A Darwinian Paradigm: Secure Enterprise Networks in the Hybrid Working Model
By Bill Santos, COO and President of Cerberus Sentinel, sharing his expertise on how to secure enterprise networks for #InfoSecInsightJam.
It is no secret that the pandemic has rippled out to impact almost every aspect of business function in a modern enterprise. From a security perspective, the integrity of corporate networks has never been more important, because these networks are where the vast majority of business function occur. One key component to the expansion of business networks can be linked to the increased adoption of cloud computing. In fact, currently, 94% of enterprises use cloud services to store and process data. While this brings a whole host of new risks, the cloud has enabled businesses to continue some extent of their operations with the explosion in remote working. Most companies that have been forced to shut down are not cloud-enabled – they were running on-premises and have had to throw together a remote working capability for their employees without security as an afterthought.
These companies are now in the Wild West of security and compliance, where operational Darwinism prevails. Where they may have once had centralized control over the information passing through their networks, the sharp and necessary rise in remote working now means the control and auditing capabilities have been seriously diminished. In a worst-case scenario, this means enterprises could be suffering damaging data breaches at a far larger and quicker rate than usual, and not even have the insight or visibility to know this is happening. This is further convoluted by the ever-growing security-black-hole that is unsecured personal and IoT devices running free in corporate networks. So, what can we do to keep ourselves safe, from a (social) distance?
Securing the Remote Endpoint
The first mistake organizations are likely to make is failing to utilize the capabilities of an enterprise-grade VPN. Some organizations are downloading free or cheap VPN solutions which often cause more problems than they solve: it is extremely important to make the investment in a robust VPN tool that will allow secure access to sensitive corporate information.
The second thing to consider is the wider use of your home network, and how this will inevitably intersect with the corporate one. If you are working on the same Wi-Fi network as your family, who are also in lockdown, for example, it is crucial that basic cyber-hygiene is deployed: changing the default password on the home router, and ensuring that those in your home working environment – children and spouses – are using different and appropriate passwords, and in some cases segregating networks. This applies possibly even more to those living in house share situations with other young professionals, as failure to do so could open multiple corporate networks to a single threat.
Fail to Prepare, Prepare to Fail
In security, you plan and prepare for an incident. Working under the assumption that something is likely to go wrong is one way to ensure that when incidents do arise, an organization is ready for them. The situation with Covid19 is no different; organizations who encouraged flexibility in their working environments and structures will inevitably find the tradition into the hybrid working model a lot easier than those with more rigid working practices in place.
Even more than planning, but testing these plans rigorously is crucial. There’s an old adage in computer security that if you have a disaster recovery plan which remains untested, you don’t have a plan. There’s no certainty until you’ve tested, and there’s no guarantee you won’t have overlooked something crucial until you have tested. However, just because your business has been fortunate enough not to have experienced a global pandemic, it doesn’t mean that you should not have a pandemic business continuity plan in place, as failure to do so can result in catastrophic consequences. All of these ideas ring true from both a security and a business perspective.
How to Prepare
At its simplest level, the most important thing that an organization can do is to consult the experts. As we see Covid19 as the latest hook for phishers and other cyber-criminals – and we see this reported widely in the news – organizations seem to be more aware that it’s crucial to train individuals to see the tell-tale signs of phishing emails and of the overall importance of maintaining an appropriate security posture. This remains even more crucial perhaps in the hybrid working model, which sees personal and corporate data blurred to a point we’ve never before been aware of. The cultural aspects of this should be thrown into much sharper focus if we are to stay one step ahead of the cybercriminals, especially as the value of data increases.
The second is to make sure that the security teams – whether these are internal or external – are included and consulted to ensure that home working environments and networks are being built with security considerations factored in. Assume you have been breached, and that you are under attack from threat actors. If you can say confidently you have done everything right when working under this assumption, you should be in a good position to remain functioning during this precarious time. It is going to be hard enough for businesses moving forward; don’t let security be one more concern.
Thanks to Bill Santos, COO and President of Cerberus Sentinel, for sharing his expertise on how to secure enterprise networks for #InfoSecInsightJam. Learn more in our Endpoint Security Buyer’s Guide.
- Endpoint Security Providers: Best of 2023 and Beyond - October 31, 2022
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021