Webinar:
First Line of Defense: Menlo Secure Enterprise Browser
Icon Rounded Closed - BRIX Templates

Avoid these cybersecurity pitfalls to protect remote workers in 2023

Mark Guntrip
|
January 31, 2023
linkedin logotwitter/x logofacebook logoSocial share icon via eMail

Digital transformation. Exploding threat surfaces. Work from home. Hybrid work. Software as a Service (SaaS). Cloud migrations. Secure Remote Access. Private tunnels. SD-WAN. Ransomware. Phishing. Social engineering. Drive-by attacks. Credential theft. BYOD. Self-service IT. The list goes on and on. Securing remote workers has never been so complex or fraught with risk.

Unfortunately, the old methods of securing remote workers are not sufficient anymore. Virtual private networks (VPNs) are notoriously insecure and don’t scale. Backhauling Internet traffic to a secure data center increases latency and impacts performance. Blacklists shut off entire sections of the dynamic Internet, preventing users from getting work done.

Yet, organizations continue to tackle new security problems with old technology. Today’s security strategy needs to evolve to cater to the needs of the modern business–one where users can log on and access corporate assets from anywhere, no matter the device, and be protected from today’s highly sophisticated threats without impacting performance.

But old habits are hard to ditch. Here are five pitfalls that organizations fall into when trying to protect remote workers from growing cybersecurity threats:

1. Ignoring unmanaged devices

It’s easy to put your head in the sand and pretend that users aren’t accessing corporate assets on personal devices. No matter the policies in place, people understand the security risk they’re taking by checking email or logging into Salesforce on their personal phone, tablet, or laptop. But, they do it anyway–often with no second thought. In reality, two-thirds of U.S. workers use personal devices for work purposes, and these unmanaged devices (and networks, such as consumer-grade WiFi) pose a significant security risk to your organization. At the same time, the consumerization of the cloud has made it easier than ever for users to put a credit card down and spin up their own infrastructure without following corporate policies or even letting IT know about the deployment. When all it takes is one click to give threat actors initial access to a device and then surreptitiously spread throughout the network, you absolutely need to make sure you can secure the connection between unmanaged devices and infrastructure and corporate resources.

What to do about it

By considering isolation technology for web, email, and applications, a virtual air gap is created between users and content on the Internet–stopping ransomware, drive-by attacks, and malware before they can gain that initial access to end devices. This user-centric rather than device-centric approach ensures that even unmanaged devices and infrastructure that you don’t even know about are protected and malicious actors have no avenue for spreading across the network in search of high-value targets.

2. Fail to plan for the future

Malicious actors are more sophisticated and adaptive than ever. Cybersecurity is a constant back and forth battle between threat actors and security teams. As soon as a new security control is developed, attackers quickly find a way around it. The gap is plugged by a new tool, and hackers identify another way in. The point is: What works today, doesn’t necessarily mean it’ll work tomorrow. Today’s Highly Evasive Adaptive Threats (HEAT) target web browsers and employ techniques to evade multiple layers of detection in current security stacks–including firewalls, Secure Web Gateways (SWGs), sandbox analysis, URL Reputation, and phishing detection. These HEAT attacks are used as the initial access point to deliver malware or to compromise credentials, which in many cases leads to ransomware and other attacks.

What to do about it

Stay apprised of any and all activity coming from the threat landscape and consider what it means for the security you’ve currently invested in. Knowledge is power when it comes to all things cybersecurity related, and that’s even more the case when it comes to emerging threats like HEAT attacks.

3. Rely on VPNs to protect remote workers

VPN appliances simply aren’t scalable to meet the needs of digital, agile organizations where users need to reliably access applications and data wherever business takes them. Once credentials are compromised through social engineering, fake login forms, or phishing, threat actors have complete, unrestricted access to the rest of the network with little to no east-west security controls in place. Even when they do work, VPNs sap bandwidth and increase latency by backhauling Internet traffic to a secure data center. Nor do they scale to the needs of today’s hybrid workforce.

What to do about it

Consider alternative methods of secure remote access such as enabling cloud-based application isolation, providing connections to your private applications with a layer of threat prevention. This approach offers enhanced, Zero Trust access and maximizes your security posture without impacting end user experience.

4. Overconsolidate security solutions

Vendor consolidation makes sense to a certain extent. According to Anomali, organizations rely on an average of 50 to 80 security tools, and that number rises to 120 for large enterprises. This software sprawl leads to higher capital and operational costs while causing integration and visibility issues. It’s no surprise that Gartner reports that 75% of global organizations plan to consolidate their security vendors over the next 12 months. The problem is that too much consolidation can result in a degradation of effectiveness. No vendor can deliver a best of breed security solution that protects across all threat vectors. Anyone who attempts to develop or cobble together a complete solution will inevitably have to compromise.

What to do about it

Vendor consolidation works best in small doses. While it may make sense to consolidate a bit, relying on a single vendor (as Gartner seems to be recommending in its SSE research) introduces too much risk. Software sprawl and tech debt are big problems in the industry, but organizations need to be careful when trading simplicity for weaker protection.

5. Rely exclusively on detection and remediation

This is a big one. The trend in security over the last decade is to tell customers that breaches are inevitable and they should focus on detecting malicious behavior inside the network. East-west security is critical, but it shouldn’t come at the expense of protection. HEAT attacks bypass traditional detect-and-respond cybersecurity approaches by hiding in plain sight among seemingly innocuous technologies, such as JavaScript and VPNs. This allows malicious actors to breach the network and avoid detection for days, weeks, or even months. The problem is that the speed at which threat actors make their move after the initial breach is accelerating. Even a few minutes can be enough time to deliver the payload–as we found out with the recent Okta breach. Despite what other security vendors may tell you, protection is not a losing battle, and you can stop initial access through preventative measures.

What to do about it

The combination of SASE Security and a Zero Trust mindset – which ensures that all content is suspect and is subject to enterprise security controls – results in a truly preventative approach to security that addresses the legacy flaws of today’s network security stack and ultimately changes outcomes.

New ways of working require new ways of protecting remote workers. By leveraging web, email, and application isolation, organizations can evolve their security strategy to keep up with modern threats.

If you’re interested in learning more about HEAT attacks or want to find out if you’re susceptible, try our HEAT Check assessment.