Hybrid working ushers a new approach to data security

With cybercriminals pouncing on vulnerabilities created by the shift to hybrid working, companies must build unobtrusive yet robust security into systems from the ground up

Following two years of the pandemic and organisations adapting to work from home mandates, hybrid working is here to stay. The living and work environment changes we’ve experienced over the last two years have induced a permanent shift in work-life balance. Over that period, enterprises have been forced to adapt to hybrid work patterns, and with 85% of desk workers currently working from home wanting a mix of both home and office working in the future, businesses are now seeking to meet this demand and embed a permanent hybrid model.

While hybrid working is undoubtedly bringing great value to organisations and their employees, cybercriminals are exploiting this shift in work patterns and environments to target endpoints more aggressively. Since the start of the pandemic, the volume of corporate data being accessed from home has risen substantially, including sensitive financial information. Spotting the various vulnerabilities in a dramatically widened attack surface, cybercriminals are now targeting home workers through dedicated malware campaigns that exploit social engineering.

As the lines between work and home have blurred, security risks have soared and everyday actions such as opening an attachment can have serious consequences. Without all of the pre-pandemic sources of visibility of devices, and how they are being used and by who, IT and security teams are working with a clouded vision. A study by analyst house KuppingerCole noted a mammoth 238% increase in global cyber attack volume during the pandemic, and ransomware remains the cybercriminal’s tool of choice to monetise their access to networks.

We need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up

“With a more dispersed workforce and a rise in the use of software-as-a-service (SaaS) applications, critical data is being hosted outside the enterprise firewall, causing cybercriminals to exploit a perimeter-less organisation,” says Dave Prezzano, managing director, UK & Ireland at HP. “This has exposed the limitations of the current endpoint security approach, which is based on assumptions about trust inherited from the era of perimeter security. Hybrid working has eroded the network perimeter of firewalls, intrusion detection systems (IDS), web proxies and other security controls traditionally used to defend networks and the devices which sit within them.

“Hybrid work models can also slow the time it takes to deploy patches, causing devices to remain vulnerable for longer. And they can lead to poorer security visibility because there may be delays in logs being sent to a central security information and event management system. Such a delay can be the difference between responding after an attacker has compromised a single endpoint and after they have deployed ransomware across the entire network. Human operated ransomware attacks escalate from initial access to full network compromise in hours.”

Circumventing behaviour

Employee behaviour can create further challenges in the hybrid working age. Many workers are using their work devices for non-work-related tasks like checking personal email, according to the HP Wolf Security Blurred Lines and Blindspots report. Yet because personal webmail services aren’t protected by corporate email gateway scanners, they are inadvertently exposing work devices to emails containing malware that might otherwise be blocked. Email is the top malware delivery vector, with 77% of malware isolated by HP Sure Click in Q4 2021 delivered in this way.

Meanwhile, HP Wolf Security’s Rebellions & Rejections report found 31% of office workers aged between 18 to 24 had tried to circumvent security measures, which is concerning for all organisations. Ultimately, if security policies and measures are too cumbersome and block people from doing what they need to do, employees will try to find ways around them that could put the business at serious risk. If left unchecked, this kind of friction and risk could escalate.

Employees are craving user-friendly security tools and eased restrictions, but cybersecurity teams need to find a way to reduce the burden of security and improve visibility into threats. Security should fit as much as possible into existing working patterns and flows, utilising seamless technologies that are secure by design and user intuitive. This involves seeking out new levels of endpoint protection rooted in zero trust principles that are as unobtrusive as possible to avoid end-user circumvention. Embedding non-intrusive security technology into the endpoint will go a long way to improving the user experience while also protecting the business.

“We need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up,” says Prezzano. “More than ever, there’s a need for resilient endpoints that are secure by design and protect themselves without relying on knowing what is good or bad. Over-burdened security teams and users can’t be relied on to catch everything, so enterprises should focus on ground zero for most attacks, which is users and their endpoints. The endpoint is the intersection of flawed humans, unsecured technology and untrusted interactions that keeps cyber attackers coming back time and again.”

Zero trust

Endpoint security strategies must be rooted in zero trust principles. Access to services should be controlled on a case-by-case basis, after verifying a set of controls that might include the user, the device and its security posture. This helps to contain failure, meaning a compromise of a less important service doesn’t necessarily lead to a major breach. Zero trust principles should be embedded into the endpoint, including device firmware, the operating system and applications.

“Laptops, PCs and printers that have security built in rather than bolted on can provide a much more seamless and less restrictive end-user experience,” Prezzano adds. “From here, organisations can layer security services on top, such as those that can contain and isolate critical threats before they have a chance to do any damage. Other tools can offer remote management for IT teams and the ability to self-monitor and self-heal without user interaction.

“HP Wolf Security can help organisations defend against the plethora of new attacks and risks facing them. By combining hardware-enforced software and security features with industry-leading endpoint security services, HP Wolf Security implements layered security and enables seamless integrations with the wider security stack. As such, customers benefit from robust, built-in protection from the silicon to the cloud, from the BIOS to the browser. Embracing a new architectural approach to security that mitigates risk and enables resilience, by applying the principles of zero trust, will allow companies to reduce the attack surface in the future of work.”

Q&A: Less detection, more prevention

Dr Ian Pratt, global head of security for personal systems at HP, says data security is too focused on detection and not enough on prevention and isolation. A better balance is needed

Despite large investments in data security, why are so many cyber attacks still succeeding?

Enterprise security systems still focus far too much on detection and not enough on prevention and containment, leaving companies exposed. Many enterprises rely on detection controls like antivirus software and endpoint detection and response (EDR), but these fail to detect more sophisticated threats, thus allowing attackers to gain a foothold inside victims’ networks.

Instead, organisations should shift their approach by putting a virtual fence around risky activities so in the event of their compromise, malware can’t spread or persist. Similarly, the highest-value activities can be isolated from others to provide additional layers of security. To secure the huge amount of data that is being accessed from home, including sensitive financial information, architecturally robust prevention and recovery are vital.

Why does measuring endpoint security by how quickly a security team can detect and respond to a threat no longer make sense?

For a long time now security operation centres (SOCs) have used metrics like ‘mean time to detect’ and ‘mean time to respond’ to measure their performance. The theory is the quicker the detection and response, the lower the impact of the compromise or intrusion. Having made the initial compromise, however, attacks can move extremely quickly today, using automation to spread across systems in an instant. Segmenting systems and networks to contain the intrusion before it’s spotted is the most effective way to limit impact.

This has become even more important as the hybrid working age has reduced visibility further, as well as control over endpoint devices.

How can organisations strike a better balance in their endpoint security strategy?

Data democratisation can bring enormous value to companies in the hybrid working age, but you can only enable it safely by ensuring the systems that stakeholders use to access data are secure. That means equipping employees with systems that are secure by design and don’t get in the way of workflows, enabling users to work confidently without fear of being tricked into clicking on something that compromises their system. Investing in technologies like micro-virtualisation can isolate threats delivered by the most common threat vectors – email, browser and downloads – to reduce the attack surface without impacting user experience.

Data democratisation can bring enormous value to companies in the hybrid working age, but you can only enable it safely by ensuring the systems that stakeholders use to access data are secure

When a task is closed, the micro-VM and any threat it contains is disposed of safely, so even if a user does click on something bad, the attacker has nowhere to go and nothing to steal. Remote workers can use their PCs normally, but the CPU virtualisation hardware isolates and contains attacks even the most sophisticated and novel threats, eliminating that threat vector and causing attackers to have to look elsewhere.

How is HP supporting organisations to bolster endpoint protection?

Unlike traditional endpoint security solutions, HP Wolf Security doesn’t rely just on detection to provide security. Instead, it protects systems by isolating risky user tasks, such as clicking on links, opening email attachments, and downloading files from the web. The information recorded by HP Wolf Security also provides insights into how users interact with threats, such as uncovering which email lures are convincing enough to trick users into opening malicious attachments. These insights empower security teams to craft policy changes to defeat other similar attacks.

With HP Wolf Security, the malware is run inside a micro-VM where all activity is recorded in a ‘black box’ flight recorder, thus capturing what the attacker is doing and what they hope to achieve, giving rich threat telemetry.

For more information, visit hp.com/wolf

Promoted by HP