Many workers will be looking forward to the Great Reopening after 18+ months of uncertainty, disruption, and isolation. Professionals in the field of information security may be more conflicted. They return to a new reality marked by workplace transformation—a more fluid, distributed IT environment in which endpoint visibility and control are more difficult than ever. Threat actors are adapting at breakneck speed to take advantage of this new hybrid working paradigm, and security teams must deal with the looming threat of new shadow IT.
Unsanctioned and unmanaged home working devices are a key rising danger, according to new study from HP Wolf Security, putting unprecedented operational demand on security and IT departments. This new way of working necessitates a new security architecture, based on Zero Trust principles and built from the ground up.
The shadow grows longer
Many firms ignored security protocols and standards in the rush to maintain business continuity throughout the crisis. This seemed understandable at the time, but it has resulted in a staggering increase in shadow IT, which refers to non-IT departments implementing software outside of IT’s purview. According to the new HP Wolf Security Out of Sight & Out of Mind research, over half of all global office workers purchased a PC, laptop, or printer when the country was on lockdown. Unfortunately, 68% of them said security wasn’t a big factor in their decision, with functionality and price coming in first. IT didn’t even verify or install their laptop, according to 43% of respondents.
As a result, many remote and hybrid workers are forced to use unapproved and sometimes unsafe technologies. To make matters worse, they’re more prone than ever to engage in risky behavior outside of work. Since working from home, a fifth claim to have clicked on dangerous links (WFH). In fact, three-quarters of IT executives claim this activity has increased. Despite this, only 30% of employees report these mistaken clicks to IT, either because they’re afraid, don’t think it’s vital, or think it’s a burden. If the organisation fails to detect initial access and threat actors are permitted to remain on corporate networks, there might be a lot of pain ahead.
IT is on the verge of failing
It’s hardly surprise that IT is feeling the heat, given the perfect combination of spreading shadow IT, dangerous WFH conduct, and mounting external threats. Of course, this was true before the pandemic, but it’s even more so now. According to 79% of IT teams, the rate of device rebuilds has grown, indicating rising compromise. With devices out of the office, the time it takes IT to recreate a damaged machine has climbed to about four hours on average. That money could be better spent on higher-value tasks.
Thousands of notifications are also flooding Security Operation Centres (SOCs). Hundreds of them are related to the endpoint each week, yet roughly two-thirds of them are classified as false positives. That’s extra time lost for IT security specialists who are already overworked.
It takes extra time and effort to recover operating systems, patch endpoints, and onboard new employees with secure devices. This has a significant influence not only on the bottom line, but also on an organisation’s ability to protect itself. According to respondents, the cost of IT support increased by 52% during the epidemic. All of this adds up to nearly three-quarters of IT teams being scared that colleagues will leave due to burnout.
Front and centre
The majority of these trends aren’t brand new. However, the trend to hybrid and remote work has compounded these issues. This new reality necessitates a change in corporate security.
Adopting stronger endpoint security, which gives IT and security personnel more visibility and management tools, is a solid first step. To ease the strain on support teams, IT departments should supply users with devices that have security built into the hardware. Devices having remote recovery capabilities and self-healing firmware, for example, can aid endpoint recovery in the event of a compromise. These devices can aid in the transformation of IT security support and keep employees focused on providing business value.
However, the transition to hybrid also necessitates a new architectural approach to guard against known and undiscovered threats while decreasing the strain on cybersecurity personnel and front-line end users.
The idea that businesses should anticipate a breach and constantly verify/authenticate access to and between resources depending on context can help here. This should not just apply to specific devices, but also to the endpoint’s distinct components, such as firmware, OS, applications, and users. Organisations decrease their attack surface and enable speedy recovery in the case of a breach by implementing principles like robust identity management, least privilege, and isolation at this level.
Isolation can be used to negate assaults against common threat vectors, for example. Organisations can render any potential malware or exploits harmless by doing dangerous operations in a disposable virtual computer, such as clicking on links or attachments. This has a number of advantages. First, it reduces cyber risk by effectively locking an adversary inside a virtual machine, prohibiting data exfiltration, lateral movement, and persistence. Second, it’s better for users since they’ll have a more consistent experience with fewer unpleasant security hurdles in their way. Third, it provides IT teams more time to patch at their own pace, certain that developing flaws spread through common threat routes will be rendered harmless. Finally, enterprises acquire intelligence to improve threat hunting efforts by executing any malware inside isolated containers.
We’re about to embark on a new era of workplace transformation. Big changes, on the other hand, frequently result in the establishment of new security weaknesses. This will necessitate secure-by-design features that not only contain and neutralise cyber threats, but also allow compromised systems to recover swiftly and automatically. Organisations that master endpoint security first will have a leg up on the competition in the hybrid work future.
