Updated: Mar 2
Written by Cyber Pop-up on behalf of Veriato
A user-centric approach to securing small and mid-size businesses in the new norm
For most businesses, the corporate boundaries have expanded over time. The traditional office has now morphed into a hub-and-spoke model with an increasing number of employees working remotely. This shift to remote work isn't new. Between 2005 and 2018, there was a 173% rise in the US remote workforce. The trend spiked in 2020 when 88% of organizations worldwide encouraged remote work to flatten the pandemic's spread.
A combination of convenience, cost savings, and now even health factors have rendered a permanent nature to this trend. It's the new norm. One of the major fallouts of this new norm is security risk exposure. RiskBased Security reported 27 billion data records exposed in the first half of 2020. This is more than double the number in the entire year of 2019.
Small and mid-size businesses (SMBs) need new guardrails against the risks exposed by changing work-patterns off-campus to thrive in this new norm securely.
The modern work campus extends beyond the corporate firewall
The option of alternative workspace expands the bandwidth of the professional community. During a 2016 survey, 43 percent of employed Americans worked at least for some hours remotely, either from home or while on-the-go. Although COVID-19 restrictions induced a noticeable uptick in work-from-home (WFH), many other factors contributed to this trend over the years. Remote work developed over the years keeping pace with advancements in remote access and cellular connectivity, and the cloud.
These days, transportation hubs like airports and hotels, planes, trains, and even some buses now offer internet access. Work during travel has increased. In 2019, 464.4 million person‐trips for business were logged by US residents; 38% of those were for events and meetings. And then there are new business models like that of Remote Year, which feeds into the desire to work overseas while on vacation. More flexibility in working hours and industry competition to retain top talent had led to the popularity of Remote Year.
However, each login to the corporate network from the travel hubs virtually extends the office campus. The connections often involve insecure networks and Wi-Fi access points, which are beyond your control. These inadequacies further underscore the growing importance of user-centric security controls where the security focus shifts to employees and how they use their devices, company data, and applications when working in the extended campus.
Shrinking office footprint
The pandemic's economic shock affected many businesses, directly or indirectly, making companies look for cost-cutting avenues. SMBs are looking to reduce office spaces as remote working gained popularity and didn't cause any alarming dent in productivity. According to McKinsey research, 80 percent of participants surveyed prefer WFH. Some companies are already planning to downsize the on-site workforce to 30-40% even after vaccines, and new treatments erase the social distancing mandates. Certain small businesses are already considering replacing headquarters with remote hubs, shared workspaces, and incubators for the mobile workforce.
As flexibility, economic factors, and work-culture influence SMBs to downsize on-site real-estate, IT security focus has to include user-centric security solutions.
New cyber threats in the new norm
In the new norm, many remote home offices and hubs physically spread out the traditional corporate office. The security consequence is an expanded attack surface regarding insecure connections, endpoints, and reduced oversight. This exposes new vulnerabilities and new threat vectors to exploit an organization and misuse its data.
2020 Black Hat survey found 72% of security professionals concerned about the chances that remote employees would break security policies and expose systems to risk; 84% expect the shifts in cyber operations and threat flow to linger well after the health crisis ends. Security gaps exposed by the remote workforce gravitate around the following user-centric factors:
Employees use their own (often insecure) devices
A recent study finds 56% of employees use personal computers when working remotely; 25% of them are unaware of these devices being secured. When working from home, employees might even share these devices with their family members exposing sensitive data at risk.
More employees succumbed to social engineering tactics
On average, there are nearly 1,185 phishing attacks per month targeting businesses. In 2020, social engineering attacks took a sharp uptick, a 22.5% increase from what was seen in Q4 of 2019. Spear-phishing emails alone have spiked threefold. 13% of phishing attacks in Q1 2020 exploited the COVID-19 context to distribute malware, steal credentials, compromise business emails, and impersonate brands to scam users out of money. Blackmail attacks and conversation hijacking are examples of phishing tactics that keep getting more sophisticated with time.
Insider threats gained in proportions
According to 66% of organizations, malicious or accidental insider breaches are more common than external attacks. Trusted third-party induced insider incidents ranged between 15% and 25%. Since 2018, the number of insider incidents has increased by 47%. Remote work increases insider threats, both malicious and inadvertent errors.
It is easier for hackers to trick remote employees to unknowingly participate in an attack by simply clicking on an infected link, falling for a phishing email, or downloading a compromised file—malicious insiders when remote can evade detection more easily.
Increase in accidental data loss
Rising business email compromises (BEC) underscore the vulnerability of email. A recent survey finds both corporate and personal emails as the leading causes of accidental data leaks. File-sharing services (39 percent), collaboration tools (34 percent), and SMS instant messaging (33 percent) are other causes. Nearly 44% of employees admit having accidentally leaked confidential information via email without reporting every incident to the security team. Remote employees often sacrifice compliance and security policies for usability. To simplify access, remote users may publicly share links to confidential documents, thus exposing sensitive information and intellectual property.
Increase in malware infections
In 2020, 60% of organizations experienced malware infections for remote users. Since corporate devices, earlier kept in the offices, are now usable all the time, remote users end up using those for recreational web browsing, personal emails, etc. On weekends, they may use corporate laptops over insecure networks without VPNs, which end up being the doorways for phishing attacks and malware infections, exposing the entire corporate infrastructure.
Increase in the number of unprotected backups
Remote work increases the number of unprotected backups. To make work faster at suboptimal home network speeds, remote employees may copy large amounts of data, files, etc., to local hard drives instead of always accessing databases through their corporate VPNs. Large amounts of confidential or proprietary data, when stored locally without backups, weakens the security posture.
More sophisticated ransomware and data breaches
Ransomware is a fast-evolving cybersecurity threat, with damages predicted to build to $20 billion globally by 2021, a significant rise from $345 million in 2015. Vulnerabilities induced by remote work usage heightens ransomware risks for organizations.
If not addressed, these new risks induced by the new norm negatively impact companies and their employees due to potential data leaks, costly security breaches, and productivity losses.
Securing home offices, shared workspaces, and on-the-go work
When more employees work remotely, as already discussed, many user-centric threat vectors come into play. This calls for user-centric security controls to mitigate the risks.
Use Activity Monitoring
It’s hard to intercept insider threats. In the new norm, an effective approach for insider threat mitigation involves prevention and early detection. Intelligent monitoring systems can help companies proactively ward-off these threats with features that include:
Remote and in-network monitoring
User behavior analytics
Scalable endpoint monitoring
Video playback of onscreen activity
File download protection
Dark web tracking
Real-time user reporting
Remote Employee Monitoring
Visibility into employee activities using corporate assets is essential. Employee monitoring is an essential guardrail to control the widening menace of social engineering threats. Monitoring remote employees and their devices helps to improve their security hygiene while remote.
A proactive approach to prevent the costly consequences of ransomware attacks involve continuous monitoring of file systems, device endpoints, networks, and employees. Host-based security monitoring software can use threat intelligence to continuously update and maintain a robust database of known ransomware signatures to quickly detect the presence of known variants of ransomware by matching against this database. Honeypot files are useful to detect attacks from previously unknown variants reliably. Other ransomware mitigation steps involve regular backups of all systems including remote devices, continuous device level monitoring to detect attacks early.
Security Awareness Training
Security awareness and education is a crucial step in the right direction. Security guidelines and governance policies have to take into account changing work patterns in the new norm. Lack of compliance with security policies by remote employees is a significant concern. Security training and education are much needed to push the security-vigilance-envelop beyond IT teams.
Security hygiene training and policies should bring in the third-party workforce like partners, associates, consultants, and freelancers into the fold. Essentially, include anyone in the company who access confidential data. Basic security awareness includes understanding the principles of robust password management, strong passwords, not sharing passwords, using secured network access, the importance of secure file sharing, regular backups, limit recreational browsing, vigilance with file downloads, and phishing emails.
Phishing simulation, as part of security hygiene training, improves awareness against phishing tactics. This is also an essential step to reduce malware infections and ransomware attacks using sophisticated phishing campaigns.
Zero Trust Security
In the new norm, you have to think beyond security cameras and ID badges for access. A zero-trust approach to security is particularly powerful in a remote work environment as it pivots on the "never trust, always verify" mantra. Zero trust security principles can be used to assess risks at the various access touchpoints and also during the use of corporate assets.
A new NIST advisory on zero trust principles highlights the importance of balancing continuous monitoring, identity and access management, and existing cybersecurity policies and guidance with the zero trust architecture. The zero-trust approach can protect against common threats and improve an organization's risk posture with a managed risk approach against the new threat vectors.
In a user-centric security framework, zero-trust security can be combined with user and entity behavior analytics (UEBA). UEBA can sopt anomalous behaviors using network events. As human, devices, and networks interact, UEBA can use intelligents technologies like machine learning (ML) to recognize patterns of behavior to detect anomalies. Anomalies outside of a baseline are flagged as possible threats, automated actions can follow to reduce risks.
Security in the new "traditional office"
The new "traditional office" is a hybrid work environment involving both on-site and off-site workforce. With so many employees now working outside the central office locations, on-premise security solutions will take on a different role. IT teams need to rethink traditional security approaches.
Securing this hybrid environment calls for robust, intelligent solutions that can adapt to an un-uniform attack surface on both sides of the corporate firewall. From firewalls and ID badge security to authenticate employees, organizations now have to increasingly rely on VPNs and secure tunneling solutions to allow employees to gain remote access to corporate systems and applications. Monitoring solutions sensitive to user activities in this new environment can help improve both productivity and security posture.
There's also an increasing need to beef up security strategies to prevent accidental data loss. Compliance is a major factor. Employee awareness and actions to comply with regulations like HIPAA and GDPR, regardless of office location, have to be prioritized. IT teams can employ intelligent solutions to avoid gaps in regular system upgrades, data backups, applying software updates, and security patches.
In a hybrid office environment, monitoring solutions with an increased emphasis on user activity and security events are useful. AI-based continuous monitoring and behavioral analytics can help detect threats early to prevent data loss. Employee monitoring solutions can track user activity to ensure only approved employees are accessing sensitive information and that their behavior is normal for the task. For example, insider threats can be minimized by detecting unusual actions such as data download and storage in external drives to signal potential data thefts.