While remote working was necessitated by COVID-19, it’s one element of pandemic life that’s here to stay. More and more businesses have decided not to make employees return to the office on a full-time basis, instead opting for hybrid models in which employees can work flexibly across different locations.
But with hybrid working now the method of choice post-pandemic, security strategies must evolve. Businesses have already transformed, and security must progress in tandem. This means using modern services, such as managed detection and response (MDR) and extended detection and response (XDR), to act as a business enabler and push the boundaries of modern cybersecurity delivery.
Understanding the Security Challenges of Hybrid Working
Worryingly, despite most employees having worked from home for more than 19 months, many organizations are yet to update their cybersecurity strategies, exposing systems to very keen cyber-criminals. For IT and security teams, managing security in remote and hybrid environments is challenging. Perimeters have expanded, cloud systems have been embraced, employees are working from uncontrolled environments and the attack surface is more significant.
Essentially, in a dispersed environment, the risks have changed. Poorly managed and secured systems directly correlate to an increase in cybersecurity risks. Many businesses have an architecture designed around users being within the office at some point to receive updates, patches and policies. In a hybrid model, this is not sufficient, and organizations need to modernize cybersecurity systems to reflect the changes to working models and the threat landscape.
At a minimum, this means preventing employees from connecting to business networks and using personal machines that don’t meet a minimum-security baseline. The technology to address these problems has been available for many years, but this has moved to a cloud delivery model in recent years, making it easier to govern and scale.
Embracing a Zero Trust Approach
Any business that hasn’t already will also need to shift to zero trust models focused on trusting nothing and securing user identities and devices as much as network perimeters. Zero trust is not a new concept, but the mantra of trusting nobody is timeless. However, implementing an effective strategy in a hybrid environment isn’t always easy or useful if not done correctly.
An effective strategy is based on three basic principles: verify explicitly, use least privileged access and always assume a breach. By assuming a breach, cybersecurity, IT and OT teams can prevent and enable earlier detection by deploying controls such as authenticating all users and devices, using least privileged access, implementing read-only modes and conducting real-time audits.
Optimizing Endpoint Security
To ensure users working in a hybrid environment remain secure, integrating a zero trust approach with an effective MDR strategy is a must, one that combines human analysis, artificial intelligence and automation to rapidly detect, analyze, investigate and actively respond to threats. Whether deployed as a fully outsourced security operations center (SOC) or via a hybrid model, an MDR service can help develop a cost-effective reference security architecture to safeguard operational technology (OT), on-premise systems, cloud-based applications and SaaS solutions. More importantly, it enables companies to quickly respond to new threats, reducing cyber-risk and the dwell time of breaches – regardless of the endpoint from which they arise.
IT and OT teams should also consider extended detection and response (XDR) technologies that allow rapid detection and response of threats across endpoint, network, web and email, cloud and, importantly, identity. This means all users, assets and data remain protected, regardless of where the user resides.
By adding an additional protective layer to accompany zero trust technologies, XDR tools consolidate the large numbers of vendors within the average SOC, bringing down operational overhead associated with managing multiple siloed systems. Plus, when there are more gaps than overlaps in technology tools, security teams risk many benign and false-positive alerts, eventually leading to alert blindness. Tight integrations of systems, such as endpoint detection and response, cloud access security broker, SIEM, to name a few, extend visibility and deliver valuable insights that help identify more persistent or advanced threats that could have previously been missed.
Protecting Business Post-pandemic
With hybrid working here to stay, businesses cannot afford to be complacent. IT and OT teams have an opportunity to rethink cybersecurity and put in place new technology that will not only strengthen security for years to come but deliver a competitive advantage. Only by adopting a zero-trust approach, supported by proactive and intelligent cybersecurity services, such as MDR, underpinned by XDR technology, can security teams stay one step ahead of cyber-criminals in the new working environment.