Rethinking cybersecurity strategies to protect the anywhere workforce

In his latest article, Rick McElroy, Principal Cybersecurity Strategist, VMware discusses the report identifying trends in hacking and malicious attacks. As well as looking at the financial and reputational impact breaches have had and how organizations are adapting their security and infrastructure to deal with the challenges of a distributed workforce and evolving their defences to make security intrinsic to infrastructure and operation.
In his latest article, Rick McElroy, Principal Cybersecurity Strategist, VMware discusses the report identifying trends in hacking and malicious attacks. As well as looking at the financial and reputational impact breaches have had and how organizations are adapting their security and infrastructure to deal with the challenges of a distributed workforce and evolving their defences to make security intrinsic to infrastructure and operation.

It’s time for security teams to switch gears. We’ve reached a pivotal point in the history of cybersecurity where externally generated change has delivered a mandate for the industry to think differently and fundamentally alter our approach. The remote work environment is here to stay, so we need to assimilate what we’ve learned and devise a roadmap that will allow us to protect the anywhere workforce proactively. It’s a once-in-a-generation opportunity, so the question is, where should cybersecurity strategists focus as we set a course for the years ahead?

To answer that question, VMware surveyed more than 3,500 senior cybersecurity professionals to understand the current threat landscape and the past year’s impact. The insights we uncovered show a cybersecurity environment where malicious actors have thrived and attack volume and sophistication have escalated. Moreover, as entire industries pivoted to working remotely, breaches were the inevitable result. Here is what we learned, and what we believe security leaders need to do next.    

Visibility is (still) everything – prioritize gaining oversight of the distributed network

The anywhere workforce has created a visibility problem. The volume of attacks has increased for three-quarters of global organizations, and 78% say they saw more attacks due to increased remote working. However, the true scale of attacks is hard to discern as defenders can’t see into the corners where personal mobile devices and home networks have been grafted on to the corporate ecosystem. On top of this, the risk posed by third party apps and vendors has increased the number of blind spots.

Consequently, cybersecurity teams need contextual oversight and better visibility over data and applications – in fact, 63% of the professionals we surveyed said this was important. A key priority must be gaining visibility into all endpoints and workloads across the newly defined and highly distributed ‘work from anywhere’ network. This network looks and behaves differently from past ones, so familiarising teams with its quirks and vulnerabilities is critical. Robust situational intelligence is needed so teams understand the context of what they’re looking at and have confidence that they are remediating the risks that matter.

Prepare for ransomware attacks

Familiar TTPs saw a resurgence last year and none more so than ransomware. It was the joint top cause of breaches among the organizations we surveyed, and our threat intelligence unit saw a 900% spike in attacks during the first half of 2020. Attacks have become multi-stage as attackers focus on gaining undetected access to networks, exfiltrating data and establishing back doors, before launching ransom demands.

To tackle this resurgent issue and avoid falling victim to repeated attacks, organizations need a dual approach that combines advanced ransomware protection with robust post-attack remediation to detect the continued presence of adversaries in their environment. This means committing resources to threat-hunting while also hardening the common attack channels, such as email, which remains the most common launch point for ransomware attacks.

Close the gaps in legacy technology and processes

The switch to remote working exposed weaknesses in security technology and processes, which subsequently led to breaches. Organizations that had not yet implemented multi-factor authentication found that remote workers could not securely access corporate networks without introducing significant risk.

Now that remote working has become a permanent feature; security teams have a strong mandate to demand strategic investment to close those gaps between their current security environment and what is needed to protect the workforce.

Rethink security and deliver it as a distributed service

The top cause of security breaches among our surveyed organizations was third party applications, underlining the endemic security risk in the extended enterprise ecosystem. This, together with the distributed environment, reinforces the need to rethink security approaches.

Fundamentally, the security problem has changed. While this change has been underway for some time, as demand for mobility and flexibility has fractured the corporate perimeter, the past year’s events have obliterated it entirely. Gone are the days when IT is focused on securing company-owned desktops for employees working on campus, connecting to corporate applications running on servers in a company-owned data centre. Today, remote workers are connecting to applications running on infrastructure that may or may not be managed, owned, or controlled by the company. 

With so many new surfaces and different types of environments to defend, endpoint and network controls must be highly adaptable and flexible. This means organizations must deliver security that follows the assets being protected. For the majority, this means turning to the cloud.

Cloud-first security comes with a cautionary note

The shift to a cloud-first security strategy is universal in the drive to secure the cloud-first environment. Nevertheless, this shift brings its own challenges. The cloud is not a security panacea and controls must be vetted by organizations because if adversaries want to attack at scale, the cloud is the place to do it. In fact, cloud-based attacks were the most commonly experienced attack type reported globally. Adversaries are prepared to piggyback on companies’ digital transformation, and it is certain that we’ll see more sophisticated cloud attacks over the coming year.

READ MORE:

The last year has shown just how important cybersecurity is to the resilience and continuity of businesses worldwide. With this rise in profile, the industry is in a strong position to take this once-in-a-generation opportunity to move beyond the siloes of legacy approaches and roll out strategies where security is unified, context-centric and intrinsic. 

For the data behind the insights, read the full VMware Global Security Insights report here

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Unlocking productivity and efficiency gains with data management

Russ Kennedy • 04th July 2023

Enterprise data has been closely linked with hardware for numerous years, but an exciting transformation is underway as the era of the hardware businesses is gone. With advanced data services available through the cloud, organisations can forego investing in hardware and abandon infrastructure management in favour of data management.