Byline: Zeki Turedi, EMEA CTO, CrowdStrike
The cyber threat landscape is constantly evolving, with well-established attack vectors – such as ransomware and software supply chain attacks – becoming more sophisticated and persistent. Ransomware incidents are rarely out of the headlines, and the consequences of attacks are getting more serious every month. Research shows that ransom demands rose 63% between 2020 and 2021, now hitting an average of £1.35 million.
Security teams have been swimming upstream since long before the pandemic, due to factors such as limited resources, the industry’s well-documented skills shortage and most recently, remote work vulnerabilities. Remote and hybrid work is definitely here to stay, but many IT teams have struggled to fortify their networks to accommodate the shift.
The remote work conundrum
It is clear that many employees have enjoyed the hybrid working environment option and it is unlikely that we will shift back to old ways of working. The COVID-19 pandemic sent shockwaves around the globe in almost every industry. For those working in IT security, the increased attack surface stemming from the shift to remote and hybrid operating environments changed the way they must secure their organisation. As today’s world is both remote-first and digitally complex, cybersecurity practices and strategies must be implemented from day one
Unfortunately, 69% of research respondents’ say their organisations have suffered a cybersecurity incident as a direct result of their organisations working remotely. These incidents could have happened for many reasons, including human error, which IT teams can only do so much to control – but it does reinforce the need for organisations to address their security flaws if they hope to negate the additional risks posed by remote and hybrid working setups.
Taking all of these different elements working against organisations into account, it is clearly the time for security teams to take the necessary steps to reduce their chances of being the next victim of opportunistic cybercriminals and well-equipped state-sponsored adversaries. But how?
Increasing cybersecurity visibility is a must
One of the biggest challenges with securing remote networks is establishing the visibility to know what is happening and where. EXtended Detection and Response (XDR) solutions are a cybersecurity tool that can allow organisations to record the activities and events taking place on endpoints and all workloads, providing security teams with the visibility they need to uncover incidents that would otherwise remain invisible. The best XDR solutions offer continuous and comprehensive visibility into what is happening on endpoints, cloud environments, identity, and other enterprise assets in real-time..
XDR’s increased visibility allows IT teams to view what is happening across their network from a security perspective, harnessing telemetry that would normally be lost, siloed or hard to access now being used to identify and correlate security incidents that would normally go unnoticed.. This gives security key information around local and external addresses to which the host is connected and where each user is logged in, both directly and remotely.
The most effective XDR tools can help detect the threat and aid in the mitigation and response across the network. An XDR tool should offer advanced threat detection, investigation and response capabilities, such as incident data search and investigation alert triage, suspicious activity validation, threat hunting, and malicious activity detection and containment across this new extended telemetry..
Trust through verification
Another vital cybersecurity technique for securing remote access is Zero Trust. This is a security framework requiring all users, whether in or outside the organisation’s premises, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes that there is no traditional network edge; networks can be local, in the cloud, or hybrid, with resources and employees in any location. Zero Trust purposefully addresses the modern digital transformation problems of today, including securing remote workers, hybrid cloud environments, and ransomware threats.
Research shows that more than 80% of all attacks involve credentials being misused in the network. In response, organisations must employ Zero Trust to continuously monitor and validate that users and their device have the correct privileges and attributes to access a company’s systems, and only those parts of the system relevant to their job role. One-time validation simply won’t suffice because threats and user attributes are all subject to change. As a result, organisations must ensure that all access requests are continuously vetted before allowing access to any network or cloud assets.
The best cybersecurity solutions offer the ability to implement a mature Zero Trust model. This involves visualising and understanding all of the organisation’s resources, their access points, and risks involved, mitigating and stopping the impact of threats and finally, optimising and extending protection to every aspect of the IT infrastructure.
Hybrid and remote working is here to stay
The age of remote work has been well and truly solidified. This is why transforming security infrastructure is imperative if businesses hope to avoid the financial and reputational harm caused by a successful cyberattack. The businesses that embrace cloud-first, modern technologies such as XDR and Zero Trust will be the ones best able to solve the fundamental challenges to thrive in this heightened threat environment.
