Why remote working need not mean ‘vulnerable to cyber-attack’

With the right approach organisations can keep data and infrastructure safe under a completely different office dynamic, says Hadi Jaafarawi, managing director – Middle East, Qualys.

Prior to the emergence of COVID-19, technical teams across the region would have likely been planning for a year in which they addressed the finer points of cloud computing — what it meant for their organisation and how to leverage it to facilitate cost management and business agility.

Cybersecurity professionals would have been occupied with how they adjusted their threat postures to accommodate new architectures. Curiously, now that the pandemic has forced governments to keep us safe by imposing lockdowns, CISOs and their teams have more or less the same challenge in front of them: keep data and infrastructure safe under a completely different office dynamic. With remote working becoming increasingly widespread, team members need to find new ways of collaborating, to defend against a threat landscape that shows no compassion for our shared challenge.

Hadi Jaafarawi, Qualys, remote working — *Hadi Jaafarawi, Qualys*

Adapt to survive

Crises always demand shifts in priorities. We must now protect ourselves and others from harm by working in new ways. These necessities are likely to persist, and we must adapt to ensure that our isolation does not yield secondary crises, such as the many economic ones that I am sure occupy your mind as you read this.

From a cybersecurity perspective, we can be certain bad actors will look to exploit the fact that new, unprotected endpoints have now suddenly been thrust upon many corporate domains. An important element of control has been obliterated by necessity, even as it has given rise to new efficiencies. After all, many have argued for some time that working from home has the potential to increase productivity and talent retention.

But we need to beware. Employees’ private devices must be recognised for what they are: weak links in the security chain. Every time someone initiates a session with a remote applications host, they are fodder for attackers. Any time data is in transit, it is vulnerable to hijackers.

The first thing security teams need to do is to take control of the new devices. Whether by bulletin, or by one-to-one communication, they must instruct employees how to patch and update operating systems and install security tools that meet with corporate standards. Such work needs to be monitored and verified to ensure that the weak links have been sufficiently shored up.

Do you feel vulnerable?

Many of the challenges presented by such approaches will centre on getting to grips with large numbers of new devices, understanding their vulnerabilities and clearly communicating the necessary steps to fix such issues to non-technical employees.

Bandwidth may also be a challenge, as will verification and enforcement. And consider that such patching must occur periodically, which means that verification and enforcement are also ongoing. Every day, the cybercriminal discovers more software vulnerabilities to exploit, and security teams — and under the new work paradigm, those teams extend to every remote worker — need to be equal to their cunning.

Normally, IT teams curate patches from the larger vendors to deploy in a single dose. While this simplifies the task, it works better when technical teams have tight control over devices, to allow compatibility testing, and rollbacks if necessary. Under remote-working conditions, IT has the challenge of first establishing what other software is installed and vetting configurations to ensure a smooth patching process. These are not simple tasks when being performed over the wire.

These challenges still exist for those enterprises that had the foresight to bring employee devices up to code before lockdowns were enforced. Because of ever-emerging vulnerabilities and the volatile nature of today’s regional threat landscape, up-to-code devices are unlikely to remain so for long.

Look to the cloud

So, is there a simpler way to manage all of this? Under the new remote-working model, can teams get single, unified views of device ecosystems in a way that allows them to take action in an informed and targeted manner on a device-by-device basis? Is there a way to automate updates?

Yes, yes and yes. Cloud services provide a useful platform for an IT team to get a bird’s-eye view of all devices on their network. Dashboards allow at-a-glance assessment of the level of preparedness of each machine, and other cloud services deliver the means to automate patching with adherence to a regular schedule. Tools also allow for granular control over prioritisation that matches any mechanism previously used in the on-premises environment.

Through platforms such as this, we start to address many of our remote-working challenges as they relate to security: complex monitoring is taken care of; verification is delivered through automation; and enforcement is a given. And so, we return to the controlled ecosystem we enjoyed previously, courtesy of the cloud.

And because we can guarantee the same measure of protections as previously, businesses that rise or fall on their ability to remain compliant with a range of national, regional and international regulations, can continue to operate unabated. Unified insights into every corner of the corporate network are key to business continuity, as is the ability to replicate previous environments where practical and necessary.

Through the cloud, isolation need not mean the same as it used to. Control endures, along with the means to support employees and allow them to remain productive as we work through the challenges ahead. With such capabilities in place, businesses keep thriving and growing as before. Economies survive. And all of us can take some little comfort that when we emerge from the crisis, a return to normal will follow swiftly.

This week

Security Operations Centres to face greater challenges in the coming year

Daniel ShepherdJanuary 27, 2023, 3:43 pmFebruary 3, 20230 12867SOCs to face greater challenges from cybercriminals targeting governments and media.

The new normal: Navigating cybersecurity and remote working amid COVID-19

Adelle GeronimoApril 27, 2020, 2:08 pmApril 27, 20200 4537The coronavirus (COVID-19) pandemic has forced businesses to undergo seismic changes in the way they operate. As flexible policies become standard and remote work becomes a norm, another important challenge is taking the spotlight – cybersecurity.

Dr. Christopher Cooper - DCG Managing Director, Lenovo MEA

How Lenovo DCG is transforming productivity in times of remote working

Sharon SaldanhaApril 23, 2020, 12:44 pmApril 23, 20200 5604Dr. Chris Cooper, Director, Data Center Group (DCG), Lenovo META, shares insights into the IT-giant’s business continuity strategy in times …

How Riverbed accelerates productivity for the remote workforce

RIVERBEDApril 7, 2020, 1:14 pmApril 13, 20200 2983Moueen Zahreddine, regional director, MENA, Riverbed Technology, delves into how unreliable network latency can impact the business and how the company can help address this challenge.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Interview: OTIFYD’s intelligent approach to cybersecurity

Extreme Introduces Hub for Research, Development and Innovation in Networking

Interview: AI continues to strengthen cyber defence

Help AG Unveils Top Digital Threats and Trends in Cybersecurity

AVEVA launches CONNECT, the world’s leading industrial intelligence platform, at Hannover Messe