Adjusting to the new security realities of a remote workforce
CIOs and CISOs have been under intense pressure to meet the needs of homebound workers, while simultaneously needing to take added steps to safeguard their enterprise networks.
Steve Grobman, senior vice president and chief technology officer at McAfee, has a global view of that challenge. Grobman leads the company’s worldwide development of next-generation cyberdefense and data science technologies as well as threat and vulnerability research.
In an interview for CyberScoop, Grobman shares his observations on what enterprise IT leaders are encountering — and measures that they might take to mitigate risks associated with home networks essentially becoming part of the enterprise IT infrastructure. This interview, underwritten by McAfee, was edited for brevity.
CyberScoop: Organizations are sprinting to equip their employees to work remotely. How is that impacting the cyber risks enterprises face across their networks?
Steve Grobman: Organizations must recognize that there are risks associated with new types of employees working from home that have not done so traditionally. In almost all cases, they are using home or personal networks, and these are not necessarily configured for the most secure remote working practices.
Enterprises need to ensure that the remote workforce becomes an extension of IT and their security team to both defend against known threats that exist during the time of COVID-19 and maintain a heightened state of awareness to identify and report threats that might represent potential issues.
From an organizational perspective, it is now more critical than ever to have the right technology in place, such as web filtering or web gateways, and to make sure equipment is up to date and secure.
It is also critical for remote employees to practice good cyber-hygiene. They should know that if they are looking for information, they should be sure to get it from a reputable domain and be extra wary of what links they click.
Mitigating the risks of a remote workforce largely comes down to ensuring the business is using the right security and that IT leaders are educating their employees on best practices around security as we navigate this crisis.
Under this unprecedented work environment, what are some guidelines that enterprises and employees should be thinking now that their office equipment is with them on their home networks?
SG: One of the critical things that remote employees will need to do is keep their own IT infrastructure secure. We have seen an ongoing trend of vulnerabilities in consumer-grade networking equipment and consumer devices. Keeping that infrastructure up to date and patched is a critical responsibility. This will require remote employees to implement the same security protocols in their home offices that IT would establish in their traditional work environments — including updating their devices, routers or gateways and installing security software.
It is also important that organizations look at how infrastructure and applications are going to be accessed remotely. They need to make sure infrastructure tools are set up so they can remotely keep all their applications and systems up to date, patched and fully monitored for security events and intrusions. Remote access needs may extend for long periods of time, and IT teams need the ability to run and manage the network and the increased reach of its security.
For example, if there are infrastructure servers that need to be accessed that have remote desktop protocols running on them, they should only be accessed through secure network paradigms like VPN and use multi-factor authentication.
With the majority of the workforce homebound, how does that change the level of cyber risk to the enterprise?
SG: Some organizations are well suited to supporting a remote workforce. It is a natural extension of the way they have always worked. For example, some organizations enable most of their employees to take laptops home and work remotely on weekends or evenings, or even allow them to telework full-time.
Other organizations are traditional work-from-office organizations, such as government agencies where employees may need to access highly sensitive and classified information. In these scenarios, decisions need to be made about whether certain types of data and applications should be accessible by remote workers when they are forced into remote work situations. It is important that the highest level of security preparedness is used when accessing sensitive information from home environments.
Some tools exist in the security infrastructure that help enable this. For example, web gateway or SaaS-based web gateway solutions can monitor remote workers’ web traffic to both prevent downloads of malicious content or the theft of sensitive information by adversaries.
Without the same internal monitoring systems organizations have been using, what are some other ways that CISOs and IT leaders can manage risks?
SG: One of the most important things CISOs do is understand their organizations’ most critical information assets and anticipate how adversaries could attempt to access them. Things are no different during the COVID-19 pandemic except that the CISO and the cybersecurity organization need to fully comprehend the new threat vectors introduced by cybercriminals attempting to take advantage of the global health crisis and the new technical configurations that result from a remote workforce.
Together, these aspects need to be analyzed and understood to determine how security controls must be enforced to defend against threats and protect critical data assets.
For example, a SaaS-based web gateway architecture can provide important security controls to protect users visiting websites or using SaaS applications. In addition to protecting organizations from in-bound threats and out-bound data exfiltration, it also allows organizations to apply the same corporate internet access policies to remote workers as would be applied to workers in traditional work settings.
Similarly, CISOs can implement cloud access security broker – CASB – solutions to establish controls and policies for cloud infrastructure consistent with what they have for traditional on-premise environments.
Finally, they can protect their organizations using a unified cloud architecture that protects resources from threats and protects critical data assets without requiring that they deploy new solutions.
Even after the need for telework begins to ease, it will likely have lasting effects. What are some things organizations need to do to compensate for the coming changes?
SG: Organizations should also recognize that the transition back to the office has some unique challenges. There will be equipment that has been powered off for potentially many months. When it is eventually turned back on, it will be running software that has missed months of security updates and patches addressing vulnerabilities that have been discovered over that time. Organizations need to both monitor their systems and rapidly patch them to ensure they can bring their full IT infrastructure into a secure and safe state as quickly as possible.
In the longer-term, the coronavirus pandemic can be seen as a catalyst for change. Organizations’ IT management responses to the crisis demonstrated that many workers can effectively work remotely. Organizations will recognize that this shift to work from home can be a productivity enhancement as we move back to conditions that allow for in office work environments.
With that said, CISOs need to recognize that there are unique security risks from remote workers, and they need to build security controls as well as take advantage of the latest cyber-defense technologies to defend their organizations.
This article was produced by CyberScoop and underwritten by McAfee.
Learn more about security solutions to protect the remote workforce.