In the wake of Covid19, threat actors are taking full advantage of the industry scramble to work-from-home, and the security weaknesses that presents.

Dark Reading Staff, Dark Reading

May 25, 2020

4 Min Read

Countless organizations have rapidly pivoted from onsite offices to a fully remote workforce for the foreseeable future. Unfortunately, threat actors are currently thriving, taking full advantage of both the scramble to adjust and the security weaknesses that remote work presents. The security priorities many organizations established at the beginning of the year have drastically changed to support this new framework. What makes a remote workforce vulnerable, and how can you best meet the security needs that this type of ecosystem requires? Consider these three factors.

Factor 1: Increase in the Number of Remote Workers
One of the most difficult parts of this transition has been to ensure security now that every employee is outside the safety of the on-premise network. Because nearly everyone is remote, there has been a huge spike in RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) usage linking to your organization’s network. With so many organizations now reliant on RDP and VPNs, attackers have narrowed in on these connections, scanning for vulnerable connections in order to easily launch attacks.

Additionally, the sheer amount of new connections presents its own problem. Securing each one of those new individual connections is a huge challenge, especially since security teams can’t verify or control how employees are managing their own networks.

Factor 2: Increased Attack Surface
As perimeters stretch further by connecting to employees’ homes, countless new attack vectors are opening up. Remote workers likely do not know that their home routers may be misconfigured or unpatched, providing an ideal target for hackers to exploit.

Routers aren’t the only equipment being introduced to the network that can’t be regulated by security teams. Some employees are relying on their personal devices to connect to the network, which are likely running applications that aren’t approved by the IT department. Additionally, every wifi-enabled device in an employee’s home is now also looped in – gaming systems, printers, tablets, and smart TVs, to name a few. Since all of these applications and devices act as shadow IT, security teams are unable to do anything about these potential threats. Even if every device is patched and up to date, each new device provides another possible entrance for attack.  

Factor 3: Increased Malware and Ransomware Attacks
Threat actors are one of the few groups that always prosper in times of upheaval. Typically, industries at the center of these crises become primary targets. Persistent ransomware attacks are particularly common, as they take advantage of these industries’ divided attention to exfiltrate massive amounts of data. Attackers can also rely on the desperation of these organizations to keep functioning, so these businesses are more likely to pay the ransom.

Additionally, the number of phishing attacks drastically increases, capitalizing on amplified emotions of individuals. Heightened anxiety can cause people to become careless, clicking on an email they would normally mark as spam, particularly if it is made to look like important information on the news that is at the top of everyone’s mind.

Increasing Monitoring and Threat Detection
With such a fast-growing network, it can seem impossible to keep up with threats without having an arsenal of people to monitor it. Luckily, organizations aren’t powerless when it comes to these new challenges. Advanced threat detections can identify malicious activity within a network without having to increase the size of a security team. Instead of monitoring the network, modern security solutions can observe traffic, look for and confirm malicious activity, in order to ensure that swift action can be taken the moment it is identified.

Though the current situation with COVID-19 is likely temporary, for security teams, shifting priorities to adjust for employees working from home should not be seen as a long-term initiative. Even after employees are allowed back inside the premises, the business landscape may likely be permanently changed, and remote work will continue to flourish. Adjusting security policies to manage the risk of large remote workforces by adjusting processes and introducing new tools will provide flexibility in how an organization can accomplish work, ensuring you’re prepared for any scenario.

Click on the link for information about Core Security’s Network Insight solution.

About the Author: Bob Erdman, Head of Product Management, Core Security 
Bob Erdman is head of product management for Core Security’s cyber threat solutions. With more than 25 years of experience in information technology, Bob has worked with global customers across numerous industries to help implement mission-critical technology.

 

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights