Industry and technology trends such as Work from Home (WfH), IoT or machine-to-machine communication also have an impact on corporate security. Network boundaries are blurring, users are working in unusual places with different devices, cars are talking to each other and machines are receiving their commands from the data centre. Of course, this is in principle independent of a pandemic, but it accelerates the development.
With the pandemic came the Anywhere workplace. Remote workplaces are often less secure than the desk in the office. An easy prey for attackers to penetrate the inner sanctum of an enterprise. At the same time, the attacks on IT and thus on the productivity of a company do not always have to be direct. The Identity Theft Resource Center has found that employees are less productive after a cyber attack, such as identity theft. Recovering identity takes valuable time and is financially costly, making the employee less focused at work.
Essentially, there are three major dangers lurking in the remote office:
Devices
Remote workers do not always use only the devices they get from the company. Emails are often read and sent with the private smartphone. A document is quickly shared via Google Drive because it is much easier, or the eBay auction runs on the side, when you urgently want to write an offer, but also absolutely want to get the new designer shoes at a bargain price.
Internet of Things (IoT)
More and more household appliances are connected to the internet and unlike in the office, at home your partner, your neighbours and Alexa may also be listening in on important company conversations. The connection to the company network is established via the private router. The refrigerator, the heating or air conditioning system and the television may also communicate via the router in order to receive updates or the new episode of IT Crowd.
Phishing and malware
In the private sphere, people are less attentive than in the company. You may be distracted by the cat or the children. Psychological factors also play a role: the perceived security at home is different from that at work. Cybercriminals are quick to spot vulnerabilities, such as those created when companies move their operations online. According to the VMware 2021 Global Securiy Insights Report, the number of cyberattacks in the UK alone increased by 71% within twelve months.
The economy may be opening up again, but remote working is here to stay. In fact, a Gartner survey found that 47% of companies want to continue allowing their employees to work full-time from home after the pandemic is over. 82% of companies surveyed said employees will be able to work from home at least one day a week (Source)
This means that companies need to prepare for the Anywhere Workforce and reduce the attack surface. Critical resources need to be secured with advanced technology.
A company's most valuable assets - its data - reside in the data centre. Attackers use vulnerable home offices to bypass traditional security mechanisms. Attacks often go undetected for weeks or even months. Advanced workload protection, such as that offered by VMware Carbon Black, helps organisations defend against both known and unknown attacks - including malware, fileless and living-off-the-land attacks.
Threat Intelligence
With increased visibility across the environment, insight can be gained into the operational hygiene, Indicators of Compromise (IOCs), tactics, techniques and procedures (TTPs) of potential attackers, as well as common events that occur on the system. Risk assessments and links to the National Vulnerability Database help organisations understand the vulnerability context. In addition, configuration states on workloads are assessed and continuous assessments are performed. In this way, attacks can be identified more quickly or even avoided altogether.
Advanced monitoring
Prioritised vulnerability reports provide up-to-date system status and help harden workloads against attacks. The focus is on the most common exploits and high-risk vulnerabilities in virtualised and cloud native environments.
There might be dragons!
Most security solutions focus on what is known to be malicious. With whitelisting mechanisms (Zero Trust approach) and the analysis of behaviour patterns, unknown attacks – so-called zero-days – can also be detected and defended against.
Simplifying the security stack
DevSecOps unifies operations across IT, security, infrastructure and development teams. IT and security stacks are consolidated. Silos will be eliminated. A single source of information for security, infrastructure and development teams provides the foundation for advanced workload protection that is integrated with existing infrastructure. Collaboration reduces friction and speeds response to critical vulnerabilities and attacks.
Protecting the hardware
The best security mechanisms are worthless if the underlying hardware is already compromised. To bring even more security to the enterprise, Boston Limited relies on open standards and security that starts with the processor. The Common Vulnerabilities and Exposures (CVE) database has currently catalogued 166,628 known vulnerabilities and is continuously growing by several thousand new entries each year. All Boston server and storage systems use the latest generation processors from Intel® or AMD for even higher security.
To find out more about the Anywhere Workspace solutions visit our product page or to begin your journey with Boston and VMware, our Sales team are on hand ready to deal with your requirements. Contact us on 01727 876100 or email us at [email protected].
To help our clients make informed decisions about new technologies, we have opened up our research & development facilities and actively encourage customers to try the latest platforms using their own tools and if necessary together with their existing hardware. Remote access is also available
Boston are returning to CIUK in Manchester!