Deception / 07.15.2020

Remote work is here to stay: is your security team prepared?

Many organizations around the world have asked their employees to work from home in response to the COVID-19 pandemic. While this move creates obvious challenges for IT in terms of infrastructure and capacity, it’s also creating challenges for security teams, both in terms of scale and complexity, given the expansion of the typical enterprise attack surface.

If you’re feeling the pressure, you’re not alone: more than two-thirds of North American companies surveyed for IDC’s “Remote Work in the COVID-19 Era” report said they struggle to strike the right balance between flexibility and security for remote work employees.

To add insult to injury, many employees are working from home for the first time. They don’t know the best practices that experienced remote workers know well, such as using a VPN on public networks, or not saving sensitive information on their personal devices. Negligent employees are the number one cause of cybersecurity breaches and the risk increases exponentially when working remotely.

Whether your fleet of remote devices are company-issued or personal, managed or unmanaged, they’re exposed to home networks and therefore the devices and information connected to them. In a “smart home,” the list can be expansive. It would be smart to assume that any device used for remote work is infected and ready to exploit your larger corporate network. Unfortunately, like many other initiatives, once your facilities reopen, there will be an understandable sense of urgency to return to normal operations. The burden will be on your security team to ensure this can happen quickly, and with minimal risk.

As you prepare for post-COVID-19 re-entry, some key questions should be considered.

  1. How much remote worker risk can you address with your current security technology?
  2. Will your security process delay your employees’ ramp to full productivity?
  3. How much will your alert volume increase when employees are introduced back into your corporate network?
  4. Do you have the appropriate staff and processes to handle the increased volume?
  5. Is there a more effective and efficient way to mitigate risk?

A common practice for companies with a large percentage of remote workers is to manage network re-entry with isolation VLANs that act as quarantine zones for returning devices. But this approach has flaws that can still leave corporate assets vulnerable. They’re also burdensome for SOC teams to manage based on the volume of alerts coming from potentially infected devices.

A New Approach: Virtual Quarantine via Deception

While a traditional approach to re-entry requires that security teams reduce risk by hardening assets and anticipating threats, an alternative and highly effective method of stopping the threat from returning devices is through the use of deception.

Deception immerses your real IT assets among replicas that are invisible to legitimate users but completely authentic to the attacker. It then channels the attack toward the trap with “bait” such as browser histories, cached credentials and links that makes the trap appear both valuable and vulnerable. The attacker and their techniques are exposed the moment they interact with a trap via alerts sent to the SOC. Because no legitimate user would ever interact with a trap, false positive alerts are virtually eliminated.

This immersive, non-intrusive option is proven to reduce risk, decrease the volume of false alerts, and help ensure that remote workers can reconnect quickly and safely to your corporate network without sacrificing productivity.

The “Next Normal” Will Be a Process, Not an Event

Many companies emphasized “connectivity first” in their initial response to the epidemic, but its critical to assess security and control gaps to stop cybercriminals now, and to prepare for the future when, and if, employees are allowed to return to the office.

But the business recovery from the COVID-19 crisis will not be a clean “flipping of the switch.” Instead, it’s more likely to be a phased process of people returning to work and “normal” life as local conditions allow, with many fits and starts along the way. Countries will take different approaches to getting everyone back to work, and there may be infection relapses as we’ve already seen in parts of the United States. Some companies may never return to full campuses again, and will instead give employees a variety of remote work options to meet their needs or respond to health concerns.

Deception technology offers security teams a proven, flexible, and effective solution to securing remote workers and their devices, and can quickly scale as your organization’s needs evolve and change in concert with local guidelines and company policies.

To learn more, download our latest white paper, “New Normal, New Risk: Addressing the Security Challenges of Remote Workers,” or schedule a meeting to speak with a solution specialist.

Learn more about our unique approach to Deception

Discover why more than 300 global customers call TrapX "simple, powerful, and affordable."