Tenable - How Organizations Can Secure their Remote Workforce Strategies

When it comes to normalizing the concept of work from home, which had previously been much skeptically regarded, the advent of the COVID19 pandemic has left no stone unturned for doing the same. 

 

In fact a new study conducted by Forrester Consulting in September 2021, revealed that 80% of Indian organizations plan to allow their employees to work from home at least once a week in the next 12-24 months, while 63% plan to make a permanent move to remote work over the next two years. 

 

This outcome makes it apparent that the working style will not remain the same as it had been prior to the pandemic. Yet the downside to this is largely the risk that gets exposed to businesses as remote workers connect to their corporate networks from home, networks which already hold multiple potentially vulnerable devices ranging from gaming consoles to appliances and more. 

 

Presenting itself as a solution for this issue, the Cyber Exposure platform Tenable.io, presented by the cybersecurity company Tenable, offers an extensive and comprehensive coverage and also offers the capacity to predict which security issues can be remediated first, becoming a complete end-to-end vulnerability management solution.

 

This exclusive interview with Kartik Shahani, Country Manager at Tenable India, delves into how the remote work system has interfered with corporate networks and how organizations can secure their remote workforce strategies. 

 

With home and corporate networks dissolving, Shahani has stressed upon the issue that businesses should reconsider what an asset and what a vulnerability is and focus on getting visibility across both, while managing to keep their employees secure. 

 

Also Read | Risk Management

 

 

How has the Remote Work System shattered Corporate Networks?

 

The shift towards a remote working system has dismissed the distinction between the corporate and home networks which had previously been quite evident. 

 

Remote workers on an average, have a minimum of eight devices that connect to their home network and these include employer provisioned devices, personal devices, appliances, wearables and gaming systems. 

 

And on an average, every remote worker has at least three people in their household whose devices are connected to the same home network, Shahani pointed out. 

 

“What’s more, employees are also accessing a significant amount of company data and information from their personal devices. This web of connections that sit outside the traditional corporate perimeter has heightened the risk posed to organizations as security teams lack visibility.”

 

 

Why are Remote Employees a Risk Target for Criminals?

 

The now blurred lines prevailing between the personal and professional lives of employees pose them as a potential risk target for cybercriminals. 

 

Shahani commented on this issue by calling attention to the fact that “IT-provisioned” doesn’t always mean “risk-free.” Information technology, operational technology, and applications which are provisioned by IT all currently present elevated risks because security leaders lack visibility into sanctioned apps.”

 

He also mentioned that in a study by Forrester Consulting, 71% of business and security leaders in India attribute business-impacting attacks to vulnerabilities in systems or applications that were put in place as a response to the pandemic.

 

Also Read | Types of Security Logs for Cybersecurity

 

 

Why is Perimeter-based Security insufficient for Remote/ Hybrid Work Models?

 

As businesses take part in extensive operational shifts to evolve their workforce strategies, such as migration to the cloud and expansion of the software supply chain technology, this has ultimately led to users and their endpoints, data, and applications, shifting beyond the facade of an agency. 

 

Shahani pointed out that this in turn has expanded the surface of potential attacks and exposed vulnerabilities visible across disparate perimeters. As a result, “traditional perimeter security simply isn’t enough to protect multiple environments against today’s cybercriminals.”

 

Instead he stressed on the need of organizations to adopt a zero trust model, where security is woven across the network – with users, endpoints, applications, and files on the network and in the cloud being monitored and authenticated at every access point.

 

Why do Organizations Need to Focus on Securing Third-Party Security?

 

Shahani mentioned the dire need to zero in on securing third-party security, especially when emerging technologies are adopted for Remote/Hybrid Work Models. 

 

“Supply chain attacks such as that of the SolarWinds attack last year serves as a stark reminder of how interconnected the supply chain truly is with gaps in product security processes and oversight.”

 

He added that even a breach by a trusted third party supplier that appears unconnected can prove to hold the capacity to introduce malicious codes directly into unrelated, separate infrastructures and wreak havoc across the supply chain ecosystem.

 

Also Read | Supply Chain Management

 

Network Vulnerability Management and Assessment Solutions Offered by Tenable 

 

Tenable offers organizations with solutions by offering them with vulnerability assessments and management of their networks. 

 

As organizations step into the new work approach which comprises a mix of remote and hybrid work models, “the corporate network perimeter has shattered into a myriad of devices across cloud and on-premises.” Shahani mentioned. Organizations can no longer depend on the tools of yesterday to secure a place in this new reality. 

 

“This starts with adopting a never trust, always verify approach throughout the organization. It calls for viewing trust as a vulnerability instead and posits that any notion of trust be removed from digital systems entirely.”

 

He added that organizations are in the need of a modern, comprehensive strategy to quickly and accurately identify vulnerabilities and misconfigurations in their dynamic infrastructures, a strategy that can offer clear guidance and recommend how risks can be prioritized and remediated.

 

Also Read | Dark Data Meaning

 

 

About Tenable

 

Tenable®, Inc. is a Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. 

 

Tenable's Cyber Exposure Platform gives you all the insight, research and data you need to uncover weaknesses across your entire attack surface. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies.