Canadian Government Executive - Volume 26 - Issue 04

September/October 2020 // Canadian Government Executive / 11 SPONSORED CONTENT 3. The Home Network Connecting from a home network in- troduces risk, since there is no standard configuration for access technologies such as Wi-Fi. Additionally, employee devices are sharing the same access point with other connected personal de- vices and IoT devices such as webcams, smart home devices, and home printers. These devices typically do not have the latest security patches installed (again, the users are not security experts), cre- ating additional risk and a potential point-of-entry into the remote environ- ment – and ultimately posing a risk to the organization. 4. Reach of Corporate Security Controls Proxy servers, mail filters, IPS/IDS, and other corporate solutions may not play as significant a role in stopping threats when employees connect from outside of the corporate office environment. Also, if an employee’s work device is a BYOD, it may not have the same security protections as a company-issued laptop, tablet, or phone. With multiple employ- ees accessing systems and applications remotely and at the same time, user and entity behavior analytics (UEBA) tools may have trouble establishing a new baseline for “normal behaviour” for each user, thereby reducing the tool’s ability to recognize atypical behaviour that may compromise the organization’s systems. 5. Hardened Devices Ensuring that a corporate-issued device remains patched and updated, and that antivirus and other security tools have the latest signature updates are ways to close security gaps, thereby hardening them against exploitation by criminals. These efforts, though, can be more chal- lenging to implement with remote or dynamic workforces. Software patch- ing, for instance, typically occurs dur- ing off-hours. Employees that deviate from the standard 9-to-5 workday to accommodate for childcare, eldercare, and other responsibilities may cause se- curity updates to be delayed or paused, leaving security gaps unaddressed. Extending Visibility to the Dynamic Workforce A virtual public sector workforce chang- es everything. Remote work poses new security challenges and alters the way an agency’s security team handles day- to-day access and how it narrows-in on potential insider threats, among other considerations. As we discussed in the previous sec- tion, there are common characteristics of a remote workforce that introduce new attack vectors. When these vulnerabili- ties –both system and human – are ex- ploited by malicious actors, they can act as a path back to the agency’s network. Ongoing employee education and visibility are the best defences against these and other new risks – and should extend from the agency’s internal infra- structure to each endpoint. While user education can continue remotely, visibility into remote environ- ments poses more of a challenge. RSA offers the following six recom- mendations for gaining visibility into the risks presented by a remote work- force: 1. Combine traditional log monitor- ing with capturing and monitoring network packets to see how threats are traversing the network – from user device, across the network in- frastructure, and to the cloud. This includes VPN links and any other ex- ternal entry point into the corporate network. 2. Monitor activity across all endpoints, on and off the network, for deep vis- ibility into their security state, and properly prioritize alerts when there is an issue. 3. Enhance rule-based or signature- based threat detection with the ad- dition of advanced machine learning through UEBA and endpoint behav- iour analytics to recognize anoma- lies that could indicate malicious intent and threats. 4. Streamline the activities and pro- cesses across security teams to get to the heart of a problem quickly and efficiently. When an incident is recognized, a fast response provides a better chance to stop it before re- sources can be fully exploited. 5. Understand both context and threat intelligence in order to increase de- tection capabilities based on known indicators of an identified attack and/or threat actor. 6. Use technology tools to automate monitoring and response to miti- gate incidents before they impact the entity. Conclusion While remote work options have been in place, the impacts of the ongoing global health crisis have brought about an un- precedented shift in how – and where – we work. The resulting sudden, massive shift to a remote workforce has brought into focus the potential risks, and the need for the leaders of Canadian public sec- tor entities to strengthen their organiza- tions’ security posture. By establishing the right levels of threat visibility and response, leaders can support and se- cure remote workers effectively – and minimize the impact of threats on the organization. A virtual public sector workforce changes everything. Remote work poses new security challenges and alters the way an agency’s security team handles day-to-day access and how it narrows-in on potential insider threats, among other considerations.