This is a guest post by Tom Kellermann, head of cyber security strategy at VMware Carbon Black
2020 has been a year like no other. The global pandemic has quickly changed work and business as we know it. Organisations big and small have had to pivot rapidly, shifting to a remote work almost overnight.
Nearly all non-essential employees are now working remotely, and this trend is likely to continue. According to KPMG Australia, remote work will increase across all industries and organisations in Australia prompting many organisations to invest more in technology to security distributed workforces.
The challenge for organisations, however, is in securing a varied and disparate workforce. To support a vastly disparate and distributed workforce, IT teams are best served by looking for consolidation opportunities. Reducing the number of tools and vendors they work with can simplify workflows and help teams operate more quickly and effectively. These realities are compounded by a dramatic increase in sophisticated cyber attacks and subsequent island hopping, wherein the digital infrastructure of the victim organisation is commandeered to launch subsequent attacks.
A recent VMware Carbon Black Australian cyber security threat report found that 94% of respondents reported that attack volume had increased in the last 12 months which in turn has prompted increased investment in cyber defence, with Australian businesses using an average of more than eight different cyber security tools. Under these circumstances, the new normal means (a lot more) new threats.
The 5Cs framework
Just like social distancing has become best practice to help curb Covid-19, digital distancing can help mitigate the risk of cyber infection.
As the name indicates, digital distancing means that within our home environment, work devices should not be on the same network as our personal smart devices. If you wouldn’t have considered plugging your personal device into the office network before Covid-19, then you won’t do it now as putting it on a network separate from your work device is a more secure option.
In addition to digital distancing, consider 5Cs as a way to manage the risks inherited in this new age of distributed workforces:
Now more than ever, the cloud is essential infrastructure. Whether a public cloud such as AWS or Microsoft Azure, or a private cloud is used, most of the world’s organisations rely on cloud computing to get business done. Cloud native security technologies have an edge when it comes to securing remote employee access and workspaces. Rather than trying to adjust to supporting remote employees, organisations should figure out how to architect an on-premises solution in the cloud.
Threat indicators, such as file hashes and other indicators of compromise (IoCs), are extremely helpful for threat hunters and other security operations centre (SOC) personnel to track down attacker activity. Even focusing on one step in a process offers little for defenders to go on when prioritising incident response efforts. Having the full context of a process sequence as well as granular details of how endpoints are configured is essential as more often than not, cyber defenders risk wasting their time on hunting down false positives or miss subtle signals that become more meaningful when viewed in totality.
In today’s cyber threat landscape, the nitty-gritty world of threat intelligence and endpoint security can become quite complex. The challenge is that if any security control is too complicated, cumbersome or even too noticeable to users, and they think it gets in the way of their job, they’ll find a way to bypass it. A security solution which can be deployed in minutes and where IT teams can establish secure remote access to employees’ workstations whenever they need to troubleshoot an operational issue, and SOC team members can remotely detect, investigate and resolve security incidents, is key to mitigating security risks.
Every organisation’s IT security team is charged with securing their corporate apps and data via five key control points: endpoints, workloads, clouds, networks and identities. Remotely coordinating countermeasures across all five control points is tough. That’s why intrinsic security is your best bet for spotting (and stopping) threats against your remote employees.
In too many organisations, teams and technologies are completely walled off from each other. These silos impede efficiency across the enterprise, allowing attackers to exploit gaps in your infrastructure. Now that IT and IT security teams are working remotely, having a cohesive, unified defence is even more vital for secure remote worker access. A broader perspective enables teams to examine the full scope—the applications and the infrastructure behind each application to truly understand what it is that they are protecting.
Cyber space is not specific. The digital world has converged with the physical world in 2020. Regardless that your remote workforce is temporary, it’s imperative that you have full visibility and control over any threats that may impact operations. Only then can Australian organisations be better protected from the risks of potential cybersecurity attacks. After all, it’s not a matter of if, but when.