Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Hybrid and Remote Work is Here to Stay: What Does This Mean for Cybersecurity?

Gone are the days when remote work was the exception and the most distributed employee was the salesperson on the road. As remote and hybrid work become the predominant work structure for organizations, and the new rules of engagement are only beginning to be solidified – most CISOs are asking themselves: how does security need to change?

 

There are many lessons organizations will learn as cultural expectations and practical realities shift on how we define physical and digital workforce norms.
 

Kory Daniels, Global Director, Consulting and Professional Services, provided his take on the changes that so many organizations and their CISOs have faced in this Q&A:

How has IT security changed in the 20 months since organizations were forced to roll out remote and hybrid work environments due to COVID-19?

Before the pandemic, there were two types of businesses: those with a longstanding on-premise technology infrastructure and operations, where people were accustomed to working against clearly defined processes, and newer businesses with less infrastructure debt on-premise from a technical, operational and cultural perspective. This dichotomy  was changed overnight when the COVID-19 pandemic struck, and remote work was widely adopted. It quickly became apparent how capable the existing people, processes, and technology for these organizations empowered a virtual workforce and if the security strategy in place was ready for the shift in their attack surface.

This shift was more challenging for some organizations than others. Newer companies may have seized the advantage of building their business in cloud-first philosophy. Larger and more mature businesses had more variance in where they were in their cloud journey at the time the pandemic hit. These businesses' status quo was upended, which affected how their core revenue-generating operations performed and how the security team could effectively provide resilience.

How has a largely distributed workforce shifted the requirements of security?

The reality is less about the size and more about the risks. Fewer employees, fewer revenue streams, and a smaller data footprint provide the advantages of being incredibly agile. Yet, even with an agile digital workforce in place, companies large and small have needed to review their fundamentals: What are the biggest threats and latest tactics based on remote work? Are our users equipped to understand risks and spot suspicious behaviors? Are our new virtual collaboration tools for file sharing, communication, and business operations secure, and can we effectively see threats from our security team?

For larger businesses that were not as far along in their digital transformation as they may have planned, the shift to remote work was incredibly difficult and disruptive. Overnight, thousands of previously centralized workforces located within controlled environments were suddenly working from their homes on possibly poorly secured home networks and personal devices. An organization’s security posture was further complicated by the sheer volume of vendors and suppliers operating from their own distributed locations. Compounding the issue was staff use of Bring-Your-Own-Device (BYOD), which was at times unavoidable. Even the new tools adopted to help with this transition created opportunities for data to be compromised.

Rapidly reconfiguring protection and detection architecture to reduce exposure and communicate new processes came with many challenges. What once was finely tuned and modeled for a particular network and environment -- to lock down corporate assets for data protection -- now had a vastly evolved attack surface, leaving organizations vulnerable in entirely new ways. Knowing what threats had changed and which tools were right for the job had many companies overwhelmed -- and that’s still true today. 

What then becomes our baseline understanding for normal user and entity behaviors?

Baselines have shifted further since remote behaviors differ from those in the office: logging in later at night, accessing files and systems at different points in the day. It has become much more expensive for organizations, especially those that have mature insider threat management programs in place, to distinguish a bad actor from an actual employee.

The rules of engagement were much more predictable when workers kept to the traditional 9 and 5 workdays and remained at a designated location. Many companies don’t have insider threat management on their radar. And for those that are actively monitoring it, there’s a new layer of complexity with the surge in remote work that wasn’t a widespread issue before. 

Is hybrid and remote work truly the new normal or a temporary solution?  

Business and IT leaders alike are grappling with decisions to maximize efficiency and employee satisfaction for today’s workforce. Once corporate leaders decide on a remote work policy, there are several questions IT leaders should be asking. How well do we understand our attack surface? Is the threat intelligence we have still relevant, and what are the threats we need to prioritize? How effective is our balance between plan, build, and run to ensure our projects are being achieved cost-effectively, on time, and not causing detriment to our ability to maintain monitoring and response.

Cloud-based Infrastructure-as-a-Service tools lay a flexible foundation. Likewise, your partners should be asking themselves similar questions but in reverse: how to manage changing environments, keep alerts relevant and create resilient cloud security strategies in the event of a compromise.

The longer the jury is in session on a definitive approach to hybrid and remote work, the more significant the implications for IT and security will become.

Latest Trustwave Blogs

De-Risk Technology Transitions and Save Money with Trustwave

With all the issues happening in cybersecurity technology lately, such as CrowdStrike’s software update that caused massive outages worldwide last week, it behooves all organizations to take a...

Read More

How Cybercriminals Use Breaking News for Phishing Attacks

Trustwave SpiderLabs issued a warning that threat actors may attempt to take advantage of CrowdStrike’s software update that caused widespread outages by using the news as the center of a social...

Read More

Trustwave Response: CrowdStrike Falcon Outage Update

Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with...

Read More