The COVID-19 pandemic has radically accelerated the work from home (WFH) trend with 16% of companies globally now fully remote and most recently this has evolved to become work from anywhere (WFA).
Much has been said of the advances in productivity, employee happiness, and cost reductions due to remote work. However, as with any major technological shift today, it also brings its risks, particularly from a cybersecurity perspective.
Now, more than a year on from the strictest lockdowns, the return of the pre-COVID, 100% on-premise workforce seems nearly impossible.
Trends show that, on average, the number of enterprise device locations continues to grow. After a slight decrease between March and April 2022, it has still increased 13% from January 2022. At the same time, the usage of enterprise devices is also on the rise with 20% of devices being used more than 8 hours a day, whilst a further 49% are used between 4-8 hours.
In a new report, Absolute analysed the effects of remote work on traditional cybersecurity perimeters. It also looked at the value of zero-trust strategies to mitigate these threats in a work-from-anywhere-dominated landscape.
The Risk of Remote Work
Workers are connecting to company resources from more locations than ever, dissolving traditional network perimeters and security boundaries. Security risks will intensify as organisations have less control over where, how, and when these external connections occur.
According to Absolute, 97% of IT experts believe remote workers are exposed to increased risk and 47% believe that the risk for remote workers can be classified as either high or extremely high.
It’s no wonder that remote access was the number one technology investment considered as a direct result of the COVID-19 pandemic. Under the umbrella of remote work, secure remote access was the leading concern, followed by data security, secure connectivity, and secure app delivery.
IT leaders have a right to be concerned. There are a number of factors widely considered to contribute to the added risk of working remotely:
Slow response: Response times are inversely correlated to the impact of a cybersecurity incident; in remote environments, security event response is more difficult and less prompt.
Identifying ransomware: Remotely accessed hardware/software may not benefit from the same detection systems as internal assets; this makes it harder to identify ransomware or other malware and respond appropriately.
Legacy remote access: Legacy remote access systems were not built to handle the scale of remote work today, nor the volume or evolving types of network threats.
Lack of updates: Remote workers don’t always comply with updated policies; a mismatch in update timing can also lead to incompatibilities and security vulnerabilities.
Attack surface: The more dispersed a network is, the larger the attack surface becomes and the more diffuse the perimeter; this provides more opportunities for attackers.
Reduced telemetry: Remote monitoring is often slower, less accurate, and less ubiquitous, this hampers an organisation’s ability to respond to attacks and use data to strengthen security measures and policies.
Device management: In remote working situations, more devices get lost, stolen, or misplaced. Remote devices are harder to recover and can lead to unauthorised access, up to 28% of attacks result from stolen or compromised devices.
Phishing attacks: Phishing attacks can be launched using a larger variety of form factors and devices and also employees don’t benefit from the same on-premise protection.
Ultimately, all of this results in an increased risk of malicious, third-party access to sensitive corporate data, applications, or networks.
The Current State of Endpoints and Access
The security risks posed by remote work are multi-faceted, organisations require a holistic, multi-pronged strategy to effectively mitigate the risk and bring about a safe remote working environment.
One of the most poignant areas of concern comes from the confluence of an expanding IoT with a growing remote workforce.
Data pulled from over 4.2m active enterprise devices reveal that 16% of enterprise devices are unencrypted. Encryption is one of the most effective ways for organisations to protect their data and network activity from unauthorised access.
Even under normal circumstances, an unencrypted device poses a risk to an organisation’s security. The risk magnifies considerably if an unencrypted device is frequently used outside an organisation’s conventional perimeter.
The main threats are unencrypted data stored on remote devices as well as unencrypted communications with remote third-party devices on external networks. Either can lead to the theft of information, further security threats, or the exposure of sensitive information.
Out of Date Devices
Cybersecurity experts continue to push the benefits of frequent and timely system updates, yet, companies still lag in implementing this practice. Roughly two-thirds of enterprise devices are running operating systems that are two or more versions behind. On average, enterprise devices are 77 days out of date with current patching.
Outdated software without the latest security measures, patches, and hotfixes is one of the primary attack vectors for malicious actors. As soon as a security flaw is acknowledged or addressed by a patch, the existence of said bug or vulnerability becomes public knowledge, therefore any organisation that doesn’t immediately apply the update is at an increased risk of exploitation.
In remote environments, employees may not benefit from automatically pushed updates or may fail to perform updates manually.
Roughly 13% of enterprise devices are not connected to a corporate domain, invisible devices create several issues for managing an organisation’s security. As the devices are not known to the network administrators or security systems, they will be missed by the security checks and balances that apply to visible devices.
An invisible device may also get lost without being officially decommissioned, this could lead to sustained unauthorised access to the organisation’s network or data.
Organisations must ensure that they put measures in place to detect and manage these devices, this requires a current inventory of all networked assets and how they should integrate with the network.
Why Zero Trust?
In the current remote work landscape, adopting a zero-trust security model is still imperative for securely networking.
Zero trust is a concept that demands that no trust is given without thorough validation of identity. Zero trust network access (ZTNA), also known as the software-defined perimeter (SDP) or “perimeter less security,” is a combination of policies and technologies that enable secure access to internal applications for remote users.
It takes a different approach to traditional network security models. First of all, it relies fully on internal resources to make outbound connections to remote clients. This makes the application and interceding network invisible to unauthorised users.
Application access is also granted separately from network access, isolating applications from each other from a security perspective, this limits the internal or lateral spread of unauthorised access. This is important because at least 76% of organisations host more than four applications on-premise and 14% host more than ten applications on-premise.
As a result, the corporate network becomes de-emphasised, and connections between remote clients and apps are secured using end-to-end encrypted TLS micro-tunnels instead of (Multiprotocol Label Switching) MPLS.
The aim of zero-trust is that it can relieve some of the frustrations of restrictive IT security policies in remote environments.
However, organisations often make the mistake of falling into marketing hype and believing that full zero-trust can be achieved using a single solution, but, more often than not, it requires a complete stack of security solutions.
Next-gen solutions, like Absolute’s ZTNA product, are reshaping how organisations view the role of zero-trust. This self-healing, resilient zero-trust solution not only focuses on the contextual identity of every connection to the corporate network but extends this validation to the endpoint’s security.
For these reasons, many expect ZTNA solutions to replace VPNs as the go-to strategy for securing network access. The COVID-19 pandemic has also spurred the demand for zero-trust, 80% of organisations are more likely to evaluate the technology due to COVID-19 to strengthen their remote access strategies.
A report by Gartner concluded that achieving “flexible hybrid workforce connectivity” is one of the driving interests in the ZTNA market and the market has responded by experiencing growth of 60% year on year.
The two of the pillars of ZTNA in remote work
In effect, the adoption of remote work has split organisations from a single, monolithic entity to potential hundreds, or even thousands, of home office setups. In this context, identifying, authenticating, and securing every remote device is essential to effective zero-trust.
Any effective zero-trust solution must be able to verify devices with high confidence based on several factors, such as:
- Privileges and more
Ideally, verification should occur as close to the endpoint as possible to avoid latency or data transgression. Organisations can follow guidelines, such as those outlined in the NIST SP 800-207 Zero Trust Architecture recommendations, to ensure best practices regarding zero-trust implementation.
Any endpoint defence mechanism needs to remain operational and function as intended to be effective. As with other areas of corporate cybersecurity, human error can significantly mitigate the effectiveness of zero-trust.
For example, installing an unsupported or malicious third-party software, whether willingly or as part of a phishing attack. Using conventional zero-trust, a bad actor could still bypass authentication and access restricted resources or apps through a compromised end-user device.
Cutting-edge endpoint security solutions embed themselves in the firmware of endpoints. This makes the device’s security resilient, sophisticated attempts to disarm it, even if that involves reimaging the device, replacing the hard drive, or flashing the firmware. Not to mention pre-emptive policies or solutions to fix or re-install the software should any tampering occur.
The goal of endpoint security is to offer holistic security. That means protecting against malicious software or hacking attempts and counteracting human error, software collisions, and normal decay.
The below chart shows how app resilience decays over two weeks with and without the benefit of Absolute’s Application Resilience technology:
With application resilience technology, apps are much more likely to maintain at least 90% compliance. Without it, decay can result in compliance health that’s as low as 27%, with an average of around 50%.
Undoubtedly, the continuation of WFA dynamics will continue to challenge cybersecurity in organisations. Zero-trust policies and technologies can help organisations cope with the dissolution of traditional network security perimeters. However, when approached holistically, zero-trust is most effective as a multi-layered stack of end-to-end technologies.
Absolute enables organisations to retain an unparalleled line of sight to devices and data using a self-healing connection which keeps critical applications up to date. Get in touch to find out how Mobliciti and Absolute can provide resilient zero trust for your business.