Rethinking cyber-security to protect the anywhere workforce

Rethinking cyber-security to protect the anywhere workforce

Rick McElroy at VMware offers practical strategies for protecting remote and hybrid workforces

It’s time for security teams to switch gears. We’ve reached a pivotal point in the history of cyber-security where externally generated change has delivered a mandate for the industry to think differently and fundamentally alter our approach.

The remote work environment is here to stay, so we need to assimilate what we’ve learned and devise a roadmap that will allow us to proactively protect the anywhere workforce. It’s a once-in-a-generation opportunity, so the question is, where should cyber-security strategists focus as we set a course for the years ahead?

To answer that question, VMware surveyed more than 3,500 senior cyber-security professionals to understand the current threat landscape and the impact of the past year. The insights we uncovered show a cyber-security environment where malicious actors have thrived, and attack volume and sophistication have escalated.

As entire industries pivoted to working remotely, breaches were the inevitable result. Here is what we learned, and what we believe security leaders need to do next.     

Visibility is everything

Visibility is (still) everything. Organisations need to prioritise gaining oversight of the distributed network. The anywhere workforce has created a visibility problem. The volume of attacks has increased for three quarters of global organisations, and 78% say they saw more attacks due to increased remote working.

However, the true scale of attacks is hard to discern as defenders can’t see into the corners where personal mobile devices and home networks have been grafted on to the corporate ecosystem. On top of this, the risk posed by third party apps and vendors has increased the number of blind spots.

Consequently, cyber-security teams need contextual oversight and better visibility over data and applications – in fact, 63% of the professionals we surveyed said this was important.

A key priority must be gaining visibility into all endpoints and workloads across the newly defined and highly distributed ‘work from anywhere’ network. This network looks and behaves differently to those of the past, so familiarising teams with its quirks and vulnerabilities is critical. Robust situational intelligence is needed so teams understand the context of what they’re looking at and have confidence that they are remediating the risks that matter.

Prepare for ransomware attacks

Familiar TTPs saw a resurgence last year and none more so than ransomware. It was the joint top cause of breaches among the organisations we surveyed, and our threat intelligence unit saw a 900% spike in attacks during the first half of 2020. Attacks have become multi-stage as attackers focus on gaining undetected access to networks, exfiltrating data and establishing back doors, before launching ransom demands.

To tackle this resurgent issue and avoid falling victim to repeated attacks, organisations need a dual approach that combines advanced ransomware protection with robust post-attack remediation to detect the continued presence of adversaries in their environment. This means committing resources to threat-hunting while also hardening the common attack channels, such as email, which remains the most common launch point for ransomware attacks.

Close the gaps in legacy technology and processes

The switch to remote working exposed weaknesses in security technology and processes, which subsequently led to breaches. Organisations that had not yet implemented multi-factor authentication found that remote workers could not securely access corporate networks without introducing significant risk.

Now that remote working has become a permanent feature, security teams have a strong mandate to demand strategic investment to close those gaps between their current security environment and what is now needed to protect the anywhere workforce.

Re-think security and deliver it as a distributed service

The top cause of security breaches among our surveyed organisations was third party applications, underlining the endemic security risk in the extended enterprise ecosystem. This, together with the distributed environment, reinforces the need to rethink security approaches.

Fundamentally, the security problem has changed. While this change has been under way for some time, as demand for mobility and flexibility has fractured the corporate perimeter, the events of the past year have obliterated it entirely.

Gone are the days when IT is focused on securing company-owned desktops for employees working on campus, connecting to corporate applications running on servers in a company-owned data centre. Today, remote workers are connecting to applications running on infrastructure that may or may not be managed, owned, or controlled by the company.

With so many new surfaces and different types of environments to defend, endpoint and network controls must be highly adaptable and flexible. This means organisations must deliver security that follows the assets being protected. For the majority, this means turning to the cloud.

Cloud-first security comes with a cautionary note

The shift to a cloud-first security strategy is universal in the drive to secure the cloud-first environment.  Nevertheless, this shift brings its own challenges. The cloud is not a security panacea and controls must be vetted by organisations because if adversaries want to attack at scale, the cloud is the place to do it.

In fact, cloud-based attacks were the most commonly experienced attack type reported globally. Adversaries are prepared to piggyback on companies’ digital transformation, and it is certain that we’ll see more sophisticated cloud attacks over the coming year.

The last year has shown just how important cyber-security is to the resilience and continuity of businesses worldwide. With this rise in profile, the industry is in a strong position to take this once-in-a-generation opportunity to move beyond the siloes of legacy approaches and roll out strategies where security is unified, context-centric and intrinsic.

Rick McElroy is Principal Cyber-security Strategist at VMware. For the data behind the insights in his article, read the full VMware Global Security Insights report here.

Main image courtesy of

Copyright Lyonsdown Limited 2021

Top Articles

Top 6 Mobile App-Related Data Breaches

Smartphones are a prevalent feature in modern life. With more than three billion smartphone users around the world, who downloaded over 200 billion apps in 2019, it comes as no…

Cyber-security blind spots in PaaS and IaaS environments

Research finds that 100% of companies experienced a security incident, but continue to expand their footprint

Popping the hood on deep learning

Now that cyber-criminals have learned how to compromise machine learning defences, deep learning provides a way forward for security teams

Related Articles

[s2Member-Login login_redirect=”” /]