Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
A.N. Ananth
A.N. Ananth

Taking Security With You in the WFH Era: What to Do Next

As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.

Mobile devices, bring-your-own-device policies, traveling employees, and remote contractors and partners have been stretching the security perimeter for the last decade. Still, using VPNs, access control, strong authentication, and other technologies, primary devices and network activity remained in IT's control by being effectively tethered to on-premises systems and continuously monitored within the confines of the extended corporate network.

That was until the work-from-home (WFH) explosion crushed it. Now people routinely use home networks, shared personal computers, and their own devices to access corporate and software-as-a-service (SaaS) resources. Yikes! IT is left with little visibility or cybersecurity control over corporate assets and network activity. Businesses now need cybersecurity that they can take with them.

As CISOs and security teams work furiously to extend their perimeter and re-assess their posture to encompass WFH and provide security people to help them, an essential question to ask themselves is what areas do we prioritize?

Related Content:

5 Tips for Triaging Risk from Exposed Credentials

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

The Verizon "2020 Data Breach Investigations Report" (DBIR) stats below can help inform that decision. Here are three top priorities that deserve careful examination, data driven by the top breach actions identified in the report. For each, we provide questions to self-challenge your level of preparedness. But here is the catch: Ask yourself the questions in the context of a WFH employee using their own device and network, not someone on-premises or with a company device though a VPN.

Phishing, Still No. 1
Business communication runs on email, and phishers are right there with their hooks in the ocean. Based on post-breach analysis, phishing remains the top threat, accounting for more than 20% of data breaches. IT teams must scrutinize how they are protecting WFH employees using their own devices and networks, often shared with family members, from phishing risks.

Self-challenge assessment questions to ask include: Do we get alerts on suspicious email activity targeting employees? Are we identifying phishing attempts and fraudulent schemes that target our business? How quickly do we discover new themes like COVID-19 phishing emails and react? How are we protecting the WFHers? Ramping up your phishing protection for the WFH users should be your first priority.

Stolen Credentials? Well, Yeah
This might be more of an outcome from the other threat actions and perhaps part of all breaches at some point, but however the DBIR decided to slice the pie it is the second most frequent data breach action at around 20%. While strong authentication is an effective solution, usability, cost, and complexity remain barriers to widespread adoption. On the other hand, half a loaf is better than none. Other actions can reduce credential stuffing for privileged accounts or help mitigate its effectiveness as hackers try to spread laterally.

Ask yourself, do we at least require system admins with privileged accounts to use multifactor authentication, and if not, why? How do we audit admin activities such as adding new users and privilege escalation? Can we identify account takeover risks like brute-force attacks? Do we identify successful logins from unexpected countries or evaluate first-time new logins to an asset? Do any trigger alerts, and if so, who responds?

Stolen credentials have many serious ramifications, but you should pay attention to privileged admin accounts and actions, and make sure high-risk anomalies are being flagged — and acted on.

SaaS Misconfigurations … Oops
Surprisingly, cloud configuration errors were high on Verizon's list, and of these, SaaS misconfigurations were highest. Gartner forecasts that through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data and 99% of cloud security failures will be the customer's fault. WFH just amplifies the problem.

Ask yourself, how do you backstop configuration errors or advanced threats to safeguard your cloud infrastructure and SaaS applications like G Suite and Microsoft 365? Do you identify and evaluate successful logins from unexpected countries and improbable geographic access? Is there a process to find and review admin actions with changes to forwarding rules, permissions, or new admin accounts created? Do we monitor downloads from cloud-shared drives?

With so many SaaS apps in use, this should be a top priority for most organizations.

Every organization is facing new challenges in the WFH era, and hackers enthusiastically embrace these challenges as fertile new opportunities. If you want your employees and other collaborators to have cybersecurity they can take with them, you have to re-examine these basic tenets of ITSEC through the new lens of users being at home on uncontrolled and shared devices and networks. You will have to find ways to fence them in.

A.N. Ananth is president of Netsurion, a managed security service provider and co-creator of its threat protection platform, EventTracker. With an extensive background in product development and operations for telecom network management, he has consulted for many companies on ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...