate data, these tools can form the basis of a robust security posture.
More fundamentally, security teams should consider implementing a Zero Trust Network Access (ZTNA) model. Essentially, this takes security to the edge of the network, enabling employees to access corporate data anywhere, from any device or app — but only after authorisation has been granted by in-depth analysis of behaviour and credentials.
In line with that approach, organisations can modify their security strategy by closely monitoring unapproved applications that access the organisation’s resources as well as corporate-owned/personally-enabled and personally-owned devices. If a high-risk device or app makes an unexpected data retrieval attempt, ZTNA systems can shut it down.
However, it’s no good having all the latest defences in place if employees don’t know how to work with them. Regular training should be organised to make sure staff are advised of the latest attack campaigns and potential breaches — and equipped to avoid accidentally enabling a breach. Prevention is better than a cure after all.
Overall, a solid defence system should include EDR and XDR; security orchestration, automation, and response; and unified endpoint management strategies. Together, these tools can help organisations identify attacks that evade the preventive layers of security, perform root cause analysis, and automatically respond to threats with appropriate remediation mechanisms.
Flipdish: a worked example
Here’s one case study that explores how some elements of this strategy can look in practice. Flipdish is a hospitality tech company that provides digital ordering solutions for quick service restaurants (QSRs) and cafes. Its technology underpins custom mobile apps, websites, QR-code ordering, and self-order kiosks.
Flipdish was having trouble Identifying, tracking, and securing all its endpoints, and was struggling to evaluate access rights and limit permissions in particular. As Head of IT Leon Weavers put it, “We didn’t know what endpoints we had out there. We didn’t know who had what access, and we didn’t know how secure that access was. That was a big concern.”
With ManageEngine’s Endpoint Central in place, however, they were able to discover and remove vulnerabilities by deploying security updates remotely. “ManageEngine’s partner in Ireland, Servaplex, helped us ensure we had the right products to fit our environment, and what I really loved was that I was able to discover Mac machines and Windows machines and put them on the same platform. We could quickly discover our assets and then run patch management, update important security policies, and deploy software, patches, inventory management, and security policies like screen lock, firewall configuration, and disk encryption.”
As an all-in-one solution, Endpoint Central enabled Flipdish’s single-manned IT team to manage and secure hundreds of machines within a few days. As a result, hundreds of hours were saved by the ability to push updates to remotely dispersed teams without the need for them to come to an office and connect to the corporate network.
A dispersed workforce doesn’t have to mean a security headache. With the right tools in place, and particularly with automated monitoring, patching, and identity management, employees can be given the access they need, where they need it, without compromising sensitive data and systems.
