The prevalence of remote working models adopted during the outbreak of Covid-19 has had a profound impact on the security landscape. According to research from Absolute, a cybersecurity company specializing in endpoint security company, the cybersecurity threat from endpoint devices (accounting for 70% of all data breaches in 2020) increased exponentially during the shift to remote working which meant that more workers were off-network and more information was stored on local devices.
The need to support and secure remote workforces drove an increase in the average number of applications installed per endpoint. With that came an accompanying risk of friction, failure, and noncompliance. ~ Absolute’s 2021 Risk Report
Now, even though many employees have returned to the office and standard models of working since pandemic, the shift to remote/hybrid employment nevertheless remains one of the long-term impacts of the lockdowns. This is primarily due to the rise of geographically distributed business models during this period, and also an increase in employee preferences for more flexibility in how and where they work. To remain competitive and resilient amidst these emerging trends, businesses need to be prepared to embrace remote/hybrid working, and find ways to mitigate the unique risks of remote work in their cybersecurity frameworks.
Splunk, a renowned cybersecurity and digital resilience provider, offers businesses a solution to this problem, leveraging AI’s analytical capabilities to provide an automated risk intelligence and monitoring service, as showcased at their .conf24 event in Las Vegas last week.
Reassessing risk in a remote world
For many, the pandemic became a time to reassess values and priorities – this was not only the case for individuals, but also for businesses.
In an interview with the AI Journal, James Hodge, Chief Strategy Advisor at Splunk, highlighted that the shift to remote working during the pandemic required businesses to reassess their risk profile based on company-specific factors relating to how different digital technologies were being newly adopted to manage the flow of data within their organisation.
“Something we saw over the pandemic with that mass shift to remote working was that [companies] really had to go and think about whether they had the right policies in place, and about the proportion of risks that they had compared to other organisations due to their pre-pandemic practices – things like whether they were using USB devices, printing, etc., beforehand.”
James Hodge, CSA for Splunk, EMEA
With the continual development of AI-powered digital tools for employees, and companies’ increased use of software applications to manage communication and data sharing, the risk posed by such practices now extends to both remote and in-office working models. Implementing regular assessment of company practices and workflows therefore remains a crucial practice for all businesses to help them fully understand and mitigate the risk of remote work, given that it remains a permanent aspect of most organisations’ workflows in post-pandemic society.
A thorough risk assessment should not only take into account the type of technology and digital applications used in remote working, but also factors such as worker location and network privacy. For example, some employees may choose from public spaces such as cafes and libraries where they are likely to use an open network which can make their data more exposed and vulnerable. Such details are unique to remote/hybrid working models, and typically vary from employee to employee, which makes them harder to predict and account for. Nevertheless, they can have a significant impact on the level of risk that remote working poses to security, and therefore need to be taken into account.
However these factors are also more difficult for businesses to control without either overstepping into their employees’ privacy, or implementing a highly restrictive (and therefore unattractive) remote working policy.
Trusting remote workers
There is a fine balance to be struck when it comes to a company’s control over its employees. On one hand, a lack of trust can stifle collaboration and honest communication – which can then become another factor that substantially increases cybersecurity risk.
On the other hand, businesses should also be wary of being too trusting, for example, having no guidelines or policies in place and allowing the employees to work however, wherever, and with whichever tools they want. This can give the impression that the business has no concerns about the way in which employees carry out their work, which can lead to employees becoming careless and over casual in their approach to their work.
Nevertheless, according to James Hodge, companies need to err on the side of trusting their employees, particularly when it comes to the use of AI technology.
“The reality is, whatever the company says, people are going to use this technology. So, one company decided that they were going to have their own implementation strategy behind use of a certain digital tool, and that they were going to lock it down. So if an employee wanted to go and use it to create an image, for example, and use it in a PowerPoint for work, it would mean that the image had to be unbranded, and have some other restrictions. But they locked it down so much that people ended up just using it on their own personal devices with the open source version of it, and emailing the image to themselves, etc., because the company policy became too restrictive.”
James Hodge, CSA for Splunk, EMEA
In balance, business need to find a balance of trust that not only enables them to both give their employees a degree of freedom that is both desired and expected in the modern world of work, but that also means that they can exercise precautions against the risks that this freedom inevitably brings with it.
Fostering open communication channels within an organisation is a key way that this can be achieved, along with education initiatives around cybersecurity, which can help inform remote workers of the specific risks that remote working poses to the security of their organisation. This approach also has the benefit of making employees feel valued and invested in the business, rather than alienated from the top management and scrutinised/censored in their work.
Make your life easier with risk-based monitoring
While education initiatives and open communication channels have an important place in mitigating the risks of remote work, AI now offers businesses an optimal way to control these risks by tracking employee actions in a non-intrusive way.
So how does this work?
With Splunk’s Enterprise Security, businesses can access a correlation search framework, which enables them to gain greater insight into the risk of various actions taken by employees by collecting all risk events into a single risk index. Through this cumulative analysis of various events/actions and the contextual risk associated with them, this index can provide automated risk alerts to detect complex/unusual employee behaviour which may warrant an investigation.
This not only reduces the workload for security analysts, but increases the accuracy and efficiency of risk detection, while at the same time reducing the likelihood of futile/unwarranted investigation into employee behaviour that is based on just one action perceived to be risky.
“By proper monitoring, you can start to catch signals early. That’s where, from our point of view, risk based alerting becomes really important. So I normally use my laptop, for example, between 9 and 5, but one week it looks different because I’m in a different time zone. Now, the first time that happens, is that really a problem? But then, if it happens again, or maybe from home, then that risk goes up and I’m triggering an alert. We can use automations to deploy an agent to put increased monitoring on that laptop.”
James Hodge, CSA of Splunk, EMEA
This automated monitoring service depends heavily on data. Now, thanks to Splunk’s integration with Cisco, a leading software and data company, the accuracy of their risk intelligence service is even more accurate with data from both real time and historical security incidents.
This makes Splunk’s risk-based alerting service one of the most powerful and accurate automated tools in the cybersecurity industry. It promises to be an invaluable asset to security analysts in any business, but particularly in businesses with remote/hybrid models, where employee risk monitoring is typically a more difficult and complex process.