The challenge of the hybrid workplace for security teams

It is becoming clear that moving forward, many companies will adopt a hybrid workplace approach. Having supported employees working from home for the past year, with all the attendant cyber security risks of unmanaged devices, a fluid return to the office presents even more challenges for security teams.

They will be only too aware of the ongoing rise in cyber attacks. Remote workers have proven an attractive target for cyber criminals, who, in the past year, have successfully gained access to corporate networks via other members of the household, such as children using company laptops and PCs. Many devices moving into and out of the corporate perimeter on one day were being used the previous day to help a child with their homework or play a computer game.

Without adequate protection, these vulnerable devices have opened doors through which cyber attackers have easily walked, to the extent that the National Cyber Security Centre reports nearly half of UK businesses registered a cyber breach or attack in the past year.

Until very recently, cyber attacks were primarily targeted towards large organisations. However, smaller businesses with less comprehensive defences in place are now also finding themselves victims of attacks. The consequences can be devastating — reduced levels of productivity, the costs of repairing networks, and the costs involved if data is lost or stolen can cause irreparable damage to bottom lines, reputations, and relationships with clients and suppliers.

The road forward could be bumpy for companies of all sizes as they try to devise security strategies that will serve an ever-evolving landscape.

Creating and rolling out an effective cyber security strategy

This article will explore what it takes to create and roll out an effective cyber security strategy throughout the organisation. Read here

Endpoint devices are increasingly vulnerable

Endpoints are the network access point of choice for cyber criminals. The keyboard and display are the attack vector through which sensitive data is most easily – and therefore most often – stolen. According to the annual Global Threat Intelligence Report, the highest threats last year were keylogging malware, which monitors keystrokes on the keyboard, and spyware.

Kernel-level keyloggers are among the most dangerous attackers. Their ability to defeat standard anti-virus solutions enables them to carry out attacks undetected. They sit at a low-level, harvesting keys tapped on the keyboard the second they enter the operating system, and are infamously difficult to eradicate.

Other forms of cyber attack target the vulnerable data entered into an application after login, or sensitive data displayed on the screen through the application. Such attacks include screen capture or screen grabbing, DLL injection and Man-in-the Browser attacks. Screen grabbing captures the screen when certain events occur, putting at risk all information held within applications and entered at the keyboard. A DLL Injection attack is a method of inserting malicious code into an application to access to sensitive data, while a MiTB attack will typically use JavaScript code running in the browser to gain access.

The importance of endpoint security in breaking the cyber kill chain

With more remote devices connected to the corporate network, Corey Nachreiner, CTO of WatchGuard looks at the importance of endpoint security in breaking the cyber kill chain. Read here

A new strategy is required

There is now a need to develop existing Bring Your Own Device (BYoD) and Bring Your Own PC (BYoPC) policies, and take a zero-trust approach to all endpoint devices such as laptops, tablets, home PCs and smartphones. However, for security and IT teams, this will leave organisations more vulnerable to cyber attacks, as employees switch devices and enterprises take steps to facilitate the new model. In the months to come, companies need to develop a cyber security strategy that will protect them as they adopt a hybrid workplace approach, allowing employees to spend some time in the physical office, and some time working remotely.

When the UK was forced into widescale remote working last year, many organisations believed that a virtual private network (VPN) and an off-the-shelf anti-virus (AV) or an Endpoint Detection and Response (EDR) solution would be effective in keeping their employees and data secure. A survey, carried out by SentryBay last April amongst 1,550 British people working from home, found that 79% had been given additional IT software or security measures to protect their devices during lockdown. Of these, 56% had access to a VPN, while 41% were given standard anti-virus software. However, 42% of the total respondents still received suspicious emails and 18% were the victim of a security breach. Even more interesting is the fact that only 28% of respondents had been provided with protection specifically designed for the endpoints and applications in use.

Anti-virus software, endpoint detection and response, virtual desktops, VPNs and two-factor authentication are important elements of a security stack, but they will not prevent a cyber attack. Security teams should expand their thinking. Real-time endpoint protection should be considered as an essential, complementary layer to any existing unified remote access cyber security stack.

The key to securing any business now is identifying dedicated security solutions that create a micro-environment in which data and applications are securely wrapped, to neutralise the impact of malware threats, wherever and however teams are working.

Written by Dave Waterson, CEO of SentryBay

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com