digital transformation. Exploding threat surface. work remotely. hybrid work. Software as a Service (SaaS). cloud migration. Secure remote access. private tunnel. SD-WAN. Ransomware. fishing. social engineering. drive-by attack. Credential theft. BYOD. Self-service IT. The list goes on and on. Securing remote workers has never been this complicated or risky.
Unfortunately, the traditional methods of securing remote workers are no longer sufficient. Virtual Private Networks (VPNs) are notoriously insecure and do not scale. Backhauling internet traffic to a secure data center increases latency and impacts performance. Blacklists block out entire sections of the dynamic Internet, preventing users from completing their work.
Yet organizations continue to use older technologies to tackle new security problems. Today’s security strategies must evolve to meet the needs of modern businesses. This means users need to be able to log on from anywhere, regardless of device, access corporate assets, and be protected from today’s most advanced threats without impacting performance.
But it’s hard to let go of old habits. Here are her five pitfalls organizations fall into when trying to protect remote workers from the growing cybersecurity threats.
1. Ignore unmanaged devices
It’s easy to put your head in the sand as if your users weren’t accessing company assets on their personal devices. Regardless of the policies in place, by checking email or logging into Salesforce on their personal phones, tablets, or laptops, people understand the security risks. But they do it anyway – often without a second thought. In fact, two-thirds of his U.S. employees use personally owned devices for work purposes, and these unmanaged devices (and consumer-grade networks such as her WiFi) It poses a significant security risk to your organization. At the same time, the consumerization of the cloud has made it easier than ever for users to put down their credit cards and launch their own infrastructure without following corporate policies or even informing IT about the deployment. became. When attackers grant initial access to devices with a single click and then covertly spread throughout your network, you need to ensure that connections between unmanaged devices and your infrastructure and corporate resources are secured. I have.
what to do about it
Considering web, email, and application isolation technologies creates a virtual air gap between users and content on the Internet, allowing ransomware, drive-by attacks, and malware to gain initial access to end devices. is blocked before it can get the . This user-centric, rather than device-centric, approach protects even unmanaged devices and infrastructure, leaving no means for malicious actors to seek out high-value targets and spread across your network.
2. Don’t plan for the future
Malicious attackers are more sophisticated and adaptable than ever. Cybersecurity is a constant back-and-forth battle between attackers and security-her teams. As soon as new security controls are developed, attackers quickly find ways to circumvent them. The gap is filled by new tools, and hackers identify another entry point. The point is that what works today may not necessarily work tomorrow. Today’s highly evasive adaptive threats (HEAT) target web browsers and evade detection at multiple layers of current security stacks, including firewalls, secure web gateways (SWGs), sandbox analysis, URL reputation, and phishing detection employs technology. These HEAT attacks are used as an initial access point to deliver malware or compromise credentials, often leading to ransomware and other attacks.
what to do about it
Stay alert to all activity coming out of the threat landscape and consider what it means for your current security investments. Threats like HEAT attacks.
3. Protect remote workers with a VPN
VPN appliances are not scalable enough to meet the needs of digitally agile organizations, where users need reliable access to applications and data wherever they are. Once your credentials are compromised through social engineering, fake login forms, or phishing, threat actors have full and unrestricted access to the rest of your network. Even when a VPN works, it consumes bandwidth and increases latency by backhauling your internet traffic to a secure data center. It also cannot scale to meet the needs of today’s hybrid workforce.
what to do about it
Consider secure remote access alternatives, such as enabling cloud-based application isolation and providing connectivity to private applications at the threat prevention layer. This approach provides enhanced zero trust access and maximizes security posture without impacting the end user experience.
4. Over-integrating security solutions
Vendor consolidation makes some sense. According to Anomali, organizations rely on an average of 50-80 security tools, and that number rises to 120 in large enterprises. This software sprawl leads to increased capital and operational costs while creating integration and visibility issues. It’s no surprise that Gartner reports that 75% of his global organizations plan to consolidate their security vendors within the next 12 months. The problem is that too much integration can be less effective. No vendor can offer a best-of-breed security solution that protects against all threat vectors. Anyone trying to develop or put together a complete solution will inevitably have to compromise.
what to do about it
Vendor consolidation works best for small volumes. A little consolidation might make sense, but relying on a single vendor (which Gartner seems to recommend in his SSE research) is too risky. Software sprawl and technical debt are major problems in the industry, but organizations should be wary of sacrificing simplicity for less protection.
5. Rely solely on detection and remediation
this is a big one. The trend in security over the past decade has been to tell customers that breaches are inevitable and that they need to focus on detecting malicious behavior within their networks. East-West security is important, but protection should not be sacrificed. HEAT attacks evade traditional detection-and-response cybersecurity approaches by hiding inside seemingly harmless technologies like JavaScript and VPNs. This allows malicious attackers to enter your network and evade detection for days, weeks, or even months. The problem is that the speed at which attackers take action after an initial compromise is accelerating. As we found with the recent Okta breach, even a few minutes can be enough time to deliver a payload. No matter what other security her vendors say, protection is not a losing game. can Suspend initial access as a precaution.
what to do about it
Combining SASE security with a Zero Trust mindset (ensuring that all content is questionable and subject to corporate security controls) addresses the traditional flaws of today’s network security stack and ultimately It enables a truly proactive approach to security that transforms outcomes.
New ways of working require new ways to protect remote workers. By leveraging web, email, and application isolation, organizations can evolve their security strategy to keep pace with modern threats.
If you want to learn more about HEAT attacks, or if you’re susceptible to them, try our HEAT Check Assessment.
The post Avoiding these cybersecurity pitfalls to protect remote workers in 2023 first appeared on Menlo Security.
*** This is Menlo Security’s Security Bloggers Network syndicated blog written by Mark Guntrip. Read the original post: https://www.menlosecurity.com/blog/avoid-these-cybersecurity-pitfalls-to-protect-remote-workers-in-2023/
