Corporate networks have changed drastically under COVID-19 social distancing measure such as lockdown or work-from-home directives, creating new cybersecurity challenges.
The dramatic increase in the number of people working from home is putting an incredible strain on remote access infrastructure as well as the helpdesk and IT teams handling the escalations.
Many organizations have evolved since the pandemic, but many of them face new challenges that they were not prepared for – especially in cybersecurity. Besides the increased bandwidth and traffic over distributed networks, even technologies meant to secure people, premises and infrastructure can be exploited by cybercriminals.
How are organizations in Asia protecting themselves from attacks leveraging remote devices from homes and offices? How should they defend against the increased volume of threats targeting users in the new hybrid distributed workplace of today?
CybersecAsia has the opportunity to pose these questions and more to David Sajoto, Vice President for Asia Pacific and Japan, ExtraHop:
How should enterprises balance security efforts between remote and physical offices?
Sajoto: The shift from having an office-based workforce to most employees working remotely as a response to the pandemic has laid enormous strain on most organizations’ remote access infrastructure and further stretched IT and Security teams monitoring company networks.
To catch up with the changing business landscape, companies have diverted their efforts toward increasing the efficiency and security of their networks. Many organizations suffered from VPN performance issues with the swift move to a remote workforce. We have learned that organizations can save bandwidth through the use of VPN tunneling and monitoring the network to optimize the traffic flows.
To ensure that there is a balance of security efforts between remote and physical offices, companies should assess its current security posture and address risk areas immediately before it becomes an attack vector.
Additionally, while most people are working remotely, physical offices are not entirely devoid of network activities. An additional concern was that many connected devices, like printers and Voice over IP phones remained on in the physical office which represents a vulnerability if not watched.
How can organizations retain network visibility over their distributed workforce across offices and homes?
Sajoto: The importance of a robust network detection and response as part of a cybersecurity strategy has become more evident as the number of cybersecurity breaches grows. It starts with visibility into the traffic traversing the network both the north, south perimeter and inside, the east west corridor. Leaders must have a comprehensive understanding of the risks of securing a distributed workforce. IT will need buy-in from senior leadership, to establish and implement measures to ensure network visibility over the company’s digital ecosystem to better detect and respond to threats in real-time. With the help of network security and monitoring solutions, IT teams can detect anomalies faster, respond quickly and stop threats from becoming a full-blown cybersecurity breach.
Why are organizations shifting to cloud infrastructure and how is this helping IT teams monitor and spot anomalies in their network?
Sajoto: The flexibility and elasticity of cloud helps companies pursue modernization projects and implement new age technologies such as artificial intelligence, big data and automation. By moving to the cloud, companies can leverage their data and quickly scale operations to meet business goals. As cyber attacks are increasingly more sophisticated, cloud security grows in concern. The shared responsibility model of the cloud means that companies can leverage the cloud provider’s built-in security feature such as filtering, encryption, access management and regular system updates and patches, or security of the cloud. However, security in the cloud is still the responsibility owned by the company who owns the data. Companies who adopt a cloud-native approach to securing data and workloads in the cloud will benefit from network detection and response (NDR) solutions that detect, investigate, and respond to complex threats at the speed and scale that matches the needs of the business.
How do IoT devices affect the enterprise?
Sajoto: With the proliferation of Internet-of-Things (IoT) devices, the attack surface is rapidly expanding, making it difficult for security teams to keep up. Enterprise IoT devices are often not seen on the network as they can’t be instrumented in traditional ways. Visibility into these devices that are connected to the network is often cited as a very high concern for network and security teams. Without a proper visibility, there is no way to detect if one of those devices has been compromised. Due to the nature of IoT devices they often provide and easy entry onto the network where the attacker can hide until they can move laterally and escalate privileges needed to breach the network.
Early detection will help enable organizations to respond to threats and minimize the damage.
Why are Internet Protocol (IP) cameras important to businesses? How are they a security concern?
Sajoto: Today’s businesses are facing security threats from all fronts. While cybersecurity is a growing concern, organizations must also fortify and protect physical locations against intruders – especially as many offices are left empty due to the current COVID crisis.
To dissuade and detect physical security threats, businesses rely on IP cameras which transmit videos and images over the network and can be controlled remotely allowing businesses to have real-time, round-the-clock security monitoring. Well-positioned IP cameras can discourage break-ins, help safeguard facilities, and protect the employees and tenants in the physical location.
While IP cameras are essential to detecting physical activity, the network security team is not always involved in the procurement of these connected devices.
The irony is that many were not built with network security in mind and if left unmonitored on the network these devices can provide an easy entry point into your corporate network.