Securing the ever-expanding hybrid workforce

News Desk -

Share
By Ray Kafity, VP – META at Attivo Networks

The weekend reforms in the UAE mean they were the first in the GCC to move to the globally followed Saturday-Sunday weekend. They were also the first in the world to adopt a nationwide 4.5-day work week mandate. Compounded by the rising number of COVID cases due to the omnipresent and super transmissible variant, these events led to a resurgence in hybrid and remote working in the Emirates.

A hybrid workforce model allows organisations to take advantage of remote working with the collaboration opportunities of in-person working from the office. Organisations in the UAE are increasingly adopting the hybrid workforce models to continue their business operations and employee engagement.

According to the Riverbed and Aternity survey 2021, 84% of UAE business and IT decision-makers state that a quarter of their workforce will probably be hybrid even after COVID-19. And compared to the global average of 32%, 47% of UAE organisations are prepared to shift to a hybrid workforce. As part of their hybrid journey, organisations must consider implementing a new set of security strategies to safeguard remote employees, secure their sensitive data, and protect against cyberthreats.

Challenges to Always Stay on Top of Cybersecurity

There are more worrisome security implications, especially during these pandemic days. As a result, we will see a couple of significant security challenges organisations should tackle to make their strategy successful.

Organisations support a hybrid workforce model to ensure their employees have secure and seamless access to corporate data. The pandemic also increased the growth in cloud adoption, where people can access corporate applications, workloads, and data outside the office. Security professionals face more challenges in gaining visibility to user identities, exposures, and impersonation misuse. According to a Gartner study, by 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020

Therefore, companies must adopt the proper security to protect their organisations against failures and breaches. Solutions such as Identity Detection and Response (IDR) help organisations implement identity-first security. The solutions provide exposure visibility, reduce the addressable attack surface, and prevent and detect cyber-attacks.

Protecting Remote Workforce Targeting VPN Infrastructure

Implementing hybrid workforce models requires new security architecture strategies. For example, remote access Virtual Private Network (VPN) is one technology many businesses relied on during the pandemic. However, VPNs alone do not protect against every threat. Attackers can gain unauthorised access via VPN. They can compromise VPN accounts and perform reconnaissance to gain further access to internal domain assets.

Organisations need to utilise technologies that can detect cyber-attacks attempting reconnaissance within the VPN subnet. For example, deception-based technology can detect VPN infrastructure attacks by deploying deceptive credentials and VPN concentrator decoys. These decoys engage the attacker while providing high-fidelity alerts and recordings of their activity for faster investigation and response.

Preventing Access to the Corporate Data

Another critical aspect of the hybrid workforce model is protecting access to corporate data. With the growing adoption of cloud services such as Office 365, Salesforce, etc., enterprises must allow only authorised access to avoid a security breach. Major cloud service providers like AWS, Azure, and Google Cloud offer native Identity and Access Management (IAM) capabilities. They provide enough functionality to control unauthorised access in their respective cloud environments. However, they cannot fully address more challenging, complex areas of IAM and Privileged Access Management (PAM) in hybrid working environments. They also don’t cover identity risks and entitlement exposures in the cloud, such as overprovisioning and entitlement creep.

Data concealing or cloaking solutions are also being seen in least privilege and Zero Trust frameworks to prevent attackers from accessing critical data, exploiting local files, accounts, and storage locations. The function hides and denies unauthorised access to the things that attackers target; credentials, Active Directory objects, local files, folders, removable storage, network or cloud shares, local administrator accounts, and application credentials.

Need for the Extra Layer of Security

Organisations must review and enhance their security policies to safeguard corporate data regardless of where employees work. ​Attack surfaces have expanded dramatically during the pandemic, with the shift toward remote work putting identity at the forefront of security. Organisations must now defend identities across the entire enterprise with identity-based, least-privilege access programs and defences capable of detecting attack escalation and lateral movement on-premises and in the cloud.

Identity-based attacks have become the primary attack vector for ransomware and targeted attacks. Adding Identity Detection and Response solutions closes security gaps not covered by endpoint protection or identity access management and offers identity-first security to detect cyber-attacks targeting organisations adopting a hybrid workforce model. With IDR in place, businesses gain the visibility they need to quickly detect credential misuse and privilege escalation activities and remove risky entitlement exposures from the endpoint to AD to multi-cloud environments.