Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
By Bob Erdman, Head of Product Management, Core Security Cyber Threat Solutions
By Bob Erdman, Head of Product Management, Core Security Cyber Threat Solutions
Sponsored Article

3 Reasons Why your Remote Workforce Is Vulnerable

In the wake of Covid19, threat actors are taking full advantage of the industry scramble to work-from-home, and the security weaknesses that presents.

Countless organizations have rapidly pivoted from onsite offices to a fully remote workforce for the foreseeable future. Unfortunately, threat actors are currently thriving, taking full advantage of both the scramble to adjust and the security weaknesses that remote work presents. The security priorities many organizations established at the beginning of the year have drastically changed to support this new framework. What makes a remote workforce vulnerable, and how can you best meet the security needs that this type of ecosystem requires? Consider these three factors.

Factor 1: Increase in the Number of Remote Workers
One of the most difficult parts of this transition has been to ensure security now that every employee is outside the safety of the on-premise network. Because nearly everyone is remote, there has been a huge spike in RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) usage linking to your organization’s network. With so many organizations now reliant on RDP and VPNs, attackers have narrowed in on these connections, scanning for vulnerable connections in order to easily launch attacks.

Additionally, the sheer amount of new connections presents its own problem. Securing each one of those new individual connections is a huge challenge, especially since security teams can’t verify or control how employees are managing their own networks.

Factor 2: Increased Attack Surface
As perimeters stretch further by connecting to employees’ homes, countless new attack vectors are opening up. Remote workers likely do not know that their home routers may be misconfigured or unpatched, providing an ideal target for hackers to exploit.

Routers aren’t the only equipment being introduced to the network that can’t be regulated by security teams. Some employees are relying on their personal devices to connect to the network, which are likely running applications that aren’t approved by the IT department. Additionally, every wifi-enabled device in an employee’s home is now also looped in – gaming systems, printers, tablets, and smart TVs, to name a few. Since all of these applications and devices act as shadow IT, security teams are unable to do anything about these potential threats. Even if every device is patched and up to date, each new device provides another possible entrance for attack.  

Factor 3: Increased Malware and Ransomware Attacks
Threat actors are one of the few groups that always prosper in times of upheaval. Typically, industries at the center of these crises become primary targets. Persistent ransomware attacks are particularly common, as they take advantage of these industries’ divided attention to exfiltrate massive amounts of data. Attackers can also rely on the desperation of these organizations to keep functioning, so these businesses are more likely to pay the ransom.

Additionally, the number of phishing attacks drastically increases, capitalizing on amplified emotions of individuals. Heightened anxiety can cause people to become careless, clicking on an email they would normally mark as spam, particularly if it is made to look like important information on the news that is at the top of everyone’s mind.

Increasing Monitoring and Threat Detection
With such a fast-growing network, it can seem impossible to keep up with threats without having an arsenal of people to monitor it. Luckily, organizations aren’t powerless when it comes to these new challenges. Advanced threat detections can identify malicious activity within a network without having to increase the size of a security team. Instead of monitoring the network, modern security solutions can observe traffic, look for and confirm malicious activity, in order to ensure that swift action can be taken the moment it is identified.

Though the current situation with COVID-19 is likely temporary, for security teams, shifting priorities to adjust for employees working from home should not be seen as a long-term initiative. Even after employees are allowed back inside the premises, the business landscape may likely be permanently changed, and remote work will continue to flourish. Adjusting security policies to manage the risk of large remote workforces by adjusting processes and introducing new tools will provide flexibility in how an organization can accomplish work, ensuring you’re prepared for any scenario.

Click on the link for information about Core Security’s Network Insight solution.

About the Author: Bob Erdman, Head of Product Management, Core Security 
Bob Erdman is head of product management for Core Security’s cyber threat solutions. With more than 25 years of experience in information technology, Bob has worked with global customers across numerous industries to help implement mission-critical technology.


Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.