By far the biggest security threat we have seen emerge out of the pandemic is the use of BYOPC, Bring Your Own PC. Due to equipment shortages and logistical problems, most organisations struggled with getting users’ equipment quickly to enable them to work remotely.
As a result, the only options available were to enable BYOPC or simply not to work. The problem with BYOPC is a high percentage of end users’ PCs are already infected with some form of malware or ransomware and when these devices are let onto the corporate network, it becomes an easy way for organisations to get infected.
Multi-factor authentication should be always used for all remote users.
To assist in solving the ransomware problem, Gartner recommends the use of Virtual Desktop Infrastructure, VDI, or Desktop as a service, DaaS, for any non-managed or untrusted device which needs access to a corporate network. Any managed or trusted device should be using an endpoint protection platform, EPP, which includes an endpoint detection and response solution, EDR. Also, multi-factor authentication should be always used for all remote users.
Moreover, users cannot be expected to follow any security best practices. The onus for this must rest with IT and the security department by providing the users with security tools that do not impact on a user’s ability to work.
The most important tool to track and stop the spread of ransomware and supply chain attacks is endpoint detection and response.
IT must first determine what user requirements are and build a use case before deciding which security technologies are needed. In order to do this, they must first look at who is the user and what is their job function, what kind of device will they use and is it owned by them or the company, what kind of applications and data do they need access to and is it located in the cloud or on premises and is the data confidential, and where in the world is the user located as many countries have strict rules about data sovereignty. Once you know user, device, data, and location, you can build a user case and apply the appropriate technology be it DaaS, EPP, VPN, or cloud security.
Gartner recommends the use of Virtual Desktop Infrastructure or Desktop as a service for untrusted device.
The most important tool to track and stop the spread of ransomware and supply chain attacks such as the Solarwinds attack is EDR. However, it is estimated that 90% of Gartner clients do not have the necessary experience or staff to correctly manage an EDR. Therefore, Gartner recommends the use of a service provider to deliver a managed detection and response, MDR, service.
However, if there is one truth about the pandemic is most organisations do not want to manage or secure anything anymore, so the easiest answer is to migrate users to DaaS which then fully returns all control to IT while giving the user the freedom to use any device to work.
Recommendation for CISOs
• There is no way to stop getting ransomware, but you can limit its spread, so threat hunting is a very high demand skillset.
• Experienced IT security professionals who are experts at threat hunting are very few and far between right now.
• Anyone who can demonstrate this ability has a golden opportunity to advance their career.
• If security skills are not an option, virtualisation and cloud application management are the way forward for most IT professionals.
Users cannot be expected to follow any security best practices, the onus for this must rest with IT and the security department.