With the pandemic period, many things have changed in working life. Business people and academics are trying to develop new, efficient and safe working models. For companies, it means increasing use of digital technology to support normal, more flexible working situations post-pandemic. Experts examined the security strategies of this new era. He evaluated hybrid working and Zero Trust approaches.
Although technology giants such as Twitter and Facebook have announced that some of their employees will continue to work from home permanently, this is not really possible for many employees. More than 60 percent of companies plan to implement the hybrid workplace. In this working style, employees will work at home on some days of the week and in the office on some days. However, in the hybrid workplacesecurityThis situation will bring new cyber risks with it. ESET experts have looked at what to watch out for and why.
The challenges of protecting the hybrid workplace
Information security managers today are under immense pressure to protect customer data from theft and critical internal systems from service disruptions. Despite increasing security spending, security breaches continue to increase. With the increase in remote working and the emergence of the concept of the hybrid workplace today, threat actors are gaining an advantageous position. Elements that pose risks for organizations;
Distracted, home workers more prone to clicking phishing links
Remote workers working from potentially unsecured personal laptops, mobile devices, networks, and smart home devices
Vulnerable VPNs and other unpatched software on home systems
Previous leaks or easy-to-crack passwords hence poorly configured RDP endpoints that can be easily hijacked.
Cloud services with weak access controls (weak passwords and no multiple authentication)
Why Zero Trust Approach
In 2009 Forrester developed a new information security model. This model, called the Zero Trust Model, has been widely accepted and adopted since its inception. It was designed for a world where the old concept of trusting everything inside this safety net is no longer valid, using all available security resources. We live in such a world now, thanks to the spread of distributed work and the cloud. Contrary to this old understanding, the Zero Trust model is based on the philosophy of “never trust, always verify” to reduce the impact of leaks. There are three basic principles in practice.
All networks should be considered unreliable
This includes even home networks, public Wi-Fi networks (e.g. airports and coffee shops), and in-house corporate networks. Threat actors are determined to convince us that safe places exist.
If we can’t trust any network, then users are also unreliable. We cannot guarantee that an account has not been compromised or that a user is not a malicious internal threat. That’s why it’s important to give employees enough privileges to perform their jobs properly, then regularly review their access rights and remove privileges that are no longer employee-related.
Assume there is a leak
About a new security leak every day newswe hear. Being on constant alert, organizations must continue to develop their defenses with sound Zero Trust logic and remain vigilant. Leaks are inevitable, but their impact can be mitigated.