• Home
  • About us
  • Contact us
  • DMCA
Forbes.llc
  • Home
  • Innovation
    • 5G
    • AI
    • Big Data
    • Cloud
    • Cloud 100
    • Consumer Tech
    • COP26
    • Cybersecurity
    • Enterprise Tech
    • Future Of Work
    • Games
  • Leadership
    • Careers
    • CEO Network
    • CFO Network
    • CHRO Network
    • CIO Network
    • CMO Network
    • Money
      • ETFs & Mutual Funds
      • Fintech
      • Hedge Funds & Private Equity
      • Investing
      • Investing Basic
      • Markets
      • Personal Finance
      • Premium Investing Newsletters
  • Forbes Digital Assets
    • Dashboard
    • Traded Assets
    • Research
    • Events
    • Crypto Portfolios
  • Business
    • Aerospace & Defense
    • Energy
    • Food & Drink
    • Hollywood & Entertainment
    • Manufacturing
    • Media
    • Policy
  • Small Business
    • Small Business Strategy
    • Enterprise Tech
    • Franchises
  • Lifestyle
    • Arts
    • Boats & Planes
    • Cars & Bikes
    • Dining
    • Real Estate
      • Commercial Real Estate
      • Residential Real Estate
      • Forbes Global Properties
      • Vetted
No Result
View All Result
  • Home
  • Innovation
    • 5G
    • AI
    • Big Data
    • Cloud
    • Cloud 100
    • Consumer Tech
    • COP26
    • Cybersecurity
    • Enterprise Tech
    • Future Of Work
    • Games
  • Leadership
    • Careers
    • CEO Network
    • CFO Network
    • CHRO Network
    • CIO Network
    • CMO Network
    • Money
      • ETFs & Mutual Funds
      • Fintech
      • Hedge Funds & Private Equity
      • Investing
      • Investing Basic
      • Markets
      • Personal Finance
      • Premium Investing Newsletters
  • Forbes Digital Assets
    • Dashboard
    • Traded Assets
    • Research
    • Events
    • Crypto Portfolios
  • Business
    • Aerospace & Defense
    • Energy
    • Food & Drink
    • Hollywood & Entertainment
    • Manufacturing
    • Media
    • Policy
  • Small Business
    • Small Business Strategy
    • Enterprise Tech
    • Franchises
  • Lifestyle
    • Arts
    • Boats & Planes
    • Cars & Bikes
    • Dining
    • Real Estate
      • Commercial Real Estate
      • Residential Real Estate
      • Forbes Global Properties
      • Vetted
No Result
View All Result
Forbes LLC
No Result
View All Result

Avoid These Cybersecurity Pitfalls to Secure Remote Workers in 2023

by
February 2, 2023
Home Innovation Cybersecurity
Share on FacebookShare on Twitter


Illustration of people using laptops surrounded by holes in the ground

digital transformation. Exploding threat surface. work remotely. hybrid work. Software as a Service (SaaS). cloud migration. Secure remote access. private tunnel. SD-WAN. Ransomware. fishing. social engineering. drive-by attack. Credential theft. BYOD. Self-service IT. The list goes on and on. Securing remote workers has never been this complicated or risky.

Unfortunately, the traditional methods of securing remote workers are no longer sufficient. Virtual Private Networks (VPNs) are notoriously insecure and do not scale. Backhauling internet traffic to a secure data center increases latency and impacts performance. Blacklists block out entire sections of the dynamic Internet, preventing users from completing their work.

Yet organizations continue to use older technologies to tackle new security problems. Today’s security strategies must evolve to meet the needs of modern businesses. This means users need to be able to log on from anywhere, regardless of device, access corporate assets, and be protected from today’s most advanced threats without impacting performance.

But it’s hard to let go of old habits. Here are her five pitfalls organizations fall into when trying to protect remote workers from the growing cybersecurity threats.

1. Ignore unmanaged devices

It’s easy to put your head in the sand as if your users weren’t accessing company assets on their personal devices. Regardless of the policies in place, by checking email or logging into Salesforce on their personal phones, tablets, or laptops, people understand the security risks. But they do it anyway – often without a second thought. In fact, two-thirds of his U.S. employees use personally owned devices for work purposes, and these unmanaged devices (and consumer-grade networks such as her WiFi) It poses a significant security risk to your organization. At the same time, the consumerization of the cloud has made it easier than ever for users to put down their credit cards and launch their own infrastructure without following corporate policies or even informing IT about the deployment. became. When attackers grant initial access to devices with a single click and then covertly spread throughout your network, you need to ensure that connections between unmanaged devices and your infrastructure and corporate resources are secured. I have.

what to do about it

Considering web, email, and application isolation technologies creates a virtual air gap between users and content on the Internet, allowing ransomware, drive-by attacks, and malware to gain initial access to end devices. is blocked before it can get the . This user-centric, rather than device-centric, approach protects even unmanaged devices and infrastructure, leaving no means for malicious actors to seek out high-value targets and spread across your network.

2. Don’t plan for the future

Malicious attackers are more sophisticated and adaptable than ever. Cybersecurity is a constant back-and-forth battle between attackers and security-her teams. As soon as new security controls are developed, attackers quickly find ways to circumvent them. The gap is filled by new tools, and hackers identify another entry point. The point is that what works today may not necessarily work tomorrow. Today’s highly evasive adaptive threats (HEAT) target web browsers and evade detection at multiple layers of current security stacks, including firewalls, secure web gateways (SWGs), sandbox analysis, URL reputation, and phishing detection employs technology. These HEAT attacks are used as an initial access point to deliver malware or compromise credentials, often leading to ransomware and other attacks.

what to do about it

Stay alert to all activity coming out of the threat landscape and consider what it means for your current security investments. Threats like HEAT attacks.

3. Protect remote workers with a VPN

VPN appliances are not scalable enough to meet the needs of digitally agile organizations, where users need reliable access to applications and data wherever they are. Once your credentials are compromised through social engineering, fake login forms, or phishing, threat actors have full and unrestricted access to the rest of your network. Even when a VPN works, it consumes bandwidth and increases latency by backhauling your internet traffic to a secure data center. It also cannot scale to meet the needs of today’s hybrid workforce.

what to do about it

Consider secure remote access alternatives, such as enabling cloud-based application isolation and providing connectivity to private applications at the threat prevention layer. This approach provides enhanced zero trust access and maximizes security posture without impacting the end user experience.

4. Over-integrating security solutions

Vendor consolidation makes some sense. According to Anomali, organizations rely on an average of 50-80 security tools, and that number rises to 120 in large enterprises. This software sprawl leads to increased capital and operational costs while creating integration and visibility issues. It’s no surprise that Gartner reports that 75% of his global organizations plan to consolidate their security vendors within the next 12 months. The problem is that too much integration can be less effective. No vendor can offer a best-of-breed security solution that protects against all threat vectors. Anyone trying to develop or put together a complete solution will inevitably have to compromise.

what to do about it

Vendor consolidation works best for small volumes. A little consolidation might make sense, but relying on a single vendor (which Gartner seems to recommend in his SSE research) is too risky. Software sprawl and technical debt are major problems in the industry, but organizations should be wary of sacrificing simplicity for less protection.

5. Rely solely on detection and remediation

this is a big one. The trend in security over the past decade has been to tell customers that breaches are inevitable and that they need to focus on detecting malicious behavior within their networks. East-West security is important, but protection should not be sacrificed. HEAT attacks evade traditional detection-and-response cybersecurity approaches by hiding inside seemingly harmless technologies like JavaScript and VPNs. This allows malicious attackers to enter your network and evade detection for days, weeks, or even months. The problem is that the speed at which attackers take action after an initial compromise is accelerating. As we found with the recent Okta breach, even a few minutes can be enough time to deliver a payload. No matter what other security her vendors say, protection is not a losing game. can Suspend initial access as a precaution.

what to do about it

Combining SASE security with a Zero Trust mindset (ensuring that all content is questionable and subject to corporate security controls) addresses the traditional flaws of today’s network security stack and ultimately It enables a truly proactive approach to security that transforms outcomes.

New ways of working require new ways to protect remote workers. By leveraging web, email, and application isolation, organizations can evolve their security strategy to keep pace with modern threats.

If you want to learn more about HEAT attacks, or if you’re susceptible to them, try our HEAT Check Assessment.

Book a Live Demo of HEAT Attacks: Preventing the Biggest Unknown Threats

The post Avoiding these cybersecurity pitfalls to protect remote workers in 2023 first appeared on Menlo Security.

*** This is Menlo Security’s Security Bloggers Network syndicated blog written by Mark Guntrip. Read the original post: https://www.menlosecurity.com/blog/avoid-these-cybersecurity-pitfalls-to-protect-remote-workers-in-2023/



Source link

Next Post
Tile Brand Ann Sacks Signs Major Retail Lease in Queens

Tile Brand Ann Sacks Signs Major Retail Lease in Queens

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

What is the role of adenovirus in human health?

What is the role of adenovirus in human health?

November 9, 2022
They find a loving home for their retired K-9

They find a loving home for their retired K-9

December 25, 2022

Subscribe.

Trending.

Smartex raises $24.7 million to give smarter eyes to textile manufacturing • TechCrunch

Smartex raises $24.7 million to give smarter eyes to textile manufacturing • TechCrunch

November 3, 2022
Red Roof Celebrates Industry Leadership Through Performance, Partnerships, Prototypes and Purpose at 2022 Brand Conference

Red Roof Celebrates Industry Leadership Through Performance, Partnerships, Prototypes and Purpose at 2022 Brand Conference

November 14, 2022
Bridgewest Group signs deal with Pfizer to acquire injectable manufacturing plant in Western Australia

Bridgewest Group signs deal with Pfizer to acquire injectable manufacturing plant in Western Australia

November 11, 2022
Finxeed Announces $10 Million Strategic Investment from DBank (Chain Bank Group) to Launch World’s First Digital Asset Proprietary Company

Finxeed Announces $10 Million Strategic Investment from DBank (Chain Bank Group) to Launch World’s First Digital Asset Proprietary Company

December 23, 2022
The earliest evidence of the use of controlled fire for cooking food

The earliest evidence of the use of controlled fire for cooking food

November 14, 2022
Forbes LLC

This website provides information about Business and other things. Keep Supporting Us With the Latest News and we Will Provide the Best Of Our To Makes You Updated on All Around The World News. Keep Sporting US.

  • Home
  • About us
  • Contact us
  • DMCA

© 2022 forbes - Copyrights reserved by Forbes LLC.

No Result
View All Result
  • Home
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Audio
    • Camera
    • Smartphone
  • Microsoft
  • Photography
  • Security

© 2022 forbes - Copyrights reserved by Forbes LLC.