Hybrid work and the adoption of hybrid IT demand a stringent approach to cybersecurity says Dave Waterson, CEO, SentryBay
Where do you work? This seemingly simple question has become more complicated to answer in the last couple of years. For many, where they work is a combination of their company’s office and home; or it could be another remote location. Either way, the idea of hybrid working is here to stay.
Organisations have had to meet hybrid work patterns by adopting a hybrid IT approach. This has enabled them to split their workloads across both on-premise and cloud platforms, and to embrace BYoD and BYoPC models.
From a security perspective, hybrid cloud links security policies to the applications that employees are using, and enforces compliance mandates ensuring that data is secure in the cloud. As always, for those working on-premise, data is protected within the corporate network…but is it? If endpoints are connecting with the network as part of a BYoD policy, and they are not secure, that means not only data, but applications, and even platforms can be at risk.
Opening the gate to attack
Given the current economic crisis, it’s understandable that organisations are looking to lower their costs, and reducing capital expenditure on PCs, laptops or even mobile phones in favour of supporting the use of personal devices makes sense. But these devices, or endpoints, are all too often the gateway that cyber-attackers use to gain access.
There are multiple threats when it comes to unprotected devices, and in a previous article, I mentioned both keyloggers and screen grabbers, which are among the most notorious. In May it was reported that Snake Keylogger for example, had made a comeback and was being spread by PDF files but often the ones that do most damage are kernel-level keyloggers that are created to foil standard anti-virus solutions. They conceal themselves inside systems and remain at a low-level, undetected, where they harvest the keystrokes being entered on the keyboard. The spoils for a keylogger lie in gaining passwords, log-in details and sensitive data which the cyber criminal later makes use of.
Screen grabbing malware, in the same way, logs personal or protected information but in this case as it appears on a monitor. Certain events will trigger the malware to grab the screen and covertly dispatch the captured images through to a ‘command-and-control-type’ server. This type of attack is typically used to steal personal financial information, which is why two-factor authentication or complex, frequently changed passwords, can be a good defence. However, where it is executed, it puts all data stored within applications and platforms at risk.
Finding a suitable solution
If an organisation is supporting hybrid working and it has a BYoD policy, and particularly if its infrastructure includes both public and private clouds and on-premise, a range of different defensive solutions is recommended to secure data, applications and platforms. It is no longer enough to have standard anti-virus software, endpoint detection and response, virtual desktops, and two-factor authentication. Protection needs to be even more extensive, and it should be adopted as part of a zero trust approach in which no employee, or device are trusted.
In terms of solutions, the best approach is a layered defence so that if a specific attack bypasses one security measure, it will be stopped by another. The most valuable corporate asset – data – and the applications that handle it, must be placed at the centre, with security layers encasing it protectively. Organisations can do this by adopting security solutions that are designed to create seamless micro environments that allow applications to operate on any platform and in which data is protected and devices are safe.
How does this work? The technology solution builds a secure container in which data entered at the endpoint is automatically ‘wrapped’ so it can’t be stolen or sabotaged before it reaches the cloud server or the network and without any necessity to identify the threat or its origins. This process provides an exceptional degree of protection to employees and companies and it can be easily integrated in hybrid IT environments supporting hybrid working models.