Why Endpoint Security Needs to Adapt to the New Distributed Workplace

Written by

When the world was plunged into the worst financial and healthcare crisis in living memory, digital technology was there to rescue organizations. But as time wore on, it soon became clear that in the rush to deploy these tools and services, organizations left gaps in protection, policies and processes which threat actors were only too willing and able to exploit. A recent HP report lifts the lid on these changing working patterns, new user behaviours and the potential impact on enterprise cyber-risk.

There’s both challenge and opportunity here. Certainly, there are challenges for cybersecurity teams as remote working will continue in some form long after the pandemic has receded. Yet there’s also a chance to make organizations more productive and attractive places to work, if they’re able to differentiate on more streamlined security that doesn’t compromise on protection.

When COVID struck

It’s difficult to over-estimate the huge transformation in working culture brought about by COVID-19, with technology at its beating heart. In the US, estimates from March 2021 put the number of employees doing remote work at around six in 10. According to McKinsey, organizations moved about 40 times quicker than employees thought possible to make this transformation a reality. It claims that companies have now been pushed over a “technology tipping point” that will change the way they do business forever.

What does this mean in practice? That the vast majority (71%) of office workers are accessing more corporate data, more often, from home than they did prior to COVID-19. This includes everything from customer and operational data to information on financial records, human resources, sales and marketing, payroll, forecasting, trade secrets and much more. It’s all pretty enticing stuff for financially motivated threat actors to steal, ransom or both.

With an opportunity of this magnitude, it’s no surprise that the cybercrime community sprang into action with trademark agility at the start of the pandemic. It sensed that isolated home working employees may be more distracted, and using insecure devices, networks and passwords to do work.  Nearly all (93%) global CXOs polled in one study said they saw security challenges rise in the first two months of the pandemic as a result.

"It's difficult to over-estimate the huge transformation in working culture brought about by COVID-19, with technology at its beating hear"

Thus, cyber-criminals fired out COVID-themed phishing emails, probed for vulnerabilities in VPNs and end user-installed software, and hijacked RDP endpoints protected only by weak or breached passwords. Over a quarter of cyber-threats handled by the UK’s National Cyber Security Centre (NCSC) between September 2019 and August 2020 were COVID-related. In April 2020, Google claimed it was blocking 240 million COVID-themed spam messages each day, 18 million of which were malicious and phishing emails.

Blurred Lines and Blindspots

As HP’s Blurred Lines and Blindspots report reveals, the security challenges posed by this shift in working culture revolve mainly around an erosion of the traditional barriers between home and work life.

For example, 69% of office workers surveyed have used their personal laptop or printer/scanner for work since the start of the pandemic. This could include scanning, sharing and sending documents to a home printer, saving files to the network over a VPN, accessing work applications, connecting to the corporate network, and saving work documents. All actions come with potential risks attached.

More concerning is the fact that 30% have allowed a third-party such as a partner, child or housemate, to use their work laptop. Many (27%) claim they “had no choice” due to the exceptional circumstances. The blurred lines between work and personal life mean nearly half (46%) of office workers now think of their work laptop as a personal device, according to HP.

“In most cases, family and guests will not have been through even rudimentary cybersecurity training, such as phishing exercises that help employees avoid clicking on malware,” Forrester senior analyst, David Holmes, tells Infosecurity. “So, the risk profile of the remote worker using their own device is high; when multiplied by tens of thousands or hundreds of thousands of employees, the odds of a penetration or breach increase.”

Sharing devices can also cause unintended security challenges, according to John Scott, associate instructor at SANS Institute. 

“The worlds of work and home have been wound tighter and tighter together. After all, if you’re going online to order food or download a movie, the temptation to just check your work emails while you’re there is pretty huge,” he tells Infosecurity. “Not only is this bad for your mental wellbeing, but you might also be making work-based decisions when you’re tired or distracted.”

"In most cases, family and guests will not have been through even rudimentary cybersecurity training, such as phishing exercises that help employees avoid clicking on malware"
"In most cases, family and guests will not have been through even rudimentary cybersecurity training, such as phishing exercises that help employees avoid clicking on malware"

Another consequence of this “ownership psychology” is that employees take more risks on work devices, according to HP. Some 84% of the IT decision makers it spoke to are concerned that this behavior has increased the risk of a breach. They’re right: Further to the statistic above stating that 30% of employees have let someone else use their work device, 70% went one step further and admitted using or letting someone else use their work device for personal tasks. Many others lent it to their kids for doing homework, visited social media, online streaming and e-commerce sites, and downloaded files and content from the internet.

“The problem with working from home is personal and work life schedules can compete for your time, making people rushed,” SANS Institute senior instructor, Lance Spitzner, tells Infosecurity. “These are the environments that are easier for cyber-attackers to take advantage of, especially via social engineering phone calls or phishing emails.”

Security shifts to the endpoint

It’s not just laptops and smartphones that are at risk in the new era of remote working. Smart home devices are notorious for security issues such as factory default passwords and firmware vulnerabilities left unpatched by manufacturers. They can provide threat actors with another way to infiltrate home and then corporate networks. Printers are another often overlooked part of home office security. A 2020 study from KuppingerCole cited by HP claims that more than half (56%) are accessible via frequently used open printer ports that could be hacked.

The cumulative impact of these transformative changes in the way people work has been to shift the focus for IT security away from the perimeter and towards the endpoint. In fact, 91% of the IT decision makers polled by HP say endpoint security has now become as important as network security.

“The home network can never be secured by the organisation. They typically don’t own, control or manage the router, and have no influence on what machines join the wireless network,” Forrester’s Holmes argues. “There is no traditional perimeter security solution that includes the home office, so corporate network inspection can’t protect these workers against malware. Organizations should instead require employees’ equipment be outfitted with endpoint security as a first line-of-defense.”

"Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint"

However, for HP’s Global Head of Security, Ian Pratt, traditional signature-based endpoint detection tools have had their day, and must give way to more “architecturally robust” processes.

“Organizations should apply sound engineering principles to secure critical systems, adopting a zero-trust approach applied to the network and the endpoint. This will combine the principles of least privilege, strong identity, mandatory access control, and strong isolation to protect what organizations care about most and prevent attackers from escalating their access,” he argues.

“When it comes to strong isolation, just as you can have micro-segmentation of a network, you can have micro-segmentation of applications and data within an endpoint or server. This creates layers of compartments isolated from each other, preventing malware from spreading even if one compartment is compromised.”

Attention should also be paid to how security operations teams work, adds SANS Institute’s Scott.

“One of the key indicators of insider risk is people changing their working hours; staying late or coming in early when they didn’t do that before. But in a pandemic, when we’re all trying to fit in a full day’s work around childcare or other caring responsibilities, that no longer holds,” he says.

“So organizations may need to re-baseline to make sure that the patterns they’re looking for still hold in this ’new normal’.”

However CISOs approach these challenges, remote working is here to stay, even if it’s scaled down to just part of the working week. This means organizations that get to grips with mitigating endpoint security risk first, stand to gain the most.

From the maker of the world’s most secure PCs* and Printers**, HP Wolf Security is a new breed of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security*** provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. For more information, visit www.hp.com/wolf

*Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.

**HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.

***HP Security is now HP Wolf Security. Security features vary by platform, please see product data sheet for details.

Brought to you by

What’s hot on Infosecurity Magazine?