Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
A.N. Ananth
A.N. Ananth

Taking Security With You in the WFH Era: What to Do Next

As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.

Mobile devices, bring-your-own-device policies, traveling employees, and remote contractors and partners have been stretching the security perimeter for the last decade. Still, using VPNs, access control, strong authentication, and other technologies, primary devices and network activity remained in IT's control by being effectively tethered to on-premises systems and continuously monitored within the confines of the extended corporate network.

That was until the work-from-home (WFH) explosion crushed it. Now people routinely use home networks, shared personal computers, and their own devices to access corporate and software-as-a-service (SaaS) resources. Yikes! IT is left with little visibility or cybersecurity control over corporate assets and network activity. Businesses now need cybersecurity that they can take with them.

As CISOs and security teams work furiously to extend their perimeter and re-assess their posture to encompass WFH and provide security people to help them, an essential question to ask themselves is what areas do we prioritize?

Related Content:

5 Tips for Triaging Risk from Exposed Credentials

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

The Verizon "2020 Data Breach Investigations Report" (DBIR) stats below can help inform that decision. Here are three top priorities that deserve careful examination, data driven by the top breach actions identified in the report. For each, we provide questions to self-challenge your level of preparedness. But here is the catch: Ask yourself the questions in the context of a WFH employee using their own device and network, not someone on-premises or with a company device though a VPN.

Phishing, Still No. 1
Business communication runs on email, and phishers are right there with their hooks in the ocean. Based on post-breach analysis, phishing remains the top threat, accounting for more than 20% of data breaches. IT teams must scrutinize how they are protecting WFH employees using their own devices and networks, often shared with family members, from phishing risks.

Self-challenge assessment questions to ask include: Do we get alerts on suspicious email activity targeting employees? Are we identifying phishing attempts and fraudulent schemes that target our business? How quickly do we discover new themes like COVID-19 phishing emails and react? How are we protecting the WFHers? Ramping up your phishing protection for the WFH users should be your first priority.

Stolen Credentials? Well, Yeah
This might be more of an outcome from the other threat actions and perhaps part of all breaches at some point, but however the DBIR decided to slice the pie it is the second most frequent data breach action at around 20%. While strong authentication is an effective solution, usability, cost, and complexity remain barriers to widespread adoption. On the other hand, half a loaf is better than none. Other actions can reduce credential stuffing for privileged accounts or help mitigate its effectiveness as hackers try to spread laterally.

Ask yourself, do we at least require system admins with privileged accounts to use multifactor authentication, and if not, why? How do we audit admin activities such as adding new users and privilege escalation? Can we identify account takeover risks like brute-force attacks? Do we identify successful logins from unexpected countries or evaluate first-time new logins to an asset? Do any trigger alerts, and if so, who responds?

Stolen credentials have many serious ramifications, but you should pay attention to privileged admin accounts and actions, and make sure high-risk anomalies are being flagged — and acted on.

SaaS Misconfigurations … Oops
Surprisingly, cloud configuration errors were high on Verizon's list, and of these, SaaS misconfigurations were highest. Gartner forecasts that through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data and 99% of cloud security failures will be the customer's fault. WFH just amplifies the problem.

Ask yourself, how do you backstop configuration errors or advanced threats to safeguard your cloud infrastructure and SaaS applications like G Suite and Microsoft 365? Do you identify and evaluate successful logins from unexpected countries and improbable geographic access? Is there a process to find and review admin actions with changes to forwarding rules, permissions, or new admin accounts created? Do we monitor downloads from cloud-shared drives?

With so many SaaS apps in use, this should be a top priority for most organizations.

Every organization is facing new challenges in the WFH era, and hackers enthusiastically embrace these challenges as fertile new opportunities. If you want your employees and other collaborators to have cybersecurity they can take with them, you have to re-examine these basic tenets of ITSEC through the new lens of users being at home on uncontrolled and shared devices and networks. You will have to find ways to fence them in.

A.N. Ananth is president of Netsurion, a managed security service provider and co-creator of its threat protection platform, EventTracker. With an extensive background in product development and operations for telecom network management, he has consulted for many companies on ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.