CSO Insights: Liggett Consulting’s Mark Liggett on Connectivity and Visibility in Securing Remote Work

Mark Liggett, CEO of Liggett Consulting and longtime IT and cybersecurity key player, sits down with Trend Micro to share his thoughts on the importance of taking into account connectivity and visibility in securing WFH setups.

The coronavirus pandemic has ushered the abrupt shift to work-from-home (WFH) setups in many companies across the globe. When remote work becomes not just an option but the only choice for many companies, it raises vital questions about the technical side of things not only in terms of how to make the transition feasible, but also how to keep it secure.

Liggett Consulting’s CEO Mark Liggett cites this as one of his main concerns. Given his deep experience as a leading expert in the IT and cybersecurity sphere for over 20 years in various industries including (but not limited to) finance, academe, and health, not to mention his previous experiences as Director of IT, Data Protection Officer (DPO), and primary consultant for IT, he recognizes the challenges and opportunities that could arise from remote work setups.

The key concerns here are connectivity and visibility. To require both might seem like a tall order for remote work setups that involve geographically dispersed team members — especially since these members have varying calibers of tools to facilitate both connectivity and visibility. Nonetheless, considering both connectivity and visibility is non-negotiable to ensure security.

In this interview, Liggett sits down with Trend Micro to discuss not only matters to consider for remote work, but also the possibilities of moving forward – and further – with this setup.

Connectivity as a Challenge to Remote Work

“The first thing I want to look at is the barriers people have had and how to take those barriers down,” Liggett says, pertaining to technological requirements needed by employees to effectively carry out their work at home.

This raises the topic of connectivity as one of the concerns that companies need to consider for remote work. Can employees connect to their office systems from home?  If yes, how quickly and efficiently can they do this?

The next things to check are the tools for work. Whether employees take home machines from the office or use their personal devices at home, this presents a security concern, since endpoints remain one of the viable means of entry for compromise.

“If they’re taking equipment home and bringing it back, that’s a concern. But if they’re just using their home system, then that’s a whole different level. Essentially, all bets are off,” Liggett shares. Employees might use personal devices differently from the way they use company-issued ones; at home, they might access a variety of sites and download apps for personal activities, thus exposing themselves to a wider variety of threats.

Another main consideration is the transition from connecting to the office network to a home network. Liggett makes it a point to note the gravity of this shift: “You’re coming out of a controlled, high-availability, high-speed network into your house.” He also notes that at home, the speed and quality of service might be more difficult to maintain, unlike in the office.

Internet bandwidth is another point of concern. Unlike in the office where connection can be configured to be fast and reliable, the home internet connections of employees might vary in speed. He explains, “Not everybody is running in a high-bandwidth environment. So you have people using hotspots, people using their phones, we have people on satellite, we have people on just about everything you can imagine.” It is therefore vital to ensure that the employees’ work is not interrupted and that everything is made available to them despite bandwidth limitations.

Threats Against Remote Work

Connectivity is necessary to facilitate remote work, especially with geographically dispersed employees. However, these connections could also serve as an avenue for compromise. Connected devices have been increasingly targeted by cybercriminals, as shown in our data from early this year.

This is particularly urgent in remote work, as home environments (where security might be less prioritized) are used to connect to office systems. “If they’re already compromised at home, then there’s a high concern for risk there,” Liggett warns.

Additionally, the compromise could come from sources that appear less suspicious, such as printers. According to him, “Printers are fantastic devices and very easily compromised, especially over Wi-Fi – and if you have Wi-Fi compromise, it’s not that hard to figure out the rest of the network and start crawling across the network.” Other devices found at home that use the same internet connection as one utilizes for work might also become sources of threats as well.

Besides pre-existing conditions at home, there has been an uptick in both traditional email-based threats such as Business Email Compromise (BEC), phishing, and credential harvesting, with some attacks even using the pandemic and tools used in WFH setups to propagate compromise. To add, since an employee might be assigned to more than one client, a single infected system can spread compromise to multiple accounts.

Ensuring Visibility

Another concern is visibility, a topic that Liggett is passionate about: “Visibility – and this is a cornerstone of my security practices – is everything.”

I would hope that when this is all done, and we do some lookback and make sure we’re learning from this lesson – that visibility becomes a priority. You can’t fight what you can’t see.

Some attacks don’t exhibit obvious signs of infection or intrusion right away, while some symptoms of compromise are triggered by specific user actions. Some threats can linger for weeks and even months; by the time the user detects the obvious signs of threats, the system might have already long been compromised, and data would have been stolen already.

Indeed, for Liggett, “There are things that might be happening to these companies unfortunately, in this situation, that will go on for weeks or months. Until everyone comes back and plugs in to the network, and suddenly connections are reset or passwords are reset or something happens, then you start going ‘Oh, my systems acting weird.’ And that’s usually the first indication of compromise from a user standpoint, not from an IT.”

This shows the importance of visibility and behavior monitoring to catch threats early on. “We can see things we couldn’t see. We can see the emails, we can see files and URLs getting picked up off of spreadsheets and word docs and PDFs – we’re getting a shot at that, whereas before we didn’t have that visibility,” he recalls.

In relation to this, he acknowledges that some companies with limited budget might prioritize device upgrade to better specifications over improving security. Although this is understandable, it can also be a risky move.

Securing the Future of Remote Work

Even as companies race to thrive in the so-called new normal and perhaps even dare to imagine a post-Covid-19 workplace, the current challenge also gives them the opportunity to discern ways to improve and adapt to unexpected situations. “I think what this shines a light on for every business and disaster continuity plan is that it shows the shortcomings,” Liggett observes. “I think there’s some agility we can implement to move things forward.”

One possible opportunity is for companies to look into secure cloud integration — particularly how it can make remote work more efficient. As Liggett describes it: “Part of the road map of cloud integration is being able to extend in a secure fashion.” This gives opportunities for clients to share data back and forth and set up environments where data transfer and storage can be much more seamless and fluid.

He also recommends investing on training. “I think one of them is going to be educating our users, frankly, on how to be more self-sufficient in a remote setting,” he emphasizes. This includes training employees on the secure use of online cloud systems and data centers, which some of them might not be fully familiar with. This also involves the secure use of applications, operating systems, email platforms, and file-sharing platforms. The use of these tools and platforms might seem second nature to employees, but it might also be taken for granted, possibly leading to unsecure use.

Ultimately, Liggett advocates for a multilayered security approach for utmost visibility of these interconnected components.

“For me, it goes website, email, desktop.  And you have to have all 3 of those pieces connected,” he points out. “The primary influx of viruses and attacks are coming through email. You’ve got to have something. At the minimum, there has to be endpoint protection. You come in, you plug stuff in, people share files with you, you open them up and things happen.”

For any new undertakings, he insists that implementation should be accomplished step by step and communicated well, to gain the support of employees. Regarding the future of remote work and whether it will become a viable option in the long run, Liggett shares that this is primarily a business decision. However, it is also a matter of accountability. According to him, “In looking at remote workers and how to extend that out to the field, you might have to have a change in how your business is accountable, and how your employees are accountable to the business.”

He continues, “Remote work takes some of the pressure off in terms of ‘I have to be in the office X amount of hours to achieve X amount of goals.’ I can be in the office and do those. I can also go home and work a couple of hours there.”

And as with any technical and business decision carried out, security is a vital consideration. “The goal is: any data, anywhere, anytime, any device – and it should be done securely.”


HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Veröffentlicht in Security Technology