The transition toward a more distributed, remote workforce has been steadily gathering momentum. However, the pandemic has dramatically accelerated that trend as work from home (WFH), and hybrid approaches have become the norm. This new workplace model has placed an increased burden on already stretched security teams as attack surfaces widen, unsuspecting end users become targets, and organizations face increased risk levels.
To highlight this transformation, the HP WolF Security Blurred Lines and Blindspots report found that 91% of IT security leaders spent more time on endpoint security than they did two years ago. In this report, we explore the role of zero trust for enabling SecOps teams to combat new cybersecurity threats that have intensified due to remote and hybrid work environments.
Confronting new attack vectors
Today’s WFH environments have shifted the security boundary and created perimeterless organizations where remote workers regularly access sensitive data via insecure connections. Indeed, employees have been found to take more risks in WFH environments than they normally would in the office. For example, a significant portion of SecOps leaders (89%) are concerned that employees regularly forego using a secure network connection, such as a VPN.
Hybrid and WFH scenarios put enormous pressure on security teams to protect an ever-expanding number of IT assets, requiring them to take a multidimensional view of security. For example, along with rising attacks on wireless and Internet of Things (IoT) hardware, a range of endpoints are being targeted. For instance, more than half (56%) of remote printers were accessible to cyberattackers via open printer ports, and more than a third of SecOps leaders (35%) expressed concerns over increased organizational risk, according to research.
Since the pandemic, workplaces and homes have merged into one environment, and employees increasingly employ work devices for personal tasks. However, indiscriminate use of corporate devices only increases risk and allows cybercriminals to gain a foothold inside systems, exfiltrate data, spy on, and disrupt business processes. For example, phishing attacks and other types of malware increase significantly when using personal email on corporate devices. In 2020, the most common tactics used by hackers to carry out ransomware attacks were phishing campaigns, remote desktop protocol (RDP) vulnerabilities, and software security holes, according to a report from CISA.
Employees in WFH and hybrid environments also use unsecured personal devices for business. Based on the rise in cyber incidents, attackers have identified these vulnerabilities and regularly target remote and hybrid workers by using dedicated malware campaigns that exploit human error through social engineering. These operations represent a trend that SecOps leaders continue to grapple with as they search for effective counter-measures.
Neutralizing threats with zero trust
The transition to WFH and hybrid scenarios across the business spectrum have shifted the center of gravity in terms of security. However, organizations with hybrid and remote work environments don’t have to settle for constant threat vulnerabilities. Instead, a zero trust approach disrupts the standard security model and rebalances the need for protection rather than relying on detection. Zero trust states that nothing should be relied on implicitly and that only context allows access, such as user identity, device, location, and security posture.
Zero trust represents a fundamental building block of HP Wolf Security which employs defense-grade, hardware-enforced isolation to help organizations successfully respond to current threat levels. HP Wolf Security uses micro virtualization (micro-VM) for threat containment and analysis. Once a user exits the micro-VM, the malware is destroyed, ensuring that the endpoint is not compromised. Attackers can't access the sensitive information they seek, and protection is achieved without any impact to end user productivity.
The HP Wolf Security platform helps overstretched security teams defend against the plethora of new attacks and risks associated with our increasingly distributed way of life. From the maker of the world’s most secure PCs* and Printers**, HP Wolf Security represents a new breed*** of endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. For more information, visit www.hp.com/wolf.
*Based on HP’s unique and comprehensive security capabilities at no additional cost among vendors on HP Elite PCs with Windows and 8th Gen and higher Intel® processors or AMD Ryzen™ 4000 processors and higher; HP ProDesk 600 G6 with Intel® 10th Gen and higher processors; and HP ProBook 600 with AMD Ryzen™ 4000 or Intel® 11th Gen processors and higher.
**HP’s most advanced embedded security features are available on HP Enterprise and HP Managed devices with HP FutureSmart firmware 4.5 or above. Claim based on HP review of 2021 published features of competitive in-class printers. Only HP offers a combination of security features to automatically detect, stop, and recover from attacks with a self-healing reboot, in alignment with NIST SP 800-193 guidelines for device cyber resiliency. For a list of compatible products, visit: hp.com/go/PrintersThatProtect. For more information, visit: hp.com/go/PrinterSecurityClaims.
***HP Security is now HP Wolf Security. Security features vary by platform; please see the product data sheet for details.
Senior stakeholders who want to hold on to their CISOs must ensure that they have sufficient incentives and, more importantly, support to cope with the burden of risk that they are carrying.
The most alarming takeaway from Cisco’s new Cybersecurity Readiness Index report is that even after decades of having the importance of cybersecurity driven home, cyber threats are still taken too lightly.
In today’s data-driven world, higher educational institution networks and their management must be modernized to address the needs of everyone across campus. Enterprises face similar challenges and also need to modernize their networks.
