Introduction
With millions of workers leaving behind their conventional offices and shifting to a home-based working environment, organizations are left to deal with thousands of scattered employees and their loose endpoints.
Most companies’ traditional cyber defenses, before the shift, were designed to handle a single, centralized network in one location with standardized devices. The remote-work shift, however, has upended this familiarity from security systems today. Today, employees are working from the farthest corners on Earth and with a range of devices, tools, and software. This gap has unfortunately pushed cyberattacks to rise by 630% in 4 months alone!
While working remotely isn’t dangerous “itself”, the lack of policy and systematic control mixed with employees’ actions and an attacker’s excitement can manifest real devastating results/risks. Recently, remote workers have been responsible for a security breach in 20%+ of organizations. Reflecting on this concern, Ponemon’s latest Cost of a Data Breach report, concluded that 76% of the companies are worried that remote work would increase the time to identify and contain a breach, and 70% believe remote work will increase the cost of a data breach significantly.
Even so, remote work continues to pick up the pace because of the comfort, control, and flexibility involved and organizations can’t say otherwise.
Research from Brandon Hall Group found that 1/3rd of companies believe more than 50% of their workforce will continue to work from home even after the pandemic ends.
Considering remote working is not here to be a short-term ‘trend’, the introduction of newer, more diverse devices, tools, endpoints, and risks will be inevitable. And as a result, remote workers will continue to be a target for cybercriminals. The best and the only way forward towards organizational security - with an increasing remote workforce - is to have a streamlined strategy with supporting tools that automatically adapt to this environmental change.
Read on to know how you can keep your organization and your employees secure in an increasing remote workforce -
A Jackpot for cyberattackers
Passwords, email addresses, sensitive data are all opportunities for cybercriminals, and working from home is making things even more accessible to them.
WHO reports a dramatic increase in the number of cyberattacks, as much as fivefold in the last few months!
In the remote setting, employees are using unsecured Wi-Fi networks, unmonitored personal laptops, and even run out-of-date or unpatched systems. In addition, for transitioning, many employees are also downloading applications like productivity tools, applications, or zoom backgrounds.
Here, although intending to be more productive, employees are potentially exposing themselves, corporate data, and the access to their remote servers, to attackers. Consequences of which include anything from sensitive data compromise to unauthorized access into the organization's infrastructure.
Considering the massive opportunity to invade an organization, attackers are always on the edge to take advantage of such employees and their unmonitored devices. And one of their favorite ways to do so is via malware.
What is malware
Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. It evolves itself in many forms: adware, spyware, virus, worms, a trojan, or ransomware, with the single ultimate goal of most cyberattacks - personal gain.
Experts estimate that a ransomware attack will occur every 11 seconds in 2021.
Considering the level at which malware is rising in the pandemic, detecting and investigating malware-infected hosts has turned into a routine for IT operations teams. It is also business-critical to strengthen this practice to improve your security posture - starting today.
Best practices to stay secure against malware with an increasing remote workforce.
Build a culture of cybersecurity
The “human” element of a cybersecurity venture is the most crucial factor to address in any organization. And to protect your organization from probable damage, this is as good a time as any to start building a culture of cybersecurity if you haven’t already. Get your security teams to organize regular meetings to train, retrain your employees about your security policies and healthy practices and go over their common mistakes.
Talking of mistakes, malware is most affected by the negligence of employees such as downloading new applications or clicking on links, etc. Here’s are a few quick tips to avoid them-
-
Pay attention to what you download
-
Run a certificate check on the website
-
Verify for known senders before clicking on email links
-
Don’t trust your pop-up notifications
-
Update to the latest OS and browsers
-
Remove legacy applications that are not in use
Set up Multi-factor Authentication
A Multi-factor Authentication lessens the risk of employees jeopardizing an organization’s data because of poor password management. Reports suggest that 91% of computer users understand the risks of reusing passwords, but most do it anyway. Such employee negligence can lead to severe consequences like malware, which an MFA can significantly control.
Log everything
Using a modern security tool such as Binaryflux can help you leverage event codes from windows events. Binaryflux documents windows security log event ids every time a new process is created and connected. Having these different windows event codes logged will allow your secur29ity analysts to gain insights into the endpoint’s anomalous behavior in real-time.
First execution of process
In events of sudden organization-wide changes, such as remote shifts, it is necessary to adjust the first execution of a process rule. This should be done to reinforce new scores that detect threats based on the severity of newer anomalous possibilities. This will help your analysts flag and review potential risk posers in the fastest fashion. In addition, you are likely to see a rise in the number of first execution events considering employees will download tools to improve productivity, etc. Therefore, adding a layer of first execution on threat hunting can prove helpful in upgrading your defense now that employees are outside the organization’s perimeter.
Utilize Watchlists
Every first executioner of any process event should be monitored under a watchlist for at least 24 hours. This healthy practice ensures that potential malicious threats or threat posers have a constant eye on them and their risk scores if at all it turns out to be an attack.
Automate
Deploying advanced security tools can automatically add those users to a watchlist who happen to have an abnormal process activity. This allows your analysts to aggregate their risk score over a period of time and take relevant actions accordingly. Not just that, you can also configure your watchlist with a TTL (Time to Live) in case the suspicion is nullified.
Vet collaborative Tools Early
The integration of collaborative tools like teleconferencing services and cloud solutions has shot up since the introduction of remote work. This rise has invited several high-profile vulnerabilities like credential stuffing of 530000 Zoom accounts among others. To make sure these third-party solutions don’t become a gateway for malware attackers to breach your data, you must get these vetted and background sourced to check for past complaints.
Third-party audit
Following the internal healthy practices comes a third-party watch. You can hire someone to audit your systems and penetrate tests to reveal if there are any vulnerabilities overlooked. Such audits should be a regular part of organizational workflows to always keep your guards against cyberattacks.
Use SOAR and UEBA centered tools
In this rapid shift to a fully remote workforce, it is important that security leaders balance productivity and security. An advanced security automation tool can help you with that. Tools like SOAR (Security Orchestration Automation and Response) make case management much easier and efficient by identifying threats, automating repetitive security procedures, and responding to threats- automatically. In addition to security automation, monitoring user behavior is also as important to efficiently detect and flag anomalous behavior. For this, UEBA (User and entity behavior analytics) tools prove extremely effective in identifying questionable behavior, detecting threats in real-time, and also “learning” such behavior to prevent any future malware threats.
Staying secure the smart way with Binaryflux
For companies that are usually on the radar of cyber attackers - which is almost everyone today -, establishing a strong strategy that includes state-of-the-art technologies is a must to preserve sensitive data. And Binaryflux offers you just that with its simple, scalable, and intelligent solutions.
Binaryflux is a neural-brain-led security platform that identifies, analyzes, remediates, and prevents security threats - all in real-time - within an organization.
It offers a one-of-a-kind SOAR and UEBA integrated solution - Doppler - which helps you fight malware and other malicious threats before they can cause significant damage to your organization.
With Doppler, you can baseline normal user and entity activities; and then automatically find deviations from the set normal activities that may indicate compromise. It allows your security system to adapt to changes in your business environment and automatically adjust as these conditions become the new normal.
To learn more about Binaryflux and how it helps you adapt to every security situation and stay one step ahead of attackers
