The New Security Achilles Heel

Remote workers have emerged as the primary weak link in the network

Mobile computing, cloud applications and tele-work have all combined to erode the traditional corporate security perimeter — and, in doing so, have largely transferred the attack surface to end-user devices.

Each endpoint is now its own perimeter in today’s Zero Trust environment — a weakness that can allow attackers to compromise the network. One errant click or download, and ransomware or other malware can spread laterally (east-west) across the organization. Approximately 90 percent of attacks use this approach.

Currently, more than 60 percent of U.S. companies have remote workers. They are more susceptible to cyberattacks than their peers who work within the confines of the organization, and are literally the weakest link in a network.

Many organizations are vigilant about protecting their networks and data centers from outside-in (north-south) attacks, but lack sufficient security mechanisms to stop lateral attacks.

Common behaviors by remote workers that put organizations at risk include:

Accessing unsecured Wi-Fi networks or failing to authenticate through the corporate VPN while working from home, in a hotel, or coffee shop.
Directly accessing SaaS applications in the cloud outside of the visibility and control of corporate IT/security.
Plugging into public charging stations or using untrusted devices, including other computers and flash drives and USB ports.

The above behaviors essentially bypass network security defenses such as firewalls, IPS/IDS, VPNs, and so on.

Remote and mobile devices, whether company-issued or BYOD, are often protected by little more than antivirus software, which only blocks known threats and not the newest forms of malware and ransomware.

Sixty-one percent of breaches occur at companies with less than 1,000 employees, according to a recent Verizon Security Breach Report. An attack happens roughly every 39 seconds – this is why advanced protection and control at the endpoint is more critical today than ever.

Best Practices For Reducing Security Risk

Advanced endpoint security capabilities—which are key to protecting remote and mobile users from intrusion and infection—used to be available only to large enterprises with significant resources. The cost and effort versus the risk was just too much for midsize organizations to bear. But, new cost-effective innovations, have put advanced security capabilities within the reach of all organizations.

Leverage Multi-Factor Authentication (MFA)

This sophisticated approach to authentication makes it difficult for hackers to break into a network.

MFA requires the presentation of two or more of the three authentication factors: a knowledge factor (something only the user knows, such as a password, PIN, or a pattern), a possession factor (something only the user has such as an ATM card, smart card, or mobile phone), and an inherence factor (something which contains a biometric characteristic such as a fingerprint). After presentation, each factor must be validated by the other party for authentication to occur.

At the core of every MFA is its ability to create one-time passwords (OTPs) that are valid for a single login session or transaction. OTPs are created by algorithms that focus on randomness — making it extremely difficult for hackers to predict future OTPs by observing previous ones.

Adopt Network Segmentation -- the Easy Way

Network segmentation is a security best practice, often implemented as a part of a defense-in-depth approach. However, segmenting the network has historically involved complex configuration of VLANs, routers, switches, and other things. Today, enterprises can segment the network using a software-defined approach, which makes it much more achievable and manageable for companies.

Policies should be constructed on the basis of user and device identity as well as multi-factor authentication, in addition to traditional IP addresses, ports, and protocols. Users on the same local network segment can be granted access to different resources depending upon their job function.

If a remote worker were to plug an infected device back into the corporate network, software-defined network segmentation can prevent the east-west spread of malicious threats throughout the network. Among the most malicious threats that can be prevented is sophisticated ransomware, which relies on pivoting within internal networks to attack whole organizations.

Managed Security from the Cloud

Cloud-delivered managed security services can address remote worker security threats with MFA, network segmentation, firewall, threat management, antivirus, anti-spyware, and more. Additional functionalities include file auditing and blocking, global bans for all communications for a defined set of ports and applications, external IP blocking, URL filtering, and a global web application firewall.

The advantage of a cloud-based service is that it delivers cost-efficient security that is automated and robust, as well as being easy to configure, manage, and scale.

The security Achilles heel of many organizations has become remote workers’ unsecured devices. In response, progressive organizations have implemented advanced endpoint security capabilities, such as “firewall everywhere,” MFA and network segmentation to address these risks. For companies that lack the resources to deploy this type of protection themselves, managed security services are an affordable and equally effective alternative.

Alexander McMillen is VP, Operations for security as a service platform provider OPAQ. He is an expert in systems and network engineering, as well as IT operations. He is the founder of the Washington, DC chapter of the Vyatta Secret Society, a user group that enables companies to perform Software Defined Networking functions on commodity hardware. He is also a member of the North American Network Operators Group (NANOG), American Registry for Internet Numbers (ARIN), RIPE Network Coordination Centre, Frontier Foundation (EFF), Infrastructure Masons, 451 Global Digital Infrastructure Alliance, and Phi Beta Cyber Society.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.