Article
Network Security

Why Work from Home Is Forcing a Rethink on Endpoint Recovery

By Kristian McCann
October 04, 2024
undefined mins
Share
Steve Winterfeld, Advisory CISO at Akamai, highlights the need for rapid recovery solutions for remote work
Although work from home has brought a number of benefits, the number of devices now operating outside of direct company control represents new challenges

Endpoint recovery, the process of restoring compromised or malfunctioning devices following a cyber incident or system failure, is in an unprecedented position. 

The shift to remote work has dramatically transformed the landscape, presenting unforeseen challenges for organisations worldwide. As traditional office boundaries dissolve, the complexities of restoring affected devices have multiplied exponentially.

The proliferation of home offices, connected laptops, smartphones and Internet of Things (IoT) devices has seen the attack surface expand like never before. Not only does this make defending from threats harder, it also makes recovering affected devices more challenging.

“While this is a huge improvement for modern workers, the situation comes with increased challenges for businesses,” says Melissa Bischoping, Director, Endpoint Security Research at Tanium.

As a result, traditional approaches, which can focus on manual processes, to endpoint recovery are becoming inadequate. Therefore, there is a growing emphasis on developing more robust, automated, and integrated solutions that can rapidly restore compromised endpoints to a secure state, minimising downtime and data loss.

Melissa Bischoping, Director of Endpoint Security Research at Tanium, discusses the growing challenges of endpoint recovery

The remote work challenge

Around 72% of employers in the UK offer some form of remote working. These changes have been embraced by employees and employers alike, however, it has also introduced significant challenges for endpoint recovery.

“Remote workers often use a mix of personal and corporate devices, complicating the management and security of endpoints,” explains Quentyn Taylor, Director of Information Security at Canon EMEA. “Ensuring that all devices are protected from malicious factors and are recovered efficiently in the event of a breach is more complex when employees are dispersed.”

Many employees use their personal smartphone to read work emails, and many companies even have a bring your own device (BYOD) policy.  While this gives employers and employees agility to deal with work tasks, it complicates the management and security of endpoints.  

This blend of devices adds a layer of complexity to the task of managing and securing an organisation's IT infrastructure. 

Personal devices, such as employees' own laptops, tablets, or smartphones, may not be equipped with the same security measures or configurations as those provided by the company. This inconsistency poses a challenge for IT departments, as they must ensure that all devices accessing the network are adequately protected against potential threats. 

“Ensuring visibility and control over these diverse and dispersed devices is challenging, especially when many are unmanaged or outdated,” says Melissa. “Remote endpoints often operate outside secure corporate networks, making them more vulnerable to cyber threats and harder to manage. You can't protect what you can't see,”

Personal devices are also more likely to have varied software and operating systems, adding to the complexity of recovering them efficiently in the event of a breach, especially as employees are dispersed. 

This all slows down the speed of recovery, and in the event a large enterprise which employs thousands of employees, can mean the rate of recovery, and subsequent downtime, can take weeks to remediate. 

“Remote and hybrid workers are at greater risk of much longer recovery times. Whether it is just recovering their system or in the worst-case scenario when the majority of the systems have to be recovered at the same time,” explains Steve Winterfeld, Advisory CISO at Akamai.

As CISOs review their risk radar, many are looking for solutions that give greater visibility, rapid and most importantly, mitigation.

“As companies think about the best way to reduce risk, the strategic approach is to minimise potential impact,” explains Steve Winterfeld, Advisory CISO at Akamai.

This idea of a good recovery strategy is one that has less devices to recover, is gaining steam. According to Steve, there is one thing he thinks can realise this strategy.

This idea of a good recovery strategy is one that has less devices to recover, is gaining steam. 

“As I talk to my peers more of them are moving towards adopting a Zero Trust security framework,” he explains. “One where no person or device inside or outside of an organisation’s network should be granted access to connect to IT systems or workloads unless it is explicitly deemed necessary.”

With this new problem of a proliferation of devices outside a trusted network, Zero Trust framework is increasingly seen as the right approach to implement these controls in an industry-approved best practice framework.

Mathivanan Venkatachalam, Vice President at ManageEngine, explores the role of Zero Trust in endpoint recovery and cyber resilience

Rejuvenating endpoint recovery

With so many different devices connected to a network, it can be hard to keep track of just exactly who and what is allowed to be connected and what is an outlier.

“Endpoint recovery processes in compliance with evolving data protection laws across countries also put increased focus on cyber resilience, like preemptive forecasting of device downtimes, proactive incident response planning,” says Mathivanan Venkatachalam, Vice President at ManageEngine.

In this context of resilience, Zero Trust can be a multi-problem solution. Zero Trust is a cybersecurity model that operates on the principle of "never trust, always verify." Unlike traditional security methods, which often rely on a "trust but verify" approach, Zero Trust does not automatically trust users or devices within an organisation's network perimeter. 

Instead, it requires continuous verification of every access request, regardless of whether it originates from inside or outside the network. This model employs strict identity verification, ensures least-privilege access, and continuously monitors for threats, thereby reducing the risk of data breaches and unauthorised access. 

By implementing Zero Trust principles, organisations can ensure that endpoints are continuously monitored and verified, which is crucial for maintaining the integrity and security of IT systems that have people login in remotely. 

Equally, the Zero Trust model's emphasis on least-privilege access and explicit verification ensures that only authorised users and devices can access critical systems, thereby safeguarding data and enhancing the overall resilience of the IT infrastructure.

Yet, in the race to find a technological solution to the issue of having staff work from home brought endpoint recovery, organisations should not overlook a key component: people. 

“User education and awareness are crucial elements of endpoint recovery, forming the first line of defence against cyber threats,” explains Melissa. “Well-informed and trained users are a company’s best weapon against these attacks. By being able to recognise and avoid potential security threats, incidents requiring endpoint recovery are reduced significantly.”

Focusing on educating their remote workforce about potential threats and best practices for maintaining secure home office environments all are critical components of a robust and multi-layered endpoint recovery strategy.

“Equally as important is the need for concrete planning, including regular updates and testing of recovery plans to ensure businesses can quickly respond to incidents,” Quentyn concludes. 

Such a need was highlighted by the recent CrowdStrike IT, which had airline Delta struggling to get their systems back online four days after the incident; cancelling thousands of flights due to the downtime. 

So as remote work continues to be a significant part of the corporate landscape, endpoint recovery strategies must continue to evolve. While it has introduced new challenges, it has also spurred the development of more advanced, flexible, and robust recovery solutions. 

Organisations that continue to adapt to this new reality, and focus on minimisation of incidents alongside recovery from them, stand to survive the issues brought up by the era of remote work and the new way of enterprises operating.

To read the full story in the magazine click HERE

**************

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand

endpoint recoveryremote work challengesZero Trust securityIT resiliencedevice management
Share
Read full article here
Read full article here
Click here
Latest

Digital Magazine

Read Now
Read the latest Digital Magazine today!

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security