Gartner estimates that around 30% of workers in India will be remote in 2022. While the penetration might be low compared to the U.S., where remote work will account for around 53% of the workforce, the sheer volume of remote workers in India will be significant. That makes it crucial for every organization to have a Remote Security Policy.
By Nitin Varma, Managing Director – India & SAARC, CrowdStrike
As today’s workforce moves outside physical office spaces, modern security architectures are having to move away from a well-defined perimeter where everything was consistent and trustworthy. The increase in a distributed workforce in addition to the adoption of cloud-based computer infrastructure means that the attack surface is also expanding. Not having a full view of the attack surface can pose enormous challenges for organizations.
Here are some points organizations must consider while implementing a remote security policy for new, remote environments:
Identity and Authentication Protection
Research from CrowdStrike finds that attackers can move around inside enterprise infrastructure very swiftly. The ‘breakout time’ or the time it takes attackers to move from the initial machine to the other was reduced by 50% to 4 hours, 28 minutes in 2020. For example, in the recent SolarWinds supply chain and Microsoft Exchange breaches, cyber attackers remained undetected in networks for extended periods disguised under genuine credentials. As a result, companies need to shift to security methods that authenticate a user’s identity at every-level with such threats lurking around. In addition, organizations should rework security policies to ensure increased visibility, access controls and put more checks in place across all levels.
Employee Cyber Education
An organization’s risk increases substantially when its employees don’t understand concerns around cyber threats. Home networks further complicate this by posing a significant gap in companies’ ability to address attacks quickly and effectively in a remote environment. Organizations need to fill that gap by guiding and sensitizing employees to the effects of cyber threats. While reliance on home routers may be unavoidable, introducing some basic best practices can significantly improve employee vigilance about keeping sensitive company data safe. In addition, employees should get well-versed with cyber incident response protocols to adapt if and when an incident hits.
Know Everyone Connecting to Your Business Assets
These connections are typically endpoints such as mobile, laptops, desktops, or private networks. They must be assessed regularly to understand their security posture so that threats are detected and prevented promptly. In addition, organizations must also develop the ability to perform remote surgical incident response and support as needed. Using the Zero Trust architecture can help with this.
Remote Security Policy: A Case for Zero Trust
A remote security policy must include zero trust. In a Zero Trust model, there aren’t any trusted sources. Most businesses often arm themselves against every threat outside the network, protecting their castle with high walls and a moat, but forget there can also be threats inside the ramparts.
The Zero Trust model assumes future attackers are present both inside and outside the organizational network. Therefore, every request to access a system must be continuously authenticated, authorized, and encrypted, combining real-time analysis and Machine Learning (ML). Otherwise, there are chances of missing the critical window before an intruder moves from the first compromised machine to the remaining network system.
Around 80% of all breaches result from compromised identities; therefore, it’s become increasingly evident that adopting Zero Trust architecture is crucial.
Two-factor and multi-factor authentication (MFA) are among the most common ways to confirm a user’s identity and increase the network’s security. A proper end-to-end Zero Trust solution can provide the organization with MFA coverage and comprehensive visibility. In addition, such software also allows monitoring across authentication traffic and user behavior, helping improve the enterprise’s security hygiene.
Importance of Zero Trust for Remote Workplaces
CrowdStrike’s 2021 Global Threat Report found that eCrime intrusions increased to 79% in 2020, compared to 69% the previous year. Additionally, it shows that attacks motivated by financial gain are taking a larger share of the total. Cyberattacks, including ransomware, have increased as work environments changed and organizations were required to support more remote employees. As threats increase against these remotely located systems, the ability to block attacks and respond rapidly in the event of a compromise is becoming more challenging. Therefore, organizations require a combination of measures to protect against today’s threat landscape.
If done correctly, Zero Trust can protect against devastating threats such as those that compromise legitimate credentials and target employees’ identities to ensure better defenses against supply chain and sophisticated ransomware attacks.
For example, we’ve seen cyber crooks demanding double extortion techniques, where they ask for a ransom in return for an organization’s sensitive data and then order an additional ransom with the threat of disclosing or selling the data. Zero Trust models are essential for companies against these escalating attacks because they prevent further damage once a network is compromised.
Of course, Zero Trust architecture is just one aspect of any comprehensive remote strategy. While technology plays an integral part in protecting the organization, digital capabilities alone cannot prevent breaches. To create a genuinely resilient enterprise, organizations must educate their employees and make them aware of security challenges. And, they must adopt a comprehensive security solution that reduces the risk of attacks, incorporates a variety of endpoint monitoring, detection, and response capabilities, and leverages threat hunting to secure their networks.
About the Author
Nitin Varma comes with 20+ years of experience in sales and business development, global account Management, CXO relationship management, business strategy and sales process re-engineering. In January 2020, he joined CrowdStrike as MD – India & SAARC. Nitin is responsible for leading the business in the India & SAARC for CrowdStrike. Previously he has worked with organizations like Tata telecom, Avaya, Cisco, Palo Alto Networks before joining CrowdStrike.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.