Recently, the need for being able to work remotely has dominated the news, making it clear that the ability to connect from anywhere may soon become the norm for more businesses and industries than ever before. While remote work may be coveted by many employees, it can easily fill your cybersecurity team with dread. Telework can create many new security weaknesses for an IT environment, and can significantly increase your organization’s chance of a devastating data breach. Read on to find out what makes these new network connections so vulnerable, and how you can reduce your risk.
1. A Rapidly Extending Perimeter to Secure
Businesses with onsite employees and workstations used to have an easily identifiable security perimeter—the building in which the office was located, and the network IT teams set up there. The cloud expanded the perimeter, but the majority of connections to the cloud were from different branches of the business, which were still located in traditional office spaces that could be secured and centrally managed.
With remote work, the perimeter has the potential to be virtually limitless, widening to each remote employee’s own router and wifi. Securing each one of those new individual connections is a nearly impossible task. Additionally, since security teams can’t verify how employees are managing their own networks, a remote workforce can mean that every remote worker may also soon be an attack vector.
Planning to implement a remote workforce requires careful consideration, additional resources, and typically a deployment that occurs in phases. Even then, not all security issues may be preventable. Having to quickly adapt to a remote workforce in an emergency, with limited resources, presents even more challenges.
2. Insecure Configurations
As mentioned above, security teams can’t control how individuals choose to connect to the network. While home office configurations have gotten increasingly sophisticated, their initial configuration may not be the most secure. For example, many wifi networks permit remote administration by default, which can serve as a primary vector for attackers. Some remote workers also use their own laptop, which may not be as securely set up than one provided by your IT team.
Additionally, though people may be primarily conducting remote work at home, particularly during an emergency, some may be traveling for business or could choose to go to coffee shops or libraries. While complimentary wifi is convenient, these connections are public and are very rarely properly secured, making them incredibly easy to exploit.
3. Connecting Personal Devices to the Network
Even those with work laptops and a relatively secure home setup may unknowingly be posing a risk to their organization. Once your home network is connected to your work network, so are all of your other devices—from your spouse’s tablet to a gaming console, and even your printer—all of which may not be properly protected. Every one of these devices can be compromised by an attacker, and used as a way into your work computer, exploiting your secure connection to gain entrance into organizational systems and data.
4. Episodic Increases in Malicious Activity
Finally, any time there is a crisis, regionally or globally, threat actors quickly mobilize, using phishing and other scams to take advantage of heightened emotions and the impulsive, reactive behavior that is common during such times.
When the waters are calm, threat actors have to be strategic in their phishing attempts. They can send out mass emails that don’t take much time to make, knowing users are much less likely to click on them because they are generic and tend to get caught in spam filters or quickly raise suspicion. Or they can use tactics like spear phishing, sending tailored emails intended for specific individuals or groups. Fewer emails are sent, but the likelihood that they will be opened is much higher.
However, when things are unstable, attackers can exploit the anxiety people are experiencing, transforming desperation for information into clicks. Attackers don’t need to spend time creating tailored emails for specific individuals when there is a topic that everyone is highly interested in. Threat actors can have the best of both worlds—they can cast a wide net, with the click rate of a targeted attack. Because crises can temporarily blind typically discerning eyes, it is extremely difficult to prevent such attacks.
Reduce Risk with Intelligent Monitoring and Detection
Remote work seems to open seemingly endless new connections to an organizational network, whether deliberately with a secure work laptop, or inadvertently with insecure connections and devices. While your security team can act preventatively by requiring passwords and VPN, there are still too many variables. By taking the zero-day approach to security, organizations have the mindset that they will at some point be breached, and should layer security accordingly. This means that it is also necessary to also go on the defensive, focusing on constant monitoring and detection.
But how do you keep up with this web of connections without drastically increasing the size of your security team? Instead of monitoring the network, advanced threat detection solutions like Network Insight monitor the traffic, looking for and confirming malicious activity, ensuring that swift action can be taken the moment it is identified. This way, your organization is being monitored without disruption, and connections can constantly be added and removed. In most cases, additional headcount is unnecessary, since such a solution carefully analyzes any threat, confirming and prioritizing infections to ensure security teams are equipped with all the evidence they need.
One Core Security customer has already seen the advantages of advanced threat detection after having to quickly move to remote work in recent weeks. While they were using their VPN as a secure connection, they had Network Insight installed to monitor that link. Within 12 hours, there were five threats detected, which illustrates the heightened malicious activity of the current moment. With such rapid detection and notification, this customer was able to thwart each attack, and suffered no damage.
Even with these security challenges, remote work is a great way to meet the needs of your employees, and makes your organization more adaptable and resilient. By understanding the risks and implementing the right processes and tools, your security can be up to the task and equally durable.
Want to learn about advanced threat detection?
Read our guide How to Identify Compromised Devices with Certainty, to learn how to avoid the fallout of a breach by swiftly confirming infection with evidence based analysis.