Digital transformation. Exploding threat surfaces. Work from home. Hybrid work. Software as a Service (SaaS). Cloud migrations. Secure Remote Access. Private tunnels. SD-WAN. Ransomware. Phishing. Social engineering. Drive-by attacks. Credential theft. BYOD. Self-service IT. The list goes on and on. Securing remote workers has never been so complex or fraught with risk.
Unfortunately, the old methods of securing remote workers are not sufficient anymore. Virtual private networks (VPNs) are notoriously insecure and don’t scale. Backhauling Internet traffic to a secure data center increases latency and impacts performance. Blacklists shut off entire sections of the dynamic Internet, preventing users from getting work done.
Yet, organizations continue to tackle new security problems with old technology. Today’s security strategy needs to evolve to cater to the needs of the modern business–one where users can log on and access corporate assets from anywhere, no matter the device, and be protected from today’s highly sophisticated threats without impacting performance.
But old habits are hard to ditch. Here are five pitfalls that organizations fall into when trying to protect remote workers from growing cybersecurity threats:
It’s easy to put your head in the sand and pretend that users aren’t accessing corporate assets on personal devices. No matter the policies in place, people understand the security risk they’re taking by checking email or logging into Salesforce on their personal phone, tablet, or laptop. But, they do it anyway–often with no second thought. In reality, two-thirds of U.S. workers use personal devices for work purposes, and these unmanaged devices (and networks, such as consumer-grade WiFi) pose a significant security risk to your organization. At the same time, the consumerization of the cloud has made it easier than ever for users to put a credit card down and spin up their own infrastructure without following corporate policies or even letting IT know about the deployment. When all it takes is one click to give threat actors initial access to a device and then surreptitiously spread throughout the network, you absolutely need to make sure you can secure the connection between unmanaged devices and infrastructure and corporate resources.
By considering isolation technology for web, email, and applications, a virtual air gap is created between users and content on the Internet–stopping ransomware, drive-by attacks, and malware before they can gain that initial access to end devices. This user-centric rather than device-centric approach ensures that even unmanaged devices and infrastructure that you don’t even know about are protected and malicious actors have no avenue for spreading across the network in search of high-value targets.
Malicious actors are more sophisticated and adaptive than ever. Cybersecurity is a constant back and forth battle between threat actors and security teams. As soon as a new security control is developed, attackers quickly find a way around it. The gap is plugged by a new tool, and hackers identify another way in. The point is: What works today, doesn’t necessarily mean it’ll work tomorrow. Today’s Highly Evasive Adaptive Threats (HEAT) target web browsers and employ techniques to evade multiple layers of detection in current security stacks–including firewalls, Secure Web Gateways (SWGs), sandbox analysis, URL Reputation, and phishing detection. These HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware and other attacks.
Stay apprised of any and all activity coming from the threat landscape and consider what it means for the security you’ve currently invested in. Knowledge is power when it comes to all things cybersecurity related, and that’s even more the case when it comes to emerging threats like HEAT attacks.
VPN appliances simply aren’t scalable to meet the needs of digital, agile organizations where users need to reliably access applications and data wherever business takes them. Once credentials are compromised through social engineering, fake login forms, or phishing, threat actors have complete, unrestricted access to the rest of the network with little to no east-west security controls in place. Even when they do work, VPNs sap bandwidth and increase latency by backhauling Internet traffic to a secure data center. Nor do they scale to the needs of today’s hybrid workforce.
Consider alternative methods of secure remote access such as enabling cloud-based application isolation, providing connections to your private applications with a layer of threat prevention. This approach offers enhanced, Zero Trust access and maximizes your security posture without impacting end user experience.
Vendor consolidation makes sense to a certain extent. According to Anomali, organizations rely on an average of 50 to 80 security tools, and that number rises to 120 for large enterprises. This software sprawl leads to higher capital and operational costs while causing integration and visibility issues. It’s no surprise that Gartner reports that 75% of global organizations plan to consolidate their security vendors over the next 12 months. The problem is that too much consolidation can result in a degradation of effectiveness. No vendor can deliver a best of breed security solution that protects across all threat vectors. Anyone who attempts to develop or cobble together a complete solution will inevitably have to compromise.
Vendor consolidation works best in small doses. While it may make sense to consolidate a bit, relying on a single vendor (as Gartner seems to be recommending in its SSE research) introduces too much risk. Software sprawl and tech debt are big problems in the industry, but organizations need to be careful when trading simplicity for weaker protection.
The combination of SASE Security and a Zero Trust mindset – which ensures that all content is suspect and is subject to enterprise security controls – results in a truly preventative approach to security that addresses the legacy flaws of today’s network security stack and ultimately changes outcomes.
New ways of working require new ways of protecting remote workers. By leveraging web, email, and application isolation, organizations can evolve their security strategy to keep up with modern threats.
If you’re interested in learning more about HEAT attacks or want to find out if you’re susceptible, try our HEAT Check assessment.