The sudden ‘new normal’ emerging for global organizations due to the pandemic and resulting remote work culture has increased IT security concerns, especially malicious insider threats. Inadequate transition time for adapting to the changes and insufficient IT security safeguards have made global organizations more vulnerable to insider threats and cyberattacks.
Still, implementing best practices can help ward-off IT threats emanating from the misuse of digital identities and credentials. So we thought to disseminate information around that. The stage was set. ARCON being the pioneer in Information Security solutions partnered with KuppingerCole, one of the leading Identity and Access Control advisors and consultants in the world to host a webinar.
On 2nd September 2020, ARCON jointly hosted a webinar titled: Remote Workforce: How to Protect yourself from Emerging Threats? The eminent speakers were: Mr. Paul Fisher, Senior Analyst, KuppingerCole and Mr. Anil Bhandari, Chief Mentor, ARCON.
Key Takeaways from Paul Fisher’s session
Global enterprises are busy adopting the remote workforce – the ‘new normal’ of IT infrastructure. In this backdrop, the cyber threats are rising exponentially and the nature of threats is also getting sophisticated. Here is a quick rundown on what Mr. Paul Fisher highlighted on the circumstantial risks of remote work conditions:
- Sudden Shift of on-prem workforce to the remote workforce: Due to emergency mode, most of the organizations had to plunge into “get the job done fast” strategy where IT security might not appear on the list of priorities.
- Unsecured home Wi-Fi: In Work From Home (WFH) conditions, employees manage their work using home Wi-Fi which is never 100% secured. As a result, security risks rise exponentially.
- Weak VPNs or no VPNs: If the virtual private network (VPN) is poor, then the users find it difficult to securely send or receive data across the network.
- Shared Common Passwords and shared files: To make the access control mechanism “hassle-free” (apparently), enterprise IT teams allocate common and shared passwords for multiple users to access critical files/ systems. As a result, monitoring the users and identifying suspicious activities becomes challenging.
- Recently, the FBI reported the number of cyber incidents during the COVID 19 pandemic, which is an alarming increase of 400% compared to that of the pre-COVID era. The statistics in India is scarier with an 86% increase in cyber incidents between March to April 2020.
- The cyber risks accelerate while there is a 40% increase in the usage of the internet across the globe as employees access critical applications, systems or files remotely. In this regard, enterprise-connected devices are more prone to threats.
- There is an abrupt rise of 22% of security vulnerabilities across global enterprise networks in the first half of 2020 compared to the second half of 2019.
- While explaining the must-haves for cybersecurity, Multi-factor Authentication, Endpoint Protection, Patch Management, Data Protection and Frequent Security Training topped the list to combat the emerging IT security risks in remote work conditions.
- The six basic rules for the betterment of cybersecurity are a good sense of security where the instant realization of malicious activities is important. There should be sound knowledge and a thorough understanding of the suspicious links/ emails and safe links. The strong authentication mechanism of the users for accessing business-critical applications or systems bridges the gap between requirement and security. In addition, verification of the email sender especially when it seems to be suspicious in nature through another medium (phone calls) is highly recommended.
Privileged Access Management – An Overview
Key Takeaways from Anil Bhandari’s session
At a time when remote access has become the ‘new normal’ of the digital workspace, organizations have started to treat their remote IT environment as their on-prem IT ecosystem. Confidential business data is the CORE of security and it is highly essential for the organization to know what should be secured, when to secure and how to secure. In remote conditions, while every organization is struggling to maintain business continuity, IT security occasionally takes the back seat. Here is a quick rundown of what Mr. Anil Bhandari has highlighted the USPs of ARCON | Privileged Access Management (PAM) & ARCON | User Behaviour Analytics (UBA) that can walk in-line with the requirement of remote work environment:
- Work From Home (WFH) practice has necessitated the implementation of secured remote accesses to business-critical applications and systems. Organizations require a robust IT security mechanism to manage, control, monitor remote access and the IT risk management team is more agile in establishing trustworthiness.
- During the pandemic, organizations had to spend thousands on laptops and are struggling to overcome various access challenges such as limited access licenses, slow access, user access permissions, critical data access, privileged access, just-in-time access etc. As a result, the “High-Friction Low-Security” methodology has taken the front seat with a lot of daily IT operations challenges across the enterprise network.
- High digital investments were discussed where business models, business modules and overall IT security are taking a different turn. With outcome-based models, organizations are more inclined towards user behaviour centric security rather than conventional device-centric security. In the age of automation, monitoring the users and their activities is drawing more attention rather than just preventing them from accessing business-critical applications or systems.
- The entire world is getting inclined towards an automated IT security model where the users, privileged users, super admins – all are monitored in real-time and their access to critical systems is time-bound.
- The most interesting model of IT security today is an outcome-based model where organizations get inclined more towards a fruitful result than just deploying a traditional security mechanism. For instance, in banks, we no longer deposit our money just to keep it safe, we calculate and check out the amount of return we can get from just depositing it for a certain period. Another interesting use case is from the education industry where the students are more targeted as per their skills and key expertise rather than just providing general education to one and all.
- “Low-friction High-Security” methodology has become the need of the hour due to WFH scenarios across the globe. The entire world is working on virtual access where people are working remotely, earning from home and students are learning from virtual classrooms. In this backdrop, as ARCON experienced with most of its customers, unsecure VPN access, slow internet, IT security remains the major area of concern.
- In the virtual world, Low-friction is a necessity today. We are dwelling in an era where high-security is prioritized by any and every organization everywhere. Low-Friction ideally means the ability of the end-users or rather the daily IT operations team to have an experiential outcome whatever application or critical systems they access inside the organization very seamlessly. That would raise productivity towards a high level with a robust IT security. ARCON is a brand with advanced risk-preventive solutions always improvises on the solution features according to this “Low-friction and High-security” model.
- The conventional controlled access suggests end-users to be on software applications and super-users on software Apps. The attackers always try to gain access to super-user passwords because super users provide complete control of the critical systems.
- Keeping the demand for Zero Trust security infrastructure in mind, ARCON’s security solutions (Privileged Access Management) are always a step ahead with the robustness of risk-predictive mechanisms rather than risk-preventive ones. The Predict | Protect | Prevent model of ARCON enables us to build a Zero Trust framework around privileged identities.
- Lastly, ARCON | User Behaviour Analytics (UBA) is an essential tool to detect anomalous activities in WFH conditions. While large amounts of enterprise data is accessed by end-users from different network zones and geographies, organizations count a lot on an engine that can seamlessly monitor individual user activities and notify the administrators about anything suspicious. ARCON | UBA meets all the requirements of predictive user-behavioural security.
In the times to come, keep posted because ARCON would be conducting more webinars that would focus on several relevant industry use cases and discuss how the risk-predictive technologies can mitigate security threats arising from unprecedented cyber-threats.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.