There’s a consensus building that for many of us, our post-pandemic reality will be a hybrid workplace—one in which a mix of in-person, WFH and offsite employees is a daily occurrence. This means it will be up to IT security pros to fill the gaps and stop intruders.
If the COVID-19 crisis proved anything, it’s that bad actors are ready to pounce on vulnerabilities. From the earliest days of the pandemic, the FBI reported up to 4,000 new cybersecurity complaints per day, a 400% increase from previous levels. Financial and healthcare organizations are prime targets. Accenture reports that finance is 300 times more vulnerable to cybersecurity incidents, at costs reaching $18.3 million annually per company, while healthcare has the highest cost per breached data record of any industry, due in large part to lucrative insurance data.
As IT has found, the risk only increases when employees are working from their dining room tables. Household internet service, laptops and even IoT devices around the home are targets for criminals. Smart devices can be used to gain entry to the home network and once compromised, exploit corporate activity.
Security in the cloud
Whatever solutions are implemented, they will of necessity be cloud-centric. In the past year, 76% of companies adopted cloud services faster than they had planned. According to the 2020 Cloud Security Report, 82% of organizations say traditional security solutions either don’t work at all in cloud environments or have only limited functionality (a notable decrease from the previous year’s survey response of 66%).
The best way to ensure cloud-based network security in a hybrid work environment is to use Zero Trust architecture— which according to NIST, is an approach that assumes there is no implicit trust granted to assets or user accounts based solely on physical or network location.
Zero Trust requires any entity to verify its identity and trustworthiness before gaining access to the network. Micro-segmentation, a key component of a Zero Trust policy, can be implemented using software-defined networking services and cloud offerings. This kind of strict network traffic control helps ensure a strong security posture across the network.
The focus of Zero Trust, however, is multifactor authentication. Two factor (password/PIN and device verification) is becoming the norm, as consumers have become increasingly familiar with processing device verification codes. Three-factor, which includes face, voice or fingerprint recognition, may soon be added to the mix.
Network protection options
Another vital element is a bulletproof network security infrastructure. Employees are now accessing business data and cloud services from multiple endpoints, across multiple devices and from multiple locations. Protecting the network amid such dispersed activity will be a high priority.
Fortunately, there are multiple options to improve an organization’s network security footing. Endpoint detection and response (EDR) collects and aggregates data about endpoint use and analyzes it for threats, typically with the help of AI/ML. Part of a defense and depth approach to security, EDR doesn’t just monitor and analyze a network, but all endpoints communicating within that network. Deployed directly on the network as an internal platform, it also offers digital forensics to determine points of vulnerability.
There are 3 main tasks that a successful EDR Solution is meant to accomplish:
- Monitor and collect data in real-time to detect threats
- Analyze the collected data to determine threat patterns
- Respond immediately to any detected threats, isolate the infected endpoint and then remove the threat
Mobile device management (MDM), another common endpoint solution, has evolved with the introduction of unified endpoint management (UEM). UEM brings deployment, management and monitoring together into a single dashboard; moreover, it supports BYOD and comprehensive rules setting and enforcement, reducing costs and simplifying security management tasks for all manner of mobile devices.
Managed cybersecurity services have become popular with IT because they remove much of the daily responsibility for security monitoring. Managed detection and response (MDR), sometimes referred to as security operations center as a service (SOCaaS), goes beyond endpoint protection to cover the entire enterprise network. It constantly monitors data and network traffic in addition to endpoints, examining potential threats to discover their origin, scope, and threat level and then removing the threat.
Because MDR is a third-party service, the outside organization carries the burden of addressing new threat vectors, closing gaps and maintaining compliance with regulatory bodies. MDR can actually be less expensive than maintaining an internal team and investing in costly security hardware.
Inform your workforce
Finally, no security effort is complete without employee training. Every workforce—but especially those that are hybrid or fully remote—needs to be made aware of cybersecurity threats and how to avoid them. Phishing simulations, as well as constant updates on best practices for security risk management, are essential to a strong counterthreat strategy.
Enterprise IT security is a never-ending game of cat-and-mouse. The coming hybrid workplace is just one more development that will test the imaginations of security professionals. It’s not too early to address the challenges presented by this complex combination of people, places and devices, setting the protections that will keep corporate data away from predators who, sadly, are always on the prowl.