The term “new normal” means different things to different people. For some, the term is synonymous with a return to the office (just with a few tweaks), while others think that co-located teams are gone for good. The reality is probably somewhere in between. Household names like Google and Facebook are planning for a future where most of their employees work remotely most of the time. And where big tech goes, other organizations tend to follow.
Over 70 percent of CFOs surveyed in a recent Gartner survey say that they’ll be transitioning more employees to working remotely even after the COVID-19 pandemic recedes. This new normal opens up a whole host of questions about how cybersecurity is going to work with a distributed workforce. How can companies deal with advanced endpoint protection threats like evasive malware, fileless attacks, and increasing numbers of zero-day attacks when most of their staff are working from home?
The New Normal of Advanced Endpoint Protection
Faced with a future in which remote and distributed workforces are the norm, IT security teams need to completely revamp how they think about advanced endpoint protection. To keep companies safe, advanced endpoint security tools must be deployed to remote endpoints--even if those are personal computers that employees use to conduct their work--to ensure that everyone is working securely no matter where they are.
This rethink is needed because cybercriminals have noticed the rise in remote work too. Here at Morphisec, we’re seeing an unprecedented increase in attempted endpoint attacks. Between March 8 and April 12 alone, we saw phishing and adware attacks soar from 2,000 to 90,000 direct threats per week. This 4,500 percent increase in attempted endpoint attacks is an unfortunate side effect of the “new normal.”
Advanced Endpoint protection Through Better Training
When countering this new wave of threats, your IT security team shouldn’t be the first line of defense. Instead, everyone in your organization who works remotely (all or some of the time) needs to be on the front line of your company's endpoint security.
Organizations need to provide employees with security awareness training. Every employee should know good security habits such as when to use two-factor authentication for their devices and how to keep software up to date. Security awareness training can also show employees what targeted social engineering scams look like--before they get caught up in one. This is especially important because of the dramatic increase in phishing scams, as well as the unreliability of home internet often negating many cloud-based protection suites designed to guard against attack. Ultimately, remote employees need to be highly educated on security best practices so they are not the weakest link in the security chain.
Remote Employees Need Even More Protection
Most employees’ home networks don’t have the same kind of monitoring and detection tools your corporate network does. To keep your corporate network safe from endpoint threats, you have to give your employees the right tools to protect their own networks.
Companies can improve their employees' network security by insisting on the use of a virtual private network (VPN) to access company networks. VPNs create a secure tunnel from your employees’ computers to your corporate network. We’re seeing a lot of companies take this approach: VPN use grew by 41% during one week in March alone. VPNs only provide security across one dimension, however, and don’t necessarily provide security against all possible threats.
Antivirus software, such as Windows Defender, can also help protect employees’ home and work computers. Windows Defender is, in fact, a particularly good option because it’s built into the operating system and doesn’t require any extra installation; you simply turn it on. That said, antivirus software will only protect against known threats. Remote employees accessing corporate tools through a web browser remain vulnerable to targeted browser-based zero-day attacks, which often bypass traditional detection solutions. Proactive solutions like moving target defense, which is designed to deterministically block evasive threats, protects against these kinds of attacks by morphing application memory and turning a known memory structure into an unknown target regardless of whether it’s running on a remote or in-house endpoint.
Don’t Rely on Remediation for Advanced Endpoint protection
Back when most of your teams were co-located, in-house IT teams could quickly re-image compromised machines. But without multiple threat-focused monitors, secure high-speed network connections, and the ability to interact with one another in real-time, distributed security teams aren't able to “close the door” and counter a live threat securely.
Inconsistent employee internet connections also seriously hinder remote remediation. When someone's connection lags during a Zoom call, it's annoying. If the same thing happens to a security professional remotely remediating an issue with a compromised machine, the results can be devastating. Remote access tools are also far from secure. We recently saw ransomware propagated through popular remote access software package ConnectWise Control.
While you can’t rely on remediation to protect against endpoint attacks, you can stop them before they cause any damage. One way to do this is by using software that allows moving target defense, which prevents advanced endpoint threats from compromising remote machines in the first place. When it comes to endpoint attacks, there is no better truth than the old adage that “an ounce of prevention is worth a pound of cure.”
Final Thoughts
The reality of the “new normal'' is going to mean a larger percentage of your company working remotely a lot more often. A knock-on effect of this change is an increased number of vulnerable endpoints into your company's network and a rise in the likelihood of a successful endpoint security breach. The key to staying safe in this new threat environment is to stop relying on remediation and start equipping all employees, and not just your IT security team, with the right tools and training.