Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/25/2020
09:00 AM
By Bob Erdman, Head of Product Management, Core Security Cyber Threat Solutions
By Bob Erdman, Head of Product Management, Core Security Cyber Threat Solutions
Sponsored Article
50%
50%

3 Reasons Why your Remote Workforce Is Vulnerable

In the wake of Covid19, threat actors are taking full advantage of the industry scramble to work-from-home, and the security weaknesses that presents.

Countless organizations have rapidly pivoted from onsite offices to a fully remote workforce for the foreseeable future. Unfortunately, threat actors are currently thriving, taking full advantage of both the scramble to adjust and the security weaknesses that remote work presents. The security priorities many organizations established at the beginning of the year have drastically changed to support this new framework. What makes a remote workforce vulnerable, and how can you best meet the security needs that this type of ecosystem requires? Consider these three factors.

Factor 1: Increase in the Number of Remote Workers
One of the most difficult parts of this transition has been to ensure security now that every employee is outside the safety of the on-premise network. Because nearly everyone is remote, there has been a huge spike in RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) usage linking to your organization’s network. With so many organizations now reliant on RDP and VPNs, attackers have narrowed in on these connections, scanning for vulnerable connections in order to easily launch attacks.

Additionally, the sheer amount of new connections presents its own problem. Securing each one of those new individual connections is a huge challenge, especially since security teams can’t verify or control how employees are managing their own networks.

Factor 2: Increased Attack Surface
As perimeters stretch further by connecting to employees’ homes, countless new attack vectors are opening up. Remote workers likely do not know that their home routers may be misconfigured or unpatched, providing an ideal target for hackers to exploit.

Routers aren’t the only equipment being introduced to the network that can’t be regulated by security teams. Some employees are relying on their personal devices to connect to the network, which are likely running applications that aren’t approved by the IT department. Additionally, every wifi-enabled device in an employee’s home is now also looped in – gaming systems, printers, tablets, and smart TVs, to name a few. Since all of these applications and devices act as shadow IT, security teams are unable to do anything about these potential threats. Even if every device is patched and up to date, each new device provides another possible entrance for attack.  

Factor 3: Increased Malware and Ransomware Attacks
Threat actors are one of the few groups that always prosper in times of upheaval. Typically, industries at the center of these crises become primary targets. Persistent ransomware attacks are particularly common, as they take advantage of these industries’ divided attention to exfiltrate massive amounts of data. Attackers can also rely on the desperation of these organizations to keep functioning, so these businesses are more likely to pay the ransom.

Additionally, the number of phishing attacks drastically increases, capitalizing on amplified emotions of individuals. Heightened anxiety can cause people to become careless, clicking on an email they would normally mark as spam, particularly if it is made to look like important information on the news that is at the top of everyone’s mind.

Increasing Monitoring and Threat Detection
With such a fast-growing network, it can seem impossible to keep up with threats without having an arsenal of people to monitor it. Luckily, organizations aren’t powerless when it comes to these new challenges. Advanced threat detections can identify malicious activity within a network without having to increase the size of a security team. Instead of monitoring the network, modern security solutions can observe traffic, look for and confirm malicious activity, in order to ensure that swift action can be taken the moment it is identified.

Though the current situation with COVID-19 is likely temporary, for security teams, shifting priorities to adjust for employees working from home should not be seen as a long-term initiative. Even after employees are allowed back inside the premises, the business landscape may likely be permanently changed, and remote work will continue to flourish. Adjusting security policies to manage the risk of large remote workforces by adjusting processes and introducing new tools will provide flexibility in how an organization can accomplish work, ensuring you’re prepared for any scenario.

Click on the link for information about Core Security’s Network Insight solution.

About the Author: Bob Erdman, Head of Product Management, Core Security 
Bob Erdman is head of product management for Core Security’s cyber threat solutions. With more than 25 years of experience in information technology, Bob has worked with global customers across numerous industries to help implement mission-critical technology.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27621
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
CVE-2020-27620
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
CVE-2020-27619
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
CVE-2020-17454
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
CVE-2020-24421
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.