July 23, 2020
Ransomware strategies, SaaS vulnerabilities and VPN security are among the considerations tech leaders need to make in a remote work environment, according to members of Protocol's Braintrust.
SVP & CTO at McAfee
COVID-19 has set a new baseline for the ability to work remotely, and we should assume that many organizations will more aggressively utilize a remote workforce after the pandemic subsides. Working remotely implies that workers are reliant on untrusted networks such as the internet and home environments and will more aggressively utilize cloud-based capabilities. Organizations need to take a three-pronged approach to securing the remote-working paradigm.
First, controls are required to mitigate threats and limit data loss from the untrusted infrastructure through the use of cloud access security broker and cloud edge solutions.
Second, enterprise security solutions such as endpoint protection platform and endpoint detection and response technologies must be present on any device used for critical business functions, including those used in remote work locations, with security event data routed to centralized security operations for analysis.
Finally, strong authentication strategies must be implemented such as the use of multifactor authentication for access to cloud and VPN capabilities.
IT Vice President and CISO at Juniper Networks
Across industries, we've seen dramatic increases in the number of email and ransomware attacks during the pandemic targeting employees who are working from home. The best protection against these are things that many companies are already doing: educate employees about the risks of opening attachments or clicking on links in unexpected external emails, automate backups of company-managed devices, deploy patches promptly and keep anti-malware software updated. If employees have a question about whether or not an email is safe, is there a way for them to submit the message for review? Do they know where to report a phishing email?
When employees are using personal devices rather than company-managed devices to do their work from home, they need to be encouraged to practice good cyber hygiene and keep their systems current, backed up and protected against malware. Companies need a policy about ransomware. For example, will they pay the ransom? This should be communicated to employees and employees should know who and how to report an incident to the company and what steps to take to minimize the impact to other systems and data.
If employees are connecting to corporate systems via a VPN, there is no better time than now to review access profiles to ensure that the access granted is appropriate. Be certain that VPNs are patched and their software updated to current releases. When employees are using their personal systems, many companies are looking at remote access solutions using VDI or zero trust as a means of further protecting company data.
Director of Strategic Threat at Darktrace
Executives looking to the future need to be planning to defend a hybrid work from home or office reality, not simply remote work. From a security perspective, this will mean a dispersed, agile and unpredictable workforce. Employee behavior will become more inconsistent, leveraging a wide range of email, cloud and SaaS services, and operating beyond the corporate network.
The locus of today's and tomorrow's workforce activity is SaaS applications. Companies are increasingly dependent on cloud services from Salesforce and G Suite, to Box, Dropbox and Microsoft 365. These platforms fuel efficiency, innovation, and collaboration at an unprecedented scale, and organizations of all shapes and sizes have adopted them to manage highly sensitive data and mission-critical operations.
The increased reliance on cloud and SaaS platforms also opens new avenues for attackers. One of the top threats that Darktrace saw across our customer base in June was suspicious SaaS activity, such as logins from unusual locations and anomalous account administration, early indicators of compromise. One of the biggest challenges with SaaS is that it fundamentally depends on users — people who are unpredictable and fallible by design. It isn't just introducing new avenues for attackers, it's adding complexity that needs to be managed.
To protect today's — and tomorrow's — dynamic workforce, security teams must have the ability to identify, detect and respond to threats across SaaS platforms quickly, discerning when and how a trusted account is being used for nefarious purposes and stopping the threat at the earliest moment. Businesses should implement platform approaches that are not only intelligent and adaptive, but also grounded in a unified and behavioral understanding of a workforce, no matter where, or on what applications, they are working.
Chief Product Officer at Yubico
The COVID-19 pandemic has forced most enterprises and public sector agencies to adopt remote work policies and technologies overnight, compacting progress that would usually take up to five years into the span of a month. This "new normal" for remote work has taken away the visibility and control that organizations previously relied on to secure their data, accounts and applications. The traditional "security perimeter" is gone. Organizations must find ways to apply strong authentication to remote endpoints to achieve peace of mind during and after this pandemic, because remote work is here to stay.
Cybersecurity risks introduced by remote work can be categorized into three key areas: people, places and technology. People risks include employees falling prey to social engineering, phishing and targeted attacks that aim to capture user credentials or accidental download of malware. Place risks include connecting to the corporate network via VPN from an unsecured home or public Wi-Fi location. Technology risks include the use of personal or unauthorized devices that aren't inline with corporate security policies.
To eliminate these risks, enterprises and public sector agencies must identify and secure all remote endpoints connecting into corporate networks, by verifying identities with modern, out-of-band authentication.
Yubico's mission is to protect information, accounts and applications with strong and convenient hardware-based authentication, and we're helping enterprises and public sector agencies secure their remote workers for the long haul.
CEO & Founder at Netskope
As organizations rapidly shifted to a remote working environment, they also had to quickly scale their security measures in record time. With remote work here to stay, executives should push for zero trust network access.
Although most companies lean on outdated and legacy methods like VPNs, these solutions lack the ability to scale to meet the sudden increase of user need. Through ZTNA, organizations can quickly and securely access their own apps and infrastructure on-premises. If the zero trust solution is comprehensive, it also enables secure SaaS and web use and private applications built in IaaS.
Ultimately, the zero trust model operates so that no one, even internal employees, can be given full trust and access until they have been verified as legitimate and authorized. As employees continue to work within or across applications, this verification continues. With the rapid increase of remote workers, use of cloud applications, and some employees using their own devices, it increases the chances of a security breach. With zero trust, executives feel more at ease as their sensitive company data and intellectual property stays protected.
Most importantly, and I can't stress this enough, effective security doesn't happen in silos. Employees play an integral role in security and are an organization's last line of defense. I always implore executives and employees to communicate and work cross functionally, as teamwork is the best way to prevent and solve security issues.
CEO at Absolute
The pandemic has forced us all to reevaluate our approach to endpoint computing. The modern enterprise computing architecture will assume the need for hybrid work models and will rely on critical controls that enable endpoint resilience, enterprise agility and deep visibility. Along with this, new strategies are required to ensure that every device is accounted for and secure.
Up until this point, there has been a largely reactive response from many organizations when it comes to security as they were forced to quickly and haphazardly send devices home with employees. And with malicious attackers standing ready to take advantage of naive or distracted employees, or exploit gaps in security controls, CISOs need to ensure that they are able to quickly pinpoint potential threats and take steps to mitigate them.
Our research shows that on average there are more than 10 different endpoint agents on any given device, and that number is rising every year. Additionally, our latest remote work insights show that there has been an 81% increase in sensitive data being stored on endpoints since the onset of the COVID-19 outbreak. At the same time, IT teams have been stretched to the limit trying to combat misconfigured VPN applications and ensure continued connectivity, or overcome OS migration and fragmentation issues to keep devices healthy without physical access to those devices. But it is these cracks in security policies — delays in patching and controls that stop working effectively — that exponentially increase risk exposure and create opportunities for malicious attackers.
Simply put: You cannot repair what you cannot see, or control or reach remotely. Organizations need to rethink their endpoint strategy to one based on resilience, incorporating the ability to communicate, control and repair remote devices beyond corporate networks as well as measure the health of security control apps and productivity tools, so that remote workers can safely stay productive.
Partner at Hogan Lovells
Now is the time for all businesses to rethink their approach to cybersecurity incident preparedness. For months, my Hogan Lovells partners and I have seen cyber criminals exploit remote working arrangements to launch expansive and increasingly sophisticated cyberattacks against organizations on a global scale and across various industries. While effective incident response management is incredibly difficult in the best of times, the pandemic has introduced numerous challenges that pre-COVID incident response plans did not address or even contemplate.
Updating a cybersecurity incident response plan, and regularly testing that plan through "tabletop" exercises, are among the top priority items we have recommended clients tackle since the pandemic forced them to rapidly shift to a remote work model. In addition, we have recommended that many organizations take a fresh look at their business continuity/disaster recovery plans and evaluate how they are connected to, and coordinated with, their cybersecurity incident response plans.
Unfortunately, it is often the case that these two types of plans are owned by different departments in an organization and do a poor job of complementing each other, which is not a recipe for success when an organization is inevitably the victim of a cyberattack. It is vital that in the event of an attack, all parts of a company are able to seamlessly and quickly coordinate to protect themselves and their customers.
See who's who in Protocol's Braintrust (updated July 21, 2020).
Questions, comments or suggestions? Email firstname.lastname@example.org
Kevin McAllister ( @k__mcallister) is a Research Editor at Protocol, leading the development of Braintrust. Prior to joining the team, he was a rankings data reporter at The Wall Street Journal, where he oversaw structured data projects for the Journal's strategy team.
More from Braintrust