Cybersecurity best practices for ‘work from anywhere’ model

By Jagdish Mahapatra, VP Asia, CrowdStrike

In response to COVID-19, many companies decided to enable remote work even before the mandatory lockdowns were enforced. As a result, employees needed access to the right tools and IT infrastructure at home, to properly do their jobs without the risk of exposure to cyberattacks.

However, as employees began accessing network resources from new locations and personal devices the number of endpoints needing to be protected increased, exposing several vulnerabilities. Despite the best efforts of security teams, attackers consistently took advantage of security gaps, discovering new ways of infiltration and taking advantage of people’s fears and uncertainty through social engineering tactics.

In 2020, CrowdStrike Services responded to multiple cases where remote transition resulted in unauthorised access into internal systems (details in CrowdStrike Cyber Front Lines report ). In India specifically, cyberattacks rose by almost 300% last year reaching 1,158,208 compared to 394,499 in 2019, as per data from Computer Emergency Response Team (CERT-In).  

So, how can organisations maintain performance, productivity and security among employees while facilitating a culture of a remote organization?

Survey the environment

Technology plays a crucial role in enabling organisations to execute remote working at scale. Companies must identify how prepared they truly are in facing cybersecurity issues through an audit of their current systems.

Security teams need to establish consistent visibility into on-premises and cloud environments. Performing routine vulnerability and asset management scans will provide better visibility into external devices. Local and cloud-hosted applications should be consistently patched, and business-critical applications carefully monitored so that potential attacks can be stopped quickly before spreading.

Cloud-based security 

Vast amounts of data created on personal devices has opened up a whole new means for malicious attacks, and legacy security solutions can no longer adequately prevent ransomware and malware from sophisticated cyber criminals.

Next-generation antivirus (NGAV) solutions, with endpoint intelligence based in the cloud rather than on the office network, can offer protection for employees working outside the corporate firewall.

Behavioural analytics, artificial intelligence, and machine learning give organisations the means to stop breaches before they happen, even zero-day threats. NGAV can also detect the intent of the attacker in real-time, regardless of the malware or exploit used.

Secure critical data with ‘Zero Trust’ approach

Identity and authentication-based attacks can leave their sensitive data vulnerable. A Zero Trust approach regularly scrutinises access requests and, as anomalies occur, enforces mitigation. It requires all users to be authenticated and authorised; continuously validating security configuration and posture before being granted or retaining access to applications and data.

It’s critical to deploy multi-factor authentication for all systems holding sensitive data, enable conditional access for privileged data, and micro-segment network zones. Zero Trust security involves real-time monitoring for misuse of credentials, suspicious systems, or attack patterns.

But, it can only be successful if organisations continuously monitor and validate that a user and their device has the right privileges and attributes. One-time validation simply won’t suffice, because threats and user attributes are all subject to change.

Test operations with tailored exercises

Work from anywhere has introduced very subtle but major changes to standard security postures and response processes. Previous expectations of security processes and workflows may no longer be true for most organisations, and adoption of proactive security technology, processes, and techniques is critical to getting in front of the ever-changing cyber landscape.

Security team exercises, such as remote tabletop exercises, provide opportunities to rehearse incident response activities while aiding participants’ awareness of new-age attacks.

Red Team emulations use real-world attacker techniques to hypothetically compromise your environment, giving your organization the experience of a targeted attack, without the actual damage that accompanies a real incident. While Blue Team exercises have veteran incident responders sit with your security personnel and use your existing tools to identify, assess, and respond to the intrusion.

These steps provide a basic outline of what organisations can do to evaluate their own security practices and update their organisational processes to meet today’s cybersecurity requirements.