Hybrid Working: Stopping Cyber-Attacks at Source

Hybrid and remote working are here to stay.

While many organizations have already toyed with the idea of implementing such models in previous years, the pandemic induced this transition out of necessity as national lockdowns and social distancing measures were enforced.

In the 20 months since the COVID-19 virus first swept across the globe, it is safe to say that hybrid and remote working has become – in many cases – the new normal.

According to a recent Menlo Security survey of 545 IT professionals from organizations with 1000 or more employees in the UK and US, half of employees are currently working remotely or adopting a hybrid approach.

Hybrid and remote working remain popular for good reason, delivering a host of benefits, from time and cost savings for employees avoiding daily commutes to improved staff retention and reduced absenteeism for employers.

Yet, there are several challenges associated with such models that companies are continuing and increasingly struggling to navigate.

The cyber-threat landscape has been greatly exacerbated by a sharp rise in cloud-based applications, these being critical to the success of many hybrid and remote working models. As organizations have moved operations outside of the office, their digital footprints have expanded, creating an ever-greater attack surface for hackers to capitalize upon.

As a result, security has been placed under the spotlight, as highlighted by our survey that revealed 75% of organizations are currently re-evaluating their security strategy in the wake of new ways of working and the growth in cloud application use.

"75% of organizations are currently re-evaluating their security strategy in the wake of new ways of working and the growth in cloud application use"

It is a promising statistic. Many organizations were forced to adopt cloud-based operations almost overnight at the outset of the pandemic, and in many instances, security had to take a backseat.

However, what once worked for purely on-premise setups doesn’t deliver the same protection in cloud-based environments.

Therefore, such reviews will help uncover a new set of security protocols that are more suitable for hybrid and remote working.

According to Menlo’s survey, three in four organizations still rely upon inherently insecure protocols such as virtual private networks (VPNs) for controlling remote access to applications, rising to 81% for those companies with more than 10,000 employees.

At the same time, little more than a third (36%) are taking a zero trust approach as part of their remote access strategy.

While this is a challenge, it also presents a real opportunity for improvement.

Zero trust works to reduce risks as much as possible, ensuring that users are only given access to the enterprise resources and applications they truly need to carry out their daily tasks effectively and efficiently.

This is a distinct shift away from traditional working practices. Previously, many companies would follow a ‘castle and moat’ approach, providing holistic network access to all employees under the assumption that everything within an organization’s network can be trusted.

Zero trust takes a different approach, recognizing trust as a vulnerability and demanding constant verification of all data points from internal and external sources. This limits the opportunity for lateral movement by building resilience within a network, with such movement a key reason why many recent notorious cyber-attacks, such as SolarWinds, have been so damaging.

It is evident that organizations are recognizing that hybrid and remote models are creating a series of new threats.

Menlo’s survey reveals that 75% of companies feel workers accessing applications on unmanaged devices threaten their security.

Zero trust can lay reliable foundations in helping organizations tackle modern threats
Zero trust can lay reliable foundations in helping organizations tackle modern threats

Further, it also shows that there are concerns surrounding remote access being provisioned to third parties, with more than half of companies planning to reduce or limit third-party/contractor access to internal resources over the next 12-18 months.

That such concerns are being recognized is good news – it has never been more critical to maintain control and visibility over which parties are accessing which private applications.

Here, zero trust can pay dividends.

Designed specifically for cloud-first architectures, it can lay reliable foundations in helping organizations tackle modern threats thanks to a three-pronged approach to security.

First, zero trust ensures that all available data points – emails, files, or others – are continuously authenticated. Second, it limits user access to specific applications. And third, it assumes that a breach is always imminent.

These key principles work simultaneously to address risks and enhance protection, reducing the opportunity for breaches to be successful and limiting the damages they might cause should they occur.

But how can zero trust be implemented? Where can you start?

It can be a daunting prospect, but by working with the right security provider that delivers the right tools and technologies for your needs, zero trust can be incorporated quickly and easily.

Isolation, for example, is an incredibly useful technology that can help achieve zero trust in a holistic manner. It works by moving the browsing process away from the desktop and into the cloud where all content is safely rendered in something of a digital ‘air gap.’

User experience remains seamless as both email and web traffic moves through the isolation layer, providing complete peace of mind because all content is visible yet never downloaded to the endpoint.

Unlike other technologies, isolation isn’t ‘almost safe.’ Rather, it can wholesale stop cyber-attacks at source, 100% of the time.

What’s Hot on Infosecurity Magazine?