As workers continue to work from home, they also continue to lower their guard from a security perspective. Cybercriminals have also had an extremely productive time remote working the past year. Early in the pandemic, they realized that the huge shift to remote working opened up lucrative new opportunities to monetize attacks. The result? A 238% increase in global cyberattack volumes.Opens a new window Here Ian Pratt, global head of security, personal systems, HP Inc, outlines why organizations need to figure out to best manage risk for remote workers while also enabling mobility for the workforce.Â
As home workers lower their collective guard away from the office, businesses must find a way forward. This is much more than a single moment in time â€“ organizations need to quickly assess how to manage remote working risk, while also enabling workforce mobility.
This is a serious challenge that will in many cases require a major change of direction for business security, towards a focus on protecting the endpoint.
Here Comes the Friendly Foe
We’ve all changed over the course of the pandemic â€” most noticeably in working habits. A new report by HP Wolf Security found that three-quarters (75%) of office workers say that COVID-19 blurred the lines between their personal and professional lives. It did this quite literally, in forcing us to work from home, where most of us used to spend little time during office hours. But it also led to many remote workers using the same device for both leisure and work, and even sharing it with other members of the household.
In fact, 70% of office workers use their work devices for personal tasks, and a similar number (69%) are using personal laptops and printers for work. Nearly a third (30%) have lent their device to someone else. This has led to some concerning psychological effects. Many of us have begun thinking of our work devices as our own, which can make us less alert to potential risks.
At the same time, that common refrain of â€œexceptional timesâ€ has helped us to justify risky behavior, such as downloading games, streaming videos, and even lending work devices to our children for online studying.
Over 80% of IT decision-makers think that these activities increase the chance of corporate breaches, which they do. Covert malware lurking in unvetted apps and downloads could steal log-ins and business information, deploy ransomware to corporate networks or mine for cryptocurrency. The threats are made even more acute if we don’t follow the security basics. Over half (51%) of IT leaders have found staff using unpatched endpoints over the past year.
So where exactly are the bad guys focusing their efforts? Unsurprisingly, it’s on the things locked-down workers are turning to for light relief.Â
According to the HP Wolf Security report, there was a 54% increase in phishing attacks targeting gamers in the first four months of 2020, while video games are also being used as lures, with one notable example being ransomware disguised as Fortnite hacks. Not even our love for streaming box sets is safe. In just one seven-day period in April 2020, there were at least 700 phishing sites spoofing popular streaming services.
The end goal is usually data theft and ransomware, and increasingly today the two are combined in the same attack. With 71% of employees claiming they access more company data, more frequently, from home now than they did pre-pandemic, there’s plenty of opportunity for those with malicious intent.
This isn’t just a theoretical threat: over half (51%) of IT decision-makers have seen evidence of compromised personal devices being used to access corporate and customer data. A similar number (45%) said compromised printersOpens a new window have been used to launch attacks over the past year.
A New Model of Endpoint Security
Accelerated vaccine roll-outs may be filling many with confidence that a return to â€œnormalityâ€ is just around the corner. But the truth is that the workplace will be forever changed by the pandemic.Â
Plenty of us have had a taste of working from home life and we rather like it. In fact, around two-fifths (39%) of office workers expect to be mainly working remotely post-pandemic, or at least splitting their time between home and office.
With the traditional corporate perimeter now a thing of the past, remote employee devices everywhere and cloud apps an increasingly popular way to boost staff productivity, how can security teams police and secure this new environment?Â
The answer is by focusing on endpoints. Some 91% of businesses say that endpoint protection has become as important today as network security.
So, what’s next? Layering up restrictive policies only puts security in the way of productivity, while detection of known malicious signatures and code can be easily thwarted by modern malware. The answer instead lies with an endpoint security approach rooted in zero trust principles.Â
This means decisions are made on a case-by-case basis for every service, after verifying a set of controls that might include the user, the device, and its security posture. This helps to contain failure â€“ meaning a compromise of a less important service doesn’t necessarily lead to a major breach. Zero trust principles are extended onto the endpoint â€“ including device firmware, operating system, and individual applications.
Organizations should be aiming for defense-in-depth at the endpoint, from self-healing firmware capabilities to machine-learning powered anti-malware solutions that are better able to spot new malware variants. This also includes hardware-powered micro-virtualization, which can isolate and contain threats delivered by email, browser or downloads, while being transparent to the end-user.
If the future of work is flexible and remote, then the future of security needs to have an increased focus on the endpoint.