Posts

Cybersecurity in a Work from Anywhere (WFX) Environment

In 2020, thanks in large part to the COVID-19 virus, the work environment in Europe has shifted, with remote working leading the way. This presents many challenges for IT and security teams as they now must deal with an increase in cyberattacks in less a secure environment.

As the UK and other European countries enter a second lockdown period in an attempt to contain the virus, more and more organisations are announcing that not only will employees continue working from home into 2021… it may be permanent. So how can cybersecurity teams adjust to this “new normal”?

Working from Everywhere (WFX)

According to a report from Interpol, cyberattacks are at their highest levels in three years as a result of COVID-19. In turn, the number of data breaches has almost doubled, with 3950 confirmed breaches so far in 2020 against 2103 recorded breaches in 2019. Attackers are also getting more creative in their methods, with attack types ranging from man-in-the-middle attacks to network spoofing and packet sniffing of unencrypted traffic.

Hacker-in-hoodie-in-dark-room securing WFX

In the light of the global pandemic, many predict that working from home (WFH) will become working from anywhere (WFX), with a massive upturn in digital transformation as a result. As organisations announce that home working will be permanent, even when the COVID-19 virus is under control, it is predicted that millions of employees will turn this change into the chance to work from anywhere, perhaps relocating to the countryside or closer to relatives to make up for lost time during the pandemic.

So now, teams across Europe and the globe must combat the challenging task of securing staff who work from anywhere. This brings a host of new concerns. Notably, home networks are less secure than corporate offices and users with spotty WiFi connections may migrate to even less secure public WiFi options. The absence of advanced intrusion prevention tools available in office environments risk leaving more gaps for cyber attackers to gain access and steal confidential information. Frequently sending data between the office and home, or between two home networks, leaves more opportunities for cybercriminals to catch data in transit if communication is not properly secured.

The increased volume of cyberattacks that we are now seeing, combined with the shift to WFX, is forcing European organizations to revisit their strategies. Technology needs to be able to keep up with these changes and the focus of IT teams should be shifting to ensure their cybersecurity is a priority. And with the average cost of a data breach standing at £2.9 million, organisations know that a security incident will be expensive in addition to the cost of damaging their reputation.

Setting Security Teams up for Success

While most organisations realize the importance of having a strong cybersecurity posture, many find it difficult to assemble and integrate the right components when it comes to building an in-house security team and having 24/7 monitoring and protection. The resources and staff needed to successfully run an in-house operation require a significant investment of time and money. Even if they can afford to build a team in-house, many struggle to find and retain the right calibre of candidates when trying to hire experienced analysts, content developers and engineers.

While security programmes may differ in organisations, often their underlying security needs are the same, especially when it comes to securing their WFX teams. That is why many in Europe are turning to outsourced security services as a more cost-effective way to stay secure.

Benefits of Outsourcing your Cybersecurity Needs

If you’re considering outsourcing some or all of your cybersecurity needs, the best way to start is to identify what your team can do most effectively in-house. Then, look to fill the gaps by finding a partner to complement your skillset. You still need a team in place to handle certain tasks, ideally one who also knows what partners to look for and how to maximize the relationship. Outsourcing your cybersecurity needs helps to free up your team and alleviates a large portion of the hiring burden. It also enables you to have shared liability and gives you 24/7 protection without building an in-house Security Operations Centre (SOC).

The trend of outsourcing cybersecurity services in Europe has been growing faster than has been seen in many years. In addition to addressing new challenges, IT teams are faced with shrinking budgets. Many European organisations are now considering outsourcing some or all of their security needs as the key to getting more done with less.

There are many benefits of partnering with an external security company, in addition to taking advantage of their 24/7 services and staff (although that piece is critical for most!). Here are some reasons organisations across Europe are choosing to partner with an external organisation for their cybersecurity:

  • 24/7 ProtectionProficio-SOC

Cybercrime is not a 9-5 problem, so you need more than a 9-5 solution. With hackers and cybercriminals striking at any time, networks need to be monitored around the clock. This is especially critical if employees will not be returning to a normal office environment. Having a successful 24/7 operation in-house requires a staff 12 or more. And with the  shortage of trained cybersecurity professionals, even if you are able to find people with the right skills, the cost to hire and retain those experts does not come cheap.

Utilizing a Managed Security Services Provider (MSSP) or similar cybersecurity partner means you’ll have a team of experts available whenever you need them. You won’t have to worry about staffing the graveyard shift or holidays to make sure you’ve got someone monitoring your networks, and their team is ready to respond quickly to any potential threats.

  • Free Up Time

Many IT departments often get bogged down with mundane and manual work, spending more time fixing issues rather than implementing strategic projects. When outsourcing to an MSSP, you gain instant access to a team of expert cybersecurity professionals.

Managed security services are valued by organisations that wish to refresh their security stack but lack the in-house expertise to maximize the value of new tools. Also, many organizations find that tasks like reconfiguring firewalls need to be completed outside of business hours but lack the staff to operate 24/7.

  • Improve your Security Posture

Partnering with a managed cybersecurity provider will help you improve your security posture. They should have a library of threat detection use cases already built and optimized, so you instantly get access to relevant content. Paired with a streamlined on-boarding process, this allows you to quickly start receiving actionable alerts and reduce false positives that cause alert fatigue.

In addition, MSSPs offer a wealth of security knowledge and can offer guidance on best practices to help you ensure you’re getting the most value from the security tools you have in place. Some advanced providers have tools available that can help you uncover gaps in your security posture and provide recommendations to help fill in any gaps. Ask your provider to combine this data into a cyber risk score and compare your score to other similar organisations.

  • Automate Response

Automated response and containment is a critical capability to protect organisations from attacks that could lead to damaging security breaches. Despite their best efforts, cyber defenders may miss indicators of attack or take too long to remediate problems. Leading Managed Detection and Response (MDR) service providers can leverage their client’s existing perimeter and endpoint products to automatically block IP traffic and contain endpoints, quickly containing a threat to stop an attack before it causes damage.

  • Save on Costs

Many security providers are now offering services in the cloud. If you opt for this, it can present substantial cost savings over building your own facilities. For example, a SOC-as-a-Service gives you access to a powerful SIEM without investing in your own. This not only saves on hardware, but also means you don’t have to look for (and retain) staff in-house to manage the technology. Partnering lets you better protect your business without the prohibitive costs that go with upfront purchasing costs, maintenance, storage, staffing and other costs.

Securing the WFX in 2021 and Beyond

The rapid pace of change and the increasingly complex cybersecurity environment is leading security teams to evolve and adapt and making outsourcing a smart option for many European organisations.

While there are many creative options on how to stretch your security budget, partnering with a MDR service provider it should be near the top of your list. If you’re looking for a partner who can help you meet your cybersecurity goals, please feel free to contact us.

Europe’s 2020 Cybersecurity Evolution: Securing Teleworkers

How cybersecurity of organisations in Europe will change and adapt with teleworking and the migration to the cloud

When 2020 arrived, no-one could have predicted nor expected the drastic changes that we are seeing in the light of the COVID-19 pandemic. Not only has the pandemic changed cybersecurity, it has also created a huge paradigm shift in the way that organisations work.

The pandemic caused a rush across Europe to get employees out of the office and working from home, creating a requirement to better secure the teleworkers. Prior to the pandemic, only 5.2% of people regularly worked from home across the EU. A Europe-wide push for people to self-isolate proved challenging for the majority of the continent’s population who typically hadn’t been working from home; however, now that this paradigm has shifted, organisations across Europe are turning their attention to how they will work in the future.

Person on a laptop creating a plan to securing teleworkers

Creating the New Normal in the Cloud

There has been much talk in the media about the “new normal” and what that will look like when it comes to cybersecurity. With lockdown restrictions easing, the return to the office is firmly on the board’s agenda. Most European organisations are considering two options – allow their employees to work from home full-time or adopt a “hybrid” workplace approach, where employees will split their time between working in the office and at home.

The pandemic has helped many employees realize how much they enjoy the work/life balance  and appreciate not having to commute to an office five days a week. They have also proven that they can work just as effectively from home as in the office. Research predicts that the number of UK employees working from home on a regular basis will double, increasing to 37%, compared to 18% before the pandemic hit.

In line with this change, many European organisations have reduced their real estate and have a decreased need for on-premise solutions. This is creating a shift to cloud-based solutions that will provide stronger protections for teleworkers. The growth in cloud computing has been massive and transformational – and quickly sped up with the pandemic.

Cybersecurity for Teleworking

If employees are going to work from home on a regular basis, their cybersecurity hygiene should be considered by the organisations they work for. There are a myriad of different challenges with securing teleworkers; for instance, employees might be more likely to fall victim to a phishing email or cut corners when it comes to backing up important company data.

Phishing attacks have grown by over 60% in the UK since the COVID-19 pandemic and are widely recognised as the top cause of data breaches. Hackers are getting much more sophisticated in their approach to phishing attempts and once an employee clicks on a malicious link, they may be able to gain access to the employer’s device or sensitive data.

Cybersecurity for home workers is very different than for the office. Employees’ home networks will often have weaker protocols (WEP instead of WPA-2, for example), which can allow hackers to access network traffic much more easily. To help with this change, many organizations are looking for upgraded security tools and services that can be entirely cloud based. It’s a good time to review remote access solutions and policies, to ensure your team is working securely while remote.

Securing the Cloud

With the transition of more employees working from home, it is not surprising that cloud technologies are being adopted at an incredible rate in recent months. Of the 250 IT leaders surveyed, 82% said they have increased their use of the cloud in direct response to the COVID-19 pandemic, with 60% saying their use of off-prem technologies have continued to grow post-pandemic. The same study also found that respondents believe that by 2025 only 22% of workloads will reside on-prem, compared to 35% of workloads that resided on-prem prior to the COVID-19 outbreak.

Cybersecurity Securing Teleworkers in the Cloud

From a business continuity perspective, there has never been a better time to make the move to the cloud. The ability to allow employees to work from anywhere via a virtual desktop or remote infrastructure has been instrumental to keeping employees working, and business moving, during the COVID-19 pandemic.

However, now data sovereignty issues become more of a focus and risk, especially for Chief Regulatory Officers and General Counsels. This country-specific requirement states that digital data must remain within those country’s borders and is subject to the laws of the country in which it is collected and processed. Many countries have had data protection laws for decades, and with the stricter rules put in place by the EU’s General Data Protection Regulation (GDPR), the concerns have become much more prominent.

So while the migration to cloud-based technologies may be straight-forward, securing it may not. Some teams are well equipped to deal with the transition, but many teams find themselves struggling to secure their teleworkers. The cybersecurity skills shortage in Europe is expected to be nearly 350,000 by 2022, which means many teams will have to look for alternative ways to secure their cloud technology.

For many in Europe, the idea of a SOC-as-a-Service, or outsourced managed services, wasn’t a consideration prior to the pandemic. But given the swift changes organizations had to make, they have realized that partners can help to fill a gap with their IT security. Cloud-based SOC-as-a-Service providers offer a lot of flexibility for organizations and 24/7 protection that many organizations can’t fulfill in-house.

If you find yourself trying to build out a secure, cloud-based security program, here are a few principles that you should follow when transitioning data to the cloud:

  • Monitor and secure your Office 365 implementation. Office 365 is continuing to be adopted at an exponential rate, especially since the global coronavirus pandemic hit earlier this year. While it allows businesses to be more efficient and productive when it comes to remote working, it is also a high-value target for cybercriminals. Properly monitoring your Office 365 environments for your remote workers can help to detect account compromises, identify phishing attempts or suspicious email patterns and detect password attacks, suspicious file sharing, permission changes or downloads. Protecting your organisation and having use cases to monitor your remote workers Office 365 environment is crucial, whether you have a hybrid cloud or multi-cloud model – is even more important if you have employees working from home.
  • Make sure your data is secure. The encryption of data in transition should be end to end. In addition, all interactions with servers should happen over SSL transition (TLS 1.2). This will ensure the highest level of security. The SSL should only terminate within the cloud service provider network.
  • Get a virtual private network (VPN) and virtual private cloud (VPC). Having a dedicated cloud environment gives you total control of your data. Customers can connect securely to your corporate data centre, and all traffic from and to instances in your virtual private cloud can be routed to their corporate data centre over an industry standard encrypted Internet Protocol Security (IPsec) hardware VPN connection. This should also be monitored 24/7 for suspicious activity.
  • Look for partners who can help. If you’re struggling to secure your cloud environments, consider finding a partner to assist. Utilising SOC-as-a-Service or other managed security services allows you to not only fill a gap within IT security, but also offers significant cost savings through tailored service offerings. Their continuous detection, protection and response is a great option for organisations that do not have resources for a 24/7 in-house team.
  • Ensure partners follow rigorous compliance standards. If you find yourself looking for partners, make sure their compliance standards are robust. Two of the most important are SOC 2 Type 2 and GDPR. SOC 2 Type 2 is good for internal risk management processes, regulatory compliance oversight and vendor management programs. It confirms that a cloud service maintains the highest possible level of data security. GDPR is the European standard when it comes to data compliance. You should ensure your partners are adhering to best practices that will achieve GDPR compliance.

There is a lot to consider during this time of uncertainty, but once the dust settles, migrating to the cloud properly will provide benefits to your employees and customers alike. If you’re looking for a partner who can help you with this transition, or if we can be of help in any way, please feel free to contact us.