Managing Security When Everyone is Working from Home (and Hiring)

During the COVID-19 pandemic, many organizations needed to adopt remote work to maintain operations.

During this forced experiment in remote work, many companies found that supporting telework brought benefits to both them and their employees. As a result, 70% of companies plan to maintain a hybrid work model even after the pandemic subsides. Additionally, 97% of employees want to work remotely or under a hybrid model.

The shift to remote and hybrid work models offers significant advantages to an organization and its employees. However, it also creates significant security challenges for organizations looking to secure their remote workforce at the same level as their on-premises staff. During the pandemic, the rush to implement remote work caught many organizations unprepared, leaving companies playing catch up in terms of security.

Work From Home Introduced Complex New Security Challenges

Before the COVID-19 pandemic, security teams were already overwhelmed. 70% of security operations center (SOC) analysts investigated more than ten alerts per day, and most alerts take over ten minutes to investigate. According to 45% of SOC analysts, more than half of these alerts were false positives.

High alert volumes took security teams’ focus away from other tasks, such as managing their IT infrastructure. At the same time, the size and complexity of their infrastructure were growing rapidly. With increasing cloud adoption, corporate attack surfaces expanded, and the rate of data breaches increased.

The COVID-19 pandemic and the resulting shift to work from home (WFH) exacerbated this issue. In the past, employees primarily worked from company-owned devices connected to the enterprise network and protected by security solutions deployed at the network perimeter. With remote work, employees are working from untrusted devices and networks outside the perimeter, increasing their exposure to cyber threats.

Security Impacts of Widespread Remote Work

A remote workforce shares many of the security challenges of on-site workers, but they also introduce new security challenges. Some of the impacts that widespread remote work has on corporate cybersecurity include:

• • Complex Infrastructure: With remote work, companies had to expand their infrastructure to meet the needs of off-site workers. Increased deployment of remote access tools, cloud-based infrastructure, and other solutions makes the corporate network more complex and introduces additional vulnerabilities for cybercriminals to exploit.
• • BYOD Policies: As remote work became more common, many companies adopted bring your own device (BYOD) policies to allow remote employees to work from personal devices. These dual-use devices are likely to be insecure and non-compliant with corporate security policies.
• • Unpatched Vulnerabilities: Historically, remote devices have been slower to apply updates and patches than on-site systems. As the proportion of an organization’s IT assets that are off-site increases, slow patching creates more opportunities for cyber threats to exploit insecure systems.
• • Shadow IT: If approved systems and tools do not meet employees’ needs, they often turn to workarounds or alternatives to complete their duties. With remote work, employees are more likely to resort to shadow IT if companies have not worked out all of the bugs in their telework strategy and infrastructure.

The IT shifts caused by remote work have exposed companies to increased security risks. In fact, 67% of cyberattacks have targeted remote workers, and 80% of business leaders claim that their businesses face additional security risks due to remote work.

The recent surge in ransomware attacks is a prime example of the impacts of remote work on corporate cybersecurity. Ransomware attacks have taken advantage of remote workers’ insecure devices and their connections to the corporate network to bypass traditional security controls. In the first half of 2021, the volume of ransomware attacks grew by 91% compared to the same time the previous year.

How Remote Work Has Changed the Cyber Threat Landscape

Remote work has changed corporate infrastructure and how companies do business, but this is not the only impact. Cyber threats have responded to the shift to remote work by taking advantage of these changes to corporate IT infrastructure. Some prominent security trends created by the transition to remote work include:

• • Phishing Attacks: Remote workers are more vulnerable to phishing attacks because they can browse the Internet and access email without the protection of the corporate firewall. Cybercriminals have taken advantage of this increased vulnerability, and the number of phishing attacks exploded after COVID-19 drove widespread adoption of remote work.
• • Account Takeover: Remote workers commonly access online accounts and applications as part of their
  duties, and companies have more Internet-facing services to support their remote workforce. Account takeover attacks targeting these services have grown significantly with the expansion of remote work as cyber threats take advantage of changes in the corporate landscape.
• • Remote Access Exploitation: To support remote workers’ need for access to the corporate network, many organizations have deployed remote access solutions such as virtual private networks (VPNs) or the remote desktop protocol (RDP). Cybercriminals took advantage of this by making weak RDP credentials and VPN vulnerabilities their primary means of delivering ransomware to an organization.
• • Data Exfiltration: Remote workers often need access
  to company information to fulfill their roles, meaning that sensitive information is being accessed and downloaded to potentially insecure and employee- owned devices. Cybercriminals can gain access to this data more easily than if the data remained on the more secure corporate network.
• • Collaboration Tool Attacks: Remote work has
  forced employees to use online tools to support corporate collaboration, including document sharing, videoconferencing, and more. Cybercriminals have taken advantage of this trend by using these platforms for phishing and malware delivery.
• • Rise of DDoS: With remote work, access to corporate
  IT resources is more important than ever. As a result, Distributed Denial of Service (DDoS) attacks have become more common as attackers look to disrupt this access and make a profit doing so.
• • Insider Threats: With the adoption of remote work comes greater opportunity for shadow IT and insider threats. Employees looking for ways to do their jobs may bypass corporate security policies and use unauthorized solutions, creating opportunities for attack. Companies cannot rely on their end-users to secure their IT environments.

How Organizations Are Addressing the WFH New Normal

Remote work is here to stay, and organizations are adapting their security strategies to account for it. Some of the steps that organizations are taking to address the new cyber risks introduced by work from anywhere include:

• • Secure Remote Access: Remote workers need the ability to access the corporate network and systems securely. Secure remote access approaches, such as zero-trust network access (ZTNA). Embracing the zero trust philosophy for remote access enables an organization to monitor and enforce security policies for business traffic before it is routed to its destination.
• • Multi-Factor Authentication (MFA): Account takeover attacks are a major threat that have become more common with remote work. MFA mitigates the threat of account takeover by requiring users to access another authentication factor to log into the system.
• • Biometrics for BYOD: With remote work, BYOD policies have become more common. BYOD policies for remote work increase the potential for dual-use devices that could grant unauthorized users access to corporate data. By requiring biometric authentication for BYOD, organizations ensure that the device user is actually a legitimate user and not someone who knows their device password.
• • Endpoint Security: With remote work, endpoints have become a prime target of cybercriminals and an organization’s first line of defense against cyber threats. Deploying endpoint security solutions on remote workers’ computers helps protect them from infection by malware and other known threats. Antivirus software, which modern malware can evade, is not enough to secure corporate endpoints. Advanced threat detection (ATD), which can detect and block polymorphic malware variants, is the solution.
• • Least Privilege: The principle of least privilege states that users, applications, and systems should only
  be granted the access and permissions required to
  do their jobs. By implementing least privilege and restricting remote users’ access to corporate assets, an organization reduces the risk and potential impact of a compromised remote user’s device or account.
• • Cyberawareness Training: Remote workers are more vulnerable to phishing attacks and other cyber threats than their colleagues in the office. Teaching these employees to recognize potential threats and follow security best practices helps manage the company’s cybersecurity risk.

The transition to remote and hybrid work models has introduced new cyber threats and risks to organizations. Security teams are also still facing the same challenges that they did before the COVID-19 pandemic.

Effectively protecting the expanded and more complex corporate digital attack surface requires solutions that address the security challenges that companies faced pre-pandemic while addressing the unique security needs of a remote workforce. In addition, to secure remote access and endpoint protection solutions, companies should seek advanced network threat detection tools that offer low false positive and false negative rates, prioritizing real threats and eliminating the time wasted by security analysts on non-existent threats. Companies should also take a proactive approach to security, performing threat hunting continuously and automatically to identify and remediate advanced threats.

Managing Security for a Remote Workforce

The shift to remote work has upended traditional business models, and the ability to work remotely has caused significant changes in companies’ workforces. Some employees look for jobs that provide the mix of remote and hybrid work they want, while organizations can take advantage of the larger hiring pool unlocked by supporting work from anywhere.

For many organizations, remote work is not going away any time soon, making it vital for companies to incorporate it into their security strategies. Supporting secure, scalable work from anywhere requires companies to deploy solutions that both address their pre-pandemic security challenges and meet the unique security needs of the modern remote workforce. This includes security tools that can maximize the effectiveness of limited security teams by providing centralized monitoring and management of network traffic from corporate IT devices regardless of location. Security teams will also benefit from supervised machine learning, or AI, designed to reduce false positive alerts and the time and resources required to adjudicate them.

To download this Cybersecurity Work From Home whitepaper as a PDF, click the link below.