Organizations may face a number of potential emergency situations, such as illnesses, floods, natural disasters, power outages, and even cybercrime. Implementing a business continuity plan in the face of such disasters is essential to ensuring that the organization is capable of maintaining operations in spite of adversity.
Often, responding to such emergency situations requires massive efforts from the IT team. This is not just about keeping the network up and running, but also ensuring that data and resources are secure. In fact, the security implications of making what often amounts to a dramatic transition in a short period of time cannot be overstated.
Covid-19 is an example of where organizations around the globe relied on their IT teams to quickly implement dramatic shifts and scale to maintain business continuity, and in an unprecedented manner and timeframe. Under normal circumstances, moving an entire workforce from corporate networks to home networks, with all of the risks of an unpredictable home environment, would take significant planning and preparation. But time was of the essence.
The rapid transition to remote work did not come without its risks to organizations. Cybersecurity has always been a dynamic space, and responding to the COVID-19 pandemic has reinforced the idea that effective cybersecurity must include the ability to adapt to changing environments and evolving threat strategies.
But in this era of rapid digital transformation, the response to the pandemic simply accelerated the inevitable. Beyond 2020 it will remain essential for IT planning to include and account for hybrid IT. Business users will still need to access critical applications from increasingly distributed data centers that extend across a hybrid IT infrastructure. In fact, it will become more important than ever. Workflows and data will not only exist, but expand across on-premise networks, co-location environments, and private and public clouds—and this broad distribution of valuable and vulnerable content will continue to create an ever-expanding attack surface for organizations.
Gartner predicts that organizational plasticity and IT adaptability will be the central strategic technology trend that businesses should plan for in 2021. Enterprises will have assets in their own data centers, some in private clouds, and other assets in a number of public cloud environments. And the mix of these asset allocations will be dynamic. As a result, organizations will no longer have a single compute model – now or in the future.
While the specific details across industries may vary, what is certain is that organizations need to plan now to support both remote and in-person work well into the future. And that means cybersecurity teams must make sure that infrastructures are prepared to address all scenarios, including utilizing a security-driven networking approach that converges networking and security to protect the enterprise at every edge, from network to cloud.
Cybersecurity and the Remote Workforce: The Data says…
To explore the challenges organizations faced as a result of the shift in remote work, and examine how organizations are planning to secure their remote workforce moving forward, Fortinet conducted a survey and issued the 2020 Remote Workforce Cybersecurity Report. This analysis was conducted mid-way through this incongruous year, surveying security leaders across industries—including the public sector—in 17 different countries.
It has eight specific areas of focus:
1. The Sudden Shift to Remote Work Was Challenging for Most Organizations
As expected, the rapid shift to a new work paradigm was not easy. Nearly two-thirds of businesses had to transition over half of their workforce to remote work practically overnight. And to complicate matters further, only 40% of organizations had a business continuity plan in place prior to the pandemic.
But as a result of this rapid shift to remote work, 32% have now invested further in this area. These investments are critical to ensure continued operations not just now, but for future crises as well. Those organizations that did not a remote worker strategy in place quickly recognized the need for one.
General lack of preparation resulted in 83% of organizations finding this transition to be moderately, very, or extremely challenging. Organizations faced the most significant difficulties when it came to secure connectivity, followed by business continuity assurance and access to business-critical applications. 40% of those surveyed ended up spending more on skilled IT workers to support the additional reliance of remote workers on IT staff to troubleshoot issues, enable security, and ensure productivity for employees working from home.
2. Cyber Attackers Saw Telework as an Opportunity
Inherent cybersecurity challenges of moving workers outside the traditional perimeter were exacerbated by the unprecedented cyber threat activity that resulted from an increased reliance on personal device usage. Almost overnight, cybercriminals shifted their focus to target those workers outside the corporate network. The spike in employees remotely connecting to the corporate network led directly to an increase in breach attempts and overall cyberattacks targeting remote workers, endpoint devices and vulnerable home networks. The report shows that organizations identified the most challenging aspects of this transition as being ensuring secure connections, maintaining business continuity, and providing secure access to business-critical applications.
From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit, often at enormous scale, as evidenced by a recent FortiGuard Labs Global Threat Landscape Report. Threats included new phishing and business email compromise schemes, modified and new ransomware attacks, and even nation-state backed campaigns. In fact, according to the 2020 Remote Workforce Cybersecurity Report, 60% of organizations revealed an increase in cybersecurity breach attempts during the transition to remote work, while 34% reported actual breaches in their networks.
During this time, the FortiGuard Labs team documented an average of about 600 new phishing campaigns per day during the spring. And because home users were no longer protected by corporate security devices, web-based malware became the most common attack vehicle, outranking email as the primary delivery vector used by cybercriminals for the first time in years.
3. Defending the Dynamic Perimeter
Network security today is at a turning point because perimeter-based security is no longer sufficient. Expanding security surfaces and compute demands, new edges and edge devices— including the WAN Edge, data center edge, multi-cloud edge, and even home edge, and increasing network complexity makes managing threats practically untenable. Given the volume of cyber threats targeting remote workers, and the indication that cybercriminals are aggressively targeting the expanding attack surface, organizations need to carefully consider what technologies and approaches are needed to secure remote work and an increasingly dynamic perimeter moving forward. In particular, defense strategies need to be adjusted to fully account for the extension of the network perimeter into the home.
4. Securing Different Types of Users
Not every employee in an organization requires the same level of access to company resources when working remotely. Organizations should tailor securing telework to each remote worker:
- Basic teleworker. The basic teleworker usually only requires access to email, internet, teleconferencing and similar business applications, limited file sharing, and function-specific capabilities (finance, HR, etc.) from their remote work site. This includes access to Software-as-a-Service (SaaS) applications in the cloud, such as Microsoft Office 365, as well as a secure connection to the corporate network. Basic teleworkers should connect to the organization using a VPN and use multifactor authentication (MFA).
- Power user. These are employees that require a higher level of access to corporate resources while working from a remote location. This may include the need to access critical or sensitive information, use bandwidth-intensive applications such as teleconferencing plus screen sharing, or simultaneously connecting to corporate resources using multiple devices. Power users include system administrators, IT support technicians, and emergency personnel. For these power users, deployment of a dedicated access point at their alternate work site provides the consistent access, reliable performance, and level of security that they require. This secure access point should also deliver protected wireless connectivity to the corporate network through a secure tunnel.
- Super user. A super user is an employee that frequently processes extremely sensitive and confidential information. They require the highest level of security as they access confidential corporate resources, even when working from an alternate office location. This employee profile includes administrators with privileged system access, emergency personnel, and executive management. For these super users, their alternate work site should be configured as an alternate office location, creating a secure enclave within their home network.
5. Securing Remote Work: Best Practices
While many organizations have made improvements in the securing of their remote workforces, survey data reveals several best practices that should be considered for improving secure remote connectivity. These include:
- Multi-factor Authentication (MFA). While the survey revealed that 65% of organizations had some level of VPN solution in place pre-pandemic, only 37% of those used MFA. While VPNs play an important role in ensuring secure connectivity, they are simply one part of securing access. If not already in place, it is recommended that organizations consider integrating MFA into their remote security plans to prevent cybercriminals from spoofing remote workers to gain unauthorized access to network resources.
- Network Access Control (NAC) and Endpoint Security. As more employees work remotely, organizations have seen the need to control the influx of non-trusted devices on their networks. As a result, 76% of organizations now plan to acquire or upgrade their NAC technologies. By adopting NAC solutions, IT teams gain increased visibility and control over the users and devices on their network. Organizations also have concerns over the security of remote worker endpoint devices and the risks they introduce once they have been granted network access. This is why 72% of organizations also plan to acquire or enhance endpoint security with endpoint detection and response (EDR) solutions. EDR solutions deliver advanced, real-time threat protection for endpoints both pre- and post-infection.
- Software-Defined Wide Area Networking (SD-WAN) for the Home. According to the data, 64% of organizations plan to either upgrade or adopt SD-WAN, with many of them now targeting home office use in addition to branch deployments. The critical advantage of extending secure SD-WAN functionality to individual teleworkers, especially super users, is that they can enjoy on-demand remote access, secure Wi-Fi for better home office flexibility, and dynamically scalable performance regardless of their local network availability through redundant connections that leverage things like LTE and 5G.
- Intent-based Segmentation. Traditional network-based segmentation strategies tend to stop at the edge of each network environment. Instead, intent-based network segmentation supports the explosive adoption of IoT and mobile devices, as well as applications and services from multiple clouds, by extending security policies beyond the network edge across multiple networked environments. 60% of organizations, for example, plan to upgrade or invest in segmentation to support an inverted network model by extend segmentation functionality into the home.
- Skilled Security Professionals. While 73% of organizations stated their intention to invest further in skilled IT workers over the next 24 months, the historical lack of skilled IT security professionals could present a challenge as accelerated cloud demand exacerbates shortage of cloud and security architects.
6. Securing Remote Work: Cyber Education is Critical
Now more than ever, employees should understand the part they play in their organization’s security posture.
Organizations need to adopt a cyber education that includes educating remote workers on how to keep themselves, their data and resources, and the organization safe. Many cybersecurity awareness and training courses are currently free during this pandemic, whether non-technical courses targeted to teleworkers and their families, or more advanced training to educate advanced users about enhanced protection and visibility across every segment, device, and appliance on the network, whether virtual, in the cloud, or on-premise.
It’s highly recommended that all teleworkers – technical or not – take time to educate themselves about proper security protocols to keep themselves and their organizations safe.
7: Enterprises Must Adapt to Secure Remote Work for the Long-Term
According to the 2020 Remote Workforce Cybersecurity Report, nearly a third of organizations anticipate that more than half of their employees to continue working remotely full-time after the pandemic. As a result, security leaders must carefully consider what technology and strategies are required to secure telework well into the future. Temporary fixes and solutions must be made permanent, with an eye towards flexibility, scalability, and security.
8. The Future of Work: IT Flexibility
According to Gartner analysts, there are nine top strategic technology trends that businesses should plan for in 2021, and organizational plasticity is the overarching message. Brian Burke, research vice president at Gartner, explained, “What we’re talking about with the trends is how do you leverage technology to gain the organizational plasticity that you need to form and reform into whatever’s going to be required as we emerge from this pandemic.”
Hybrid IT continues to be a key element that organizations need to incorporate in their IT planning because there is no one compute model. Very few companies will be cloud-only or only have a data center. Even if an organization is a very cloud focused, there are still endpoints that must be secured – especially with today’s highly remote workforce – and those endpoints are part of the organization’s network.
To address this challenge, enterprises need to invest in security solutions that provide the flexibility they need to support evolving networks and shifting priorities. Organizations must be able to cope with growing attack surfaces, advanced threats, increased infrastructure complexity, and an expanding regulatory landscape while also adapting their business to evolving consumer and competitive demands.
To achieve their desired business outcomes, while effectively managing risks and minimizing complexities, organizations need to adopt a cybersecurity platform that provides broad visibility across their environment and a means to easily manage both security and network operations, ensure full integration to enable automation for end-to-end protection, and that can operate seamlessly and consistently across multiple, highly dynamic environments.
To achieve this, the convergence of infrastructure and security (Security-driven Networking) has emerged as one of the most important concepts for today’s networking and security teams. It offers organizations the ability put security anywhere on any edge by weaving security and advanced network functionality into a single, highly responsive solution.
This next-generation approach is essential for effectively defending today’s highly dynamic environments—not only by providing consistent enforcement across today’s highly flexible perimeters, but by also weaving security deep into the network itself. It is also designed to encompass the entire network development and deployment life cycle, ensuring that security functions as the central consideration for all business-driven infrastructure decisions, now and into the future.
About the author:
Peter Newton is senior director of products and solutions, IoT and OT at Fortinet. He has more than 20 years of experience in the enterprise networking and security industry and serves as Fortinet’s products and solutions lead for IoT and operational technology solutions, including ICS and SCADA.