Remote work is no longer limited to outside sales reps traveling across the country. Today, the remote employee movement has reached into practically every industry. So much so, in fact, that according to Owl Labs, 52 percent of employees around the world report working from home at least once per week, with 21 percent working from home more than once per week, 18 percent always working from home, and 13 percent one day per week. This marks a substantial change from only a decade ago, when the only people working remotely were often contractors or sales reps.
In light of recent global trends accelerating the increase of remote employees, IT teams need to manage new infrastructure to ensure the long-term security of staff working from home. SOC teams as well, due to recent events, increasingly need the ability to monitor networks and track security incidents remotely. When employees are unable to reliably go into the office, they lack the ability to receive the benefits of a strong corporate network or patch software vulnerabilities.
Away from the corporate network and its security safeguards the attack surface for remote employees is fundamentally increased and IT’s ability to remediate threats is often delayed or nonexistent. Work from home employees face reliability and security issues with their home or public wireless networks, an increased risk of browser-based attacks, and new attack vectors such as remote desktop software that allow IT teams to triage issues without being physically present.
EXTERNAL WIFI ISN’T THAT SECURE
Most modern organizations, whether in the private or public sector, have extensive network monitoring and security tools in place. These include firewalls, network analysis and forensics, and email spam filters designed to catch malicious code before they even access employee computers. There are also IT and security teams dedicated to protecting the network who work on site.
When an employee works remotely, all that protection goes away. In a study on mobile workforce security, 81 percent of organizations reported they had seen WiFi-related security incidents in the last year, with 62 percent of these occurring in cafés and coffee shops. Man-in-the-middle attacks, network spoofing and packet sniffing of unencrypted traffic are the most common. While many WiFi attacks are crimes of opportunity and pose more danger to employee personal data than to your business, they still can put your organization at risk. Confidential information can be compromised if sent over public or even home WiFi, access credentials stolen, and even malware introduced.
Even with a password-protected home WIFI network, you aren’t going to have the sheer scale of monitoring tools that a corporate office does. There is also no guarantee that the password protecting that home network isn’t used elsewhere, or even that it meets the standards of good governance established within the organization. And that completely ignores the 13 percent of remote workers who admit that they cannot connect to their corporate networks, so they use their personal computer and personal email to conduct company business. With the cost of a data breach increasing from $7.1 million in 2018 to $8.64 million in 2019, according to Ponemon Institute research, it’s vital that public and private sector entities leverage a solution that protects their infrastructure without needing real-time updates or connectivity.
That’s why, realistically, you need a solution like moving target defense (MTD) that doesn’t rely on network connectivity to protect the endpoint. With a moving target defense system in place, the employee’s workstation is secured against advanced cyberattacks even on networks that are unreliable or unsecure. MTD also doesn’t require frequent updates to ensure protection, so employees who are unable to travel to the office for updates or have unreliable connections, can still be protected.
REMOTE EMPLOYEES FACE INCREASED BROWSER-BASED ATTACKS
Increased use of SaaS software accessible via a web browser is a parallel trend to the work from home “revolution” as its called. If anything, organizations with a high cloud adoption tend to be the most open to remote employees. Already, according to Deloitte data, 93 percent of CIOs said they are adopting or considering the cloud, and a majority (54 percent) expect to use cloud software for mission-critical applications within the next three years.
With more people working from home, there are going to be more people accessing these SaaS solutions. That opens up employees to browser-based attacks via malicious plugins and web-based exploit kits, because there will be more work conducted through a web browser tied into an unsecured network.
Moving target defense technology is designed to secure web-based user sessions from cyberattack; regardless of the way remote employees access their critical applications, the underlying processes within moving target defense protection enables them to do so securely. Web-based exploit kits are designed as evasive malware, and the process-morphing capability of moving target defense blocks these techniques without the need for updates.
REMOTE SUPPORT CREATES A NEW ATTACK VECTOR
With more people working from home, including the IT department, there is an increased need for remote support tools. These remote support tools enable IT to solve the problems their work from home employees have without needing physical presence. For organizations with a wide footprint, these solutions have fast become a critical necessity.
However, remote desktop tools offer a new attack surface for threat actors. A few short months ago, we wrote about ConnectWise Control being abused to deliver the Zeppelin ransomware. Attackers can use phishing tactics on remote employees to have them install a similar remote desktop tool, which can then be leveraged to deliver any sort of payload.
IT’S TIME TO EVALUATE REMOTE EMPLOYEE PROTECTION
The ability to work remotely is not going away any time soon, no matter how much some organizations try to push their employees to come into the office everyday. This new reality for the modern organization comes with multiple rewards, as well as increased risk of cyberattack.
Remote employees fundamentally need different protections than people working on-site, because they’re outside the four walls of the organization and lack the strong network and endpoint security protections that the IT team has put in place. This places them at higher risk for cyberattack through remote support protocols, browser-based attacks, and unsecure or unreliable home or public networks.
There are ways to mitigate this risk though, such as with prevention technologies like moving target defense. Organizations facing down an increase in work from home employees need to be aware of the risks their remote personnel present, and take steps to ensure that they keep critical data and systems safe while still having the freedom to do their work wherever and whenever they want. Only then will their business be able to continue functioning securely over the long term.
*** This is a Security Bloggers Network syndicated blog from Morphisec Moving Target Defense Blog authored by Ronen Yehoshua. Read the original post at: https://blog.morphisec.com/remote-employees-offer-different-security-challenges