Retrofixing The Remote Workforce

Uploaded on 2023-05-03 in TECHNOLOGY--Resilience, FREE TO VIEW

The rollout of infrastructure to support remote working en masse has been key to keeping businesses running over the past few years. But this was only ever expected to be a temporary solution - nobody expected the pandemic to last as long as it did, nor for remote and now hybrid working to become the norm. 

According to the UK Office for National Statistics, only 16 percent of workers now work solely from home, while 28 percent have a hybrid working arrangement, oscillating between the home and the office from September 2022 to January 2023. However, during 2022 those working from home rose and fell between 25-40 percent with no clear upward or downward trend, indicating a fluidity to people’s working arrangements. To accommodate this, businesses have to provide equally flexible infrastructure and so now need to look in earnest at the security of the systems rolled out in haste three years ago.

Prime Concerns

There are some very specific challenges associated with remote working. First and foremost is the problem of establishing a secure connection. Traditionally, organisations have relied upon Virtual Private Networks (VPNs) to facilitate this, but these have been compromised in the past. The likes of the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have all since issued warnings following a ramp up in VPN attacks post-pandemic.

So, the VPN needs to be secure with no unencrypted connections, or the business needs to have a Zero Trust Network Architecture (ZTNA) in its stead.

Secondly, endpoint protection is a primary concern. Now situated outside the network perimeter and its associated security measures, these endpoint devices have become much more vulnerable. Some users will want to use a combination of personal and work devices, again elevating risk, so it’s important to ensure only authorised devices can connect to the business network. These require remote monitoring, updates and provisions to facilitate the rollout of new applications on an automatic basis and to avoid the need for self-install, which can then burden the help desk.

Managing and securing users, their devices and the infrastructure, is undoubtedly a complex issue, and it’s one that is keeping the cyber C-Suite awake at night, with 52% admitting this is their top source of stress, according to the 2022 Deep Instinct Voice of SecOps report. But the hybrid workforce is also symptomatic of a much wider change which is seeing accelerated use of public cloud, more tightly interconnected supply chains and the expansion of public-facing digital assets, all of which further heighten risk. So, what should be the CISO’s course of action?

Where To Begin

Cyber leaders need to be able to track and analyse activity from different sources across a complex and widely distributed IT infrastructure, but there’s also a need to control cost, particularly in the current economic climate. So, rather than adding to the cybersecurity stack, it pays to look at how it can be consolidated.

Combining technologies over a single platform can provide a cohesive security solution that can monitor endpoints, network access and look for anomalous behaviour without the need to invest in yet more point solutions. Endpoint detection and response is a case in point. Many medium sized businesses cannot justify the expense of investing in a dedicated solution, but by deploying an advanced agent integrated with the Security Information and Event Management (SIEM), it’s possible to remotely monitor endpoints. Endpoint logs and telemetry are fed into the SIEM, analysing and can then be automatically investigated and contextualised using another integrated solution, Security Orchestration, Automation and Response (SOAR).

SOAR enables the business to aggregate and prioritise security alerts through the use of additional contextual and intelligence information. Automated playbooks enable automated response, ensuring a much speedier Mean Time to Respond (MTTR). Essentially this means any attack coming from the remote worker can be qualified, flagged for investigation, and the attack thwarted before business assets are compromised.

User Monitoring

But there’s also the opportunity here to monitor the end users themselves. User Entity Behaviour Analytics (UEBA) can provide end user analysis. It builds user profiles based upon role, access privileges and more, with the net result that any deviation in activity is then flagged to the security team. These parameters can also be applied to specific teams and are highly nuanced so that exceptions can be made when it comes to certain access requests. Adding important context like this can help organisations align with key security frameworks, like MITRE ATT&CK, but more importantly help baseline the new normal from a working practices perspective. 

Given that many businesses are still reliant upon VPNs, a policy based approach that’s hard to enforce or audit, at the early stages of implementing a Zero Trust strategy, have limited or no endpoint detection, and are continuing to see their information estate expand, it makes sense to look at a converged approach.

Combining together these technologies over a converged SIEM can enable the business to more effectively monitor endpoints, run interrogations to uncover potential threats, analyse incidents, carry out automatic incident detection and response, and use behaviour-based threat modelling.

All of which ensures the security team is given more meaningful data that can be used to better protect the remote workforce and the business as a whole.   

Tim Wallen is Regional Director, UKI, US & Emerging Markets at Logpoint

You Might Also Read: 

Will The Insider Threat Intensify During The Recession?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Is ISO 27001 Worth It?
Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cybsecurity Foundation (CSF)

Cybsecurity Foundation (CSF)

Cybsecurity is a non-profit NGO, which aims to work on improvement of security levels in the Polish cyberspace.

CloudDNA

CloudDNA

CloudDNA deliver solutions that enable users and devices to connect over high performance, secure, efficient, scalable cloud networks.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Seric Systems

Seric Systems

Seric is a technology business specialising in security, infrastructure and data management.

Eskive

Eskive

Eskive is a Brazilian cyber security awareness and education platform that empowers users and strengthens their company in the face of cyber threats.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

KirkpatrickPrice

KirkpatrickPrice

KirkpatrickPrice is dedicated to providing you with innovative security guidance and efficient audit services.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Defend

Defend

DEFEND are 100% focused on providing managed cybersecurity solutions and services that make a real difference to the cyber resilience of your organisation.