By Findlay Whitelaw, Field CTO, Insider Threat Program, and UEBA Solution at Securonix
In the modern world, and with the need to work from home during the pandemic, remote working has become a prominent feature of organizational cultures. This being said, we can all acknowledge the significant benefits that remote working offers, such as increased flexibility, better work-life balance, increased employee satisfaction, reduced commuting times, increased productivity, and access to a global talent pool. However, remote working introduces various workforce and technical challenges, especially cybersecurity, and the rise of remote working has seen organizations become increasingly worried about the rise of insider incidents, necessitating advanced technological solutions, such as security information and event management (SIEM) and user entity behavior analytics (UEBA), to counter these risks.
Workforce challenges in remote working
As organizations navigate the shift to remote working, they grapple with several challenges, including ensuring employees adhere to security protocols outside the traditional office environment. Working from home, in particular, can be accompanied by various distractions, ranging from household responsibilities to personal issues, which can compromise employees’ ability to maintain focus on security protocols, making them more susceptible to phishing attacks or social engineering.
Remote working practices also disrupt regular communication and supervision channels, making it harder to identify irregular, suspicious, or risky behavior that may signal a potential insider threat; managers may need help to monitor changes in employee behaviors, job performance, or engagement levels. Some employees may struggle with the lack of face-to-face interaction and social connection that office environments offer, potentially leading to disengagement and lowered productivity and potential performance issues, and feelings of disgruntlement. Furthermore, remote working can introduce an element of employee isolation, making it harder for employees to seek immediate guidance and clarification, leading to mistakes, or unintentional security breaches, which could also open the doors for malicious threat actors. Additionally, home network security is more relaxed than corporate networks, making them a softer target for cybercriminals. Therefore, as mentioned earlier, employees may need to be more vigilant about security protocols, opening avenues for phishing attacks, data leaks, and other threats.
These factors, if neglected, can inadvertently foster a conducive environment for insider threats, amplifying and fueling organizational security concerns.
Technical challenges in remote working
Acknowledgment that remote working significantly expands the attack surface for cyber threats, presenting several technical challenges; organizations must secure multiple endpoints, ensuring the employees’ devices are secure and up-to-date. Permitting and using personal devices for work, or bring your own device (BYOD), adds another layer of complexity to this challenge for organizations. Virtual private network (VPN) security becomes paramount, and monitoring and controlling data access across geographically scattered teams becomes much more challenging.
These factors increase the organizational vulnerabilities to insider threats, and it’s often difficult to differentiate between normal and suspicious activity, especially when employees access systems at irregular times due to flexible working schedules or different time zones.
Mitigating risks with security information and event management (SIEM) and user entity behavior analytics (UEBA)
To mitigate the increased risk of insider threats due to remote working, advanced technological solutions like SIEM and UEBA can be employed. SIEM solutions aggregate and analyze security data across the entire IT environment, providing a holistic view of the organization’s security landscape. This means anomalous activities can be identified and addressed swiftly, whether from an external hacker or a disgruntled employee. UEBA focuses on the behaviors of users and entities within the network. By applying machine learning and advanced analytics to the data collected, UEBA solutions can identify deviations from normal behavior or activity that might indicate a threat. This is particularly useful in remote working setups with ineffective traditional surveillance mechanisms. Combining SIEM and UEBA capabilities as part of your security strategy will serve as a powerful, proactive, real-time detection and response approach to identifying and countering insider threats and suspicious security incidents.
Combining human factors with technical solutions
It’s fair to say that implementing technical solutions is not a silver bullet. Organizations must also ensure that they provide comprehensive security training that educates employees about the risks of remote working. Training should include topics such as phishing, social engineering, secure communication practices, and best practices for accessing organizational resources and handling data when working remotely. Organizations should also ensure that they establish clear security policies, defining and communicating remote work guidelines, for example outlining information technology acceptable usage policies, providing guidelines for securing organizational devices and networks, best practices on strong password requirements, guidance on data privacy, and how to handle, store, and process data.
While UEBA and SIEM solutions allow organizations to continuously monitor user behavior and network activity, it is equally important to have a robust incident response plan in place, with clear playbooks to support investigations and containment of incidents.
Remote working presents numerous benefits but introduces new challenges, including the increased risk of insider threats. By recognizing the challenges in managing a workforce associated with remote work and implementing appropriate technical solutions like UEBA and SIEM, organizations can significantly enhance their ability to detect, prevent and respond to inside threats. It is essential to balance empowering employees and leveraging technology to create a secure and remote/hybrid working environment that protects organizational assets and reputations.