Millions of desks are sitting empty because of the COVID-19 epidemic, turning remote work into the “new normal.” Sudden as this transformation may be, however, it’s actually an acceleration of existing trends.
Before the pandemic, 62 percent of employees in one survey worked remotely part-time, and 30 percent did so full-time. After the pandemic, we should expect both those figures to increase significantly as companies exercise an abundance of caution. And as employees grow used to working from home, we may see a paradigm shift away from the concept of in-person, on-site employment. Coronavirus could, conceivably, be the tipping point that normalizes remote work.
Regardless, it’s here to stay into the foreseeable future, and companies must be realistic about the situation at hand: remote work makes companies uniquely vulnerable to cyber attacks. That’s true for any company no matter the size or industry. Remote work, by nature, widens existing security flaws, creates troubling new ones, and invites attackers to prey on easy victims. Here are five examples you need to guard against:
- Insecure Home Networks: Enterprises go to great lengths to secure their IT infrastructure, including networking monitoring tools designed to halt threats at the perimeter among other solutions designed to limit approach vectors. Contrast this with the average home computer, which is probably running a consumer-grade firewall and antivirus software that is not reliably kept up-to-date. It’s no surprise that 73 percent of IT leaders surveyed think that remote workers are a bigger risk than on-site workers. Home computers aren’t the same as work computers in terms of security—or in terms of performance. Unreliable home networks may cause data, applications, or conferences to go offline and bring business to a halt. It’s a paradox: the same technologies that facilitate remote work also threaten cybersecurity and compromise business continuity.
- Expanded Attack Vectors: When the vast majority of work happens over the internet, remote employees are constantly exposed to threats that target web services and applications. In addition to being aggressive, these threats can be invisible to signature and machine-learning based antivirus if they utilize “fileless attacks” to evade detection. They’re also creative. With millions more people attending video conferences, hackers have devised ways to hijack the administrative privileges granted to conferences to remotely execute malicious code. Bogus conference invites are also ideal cover for phishing schemes. In fact, between March 8 and April 12, Morphisec saw phishing and adware attacks soar from just 2,000 per week to more than 90,000 per week. Hackers exploit uncertainty—something in abundant supply in today’s remote offices.
- Limited Remediation Opportunities: Infected machines usually require the direct attention of technicians. That’s easy to accomplish in an office environment but functionally impossible with a remote workforce practicing social distancing. If a remote employee’s computer becomes infected, the IT department has little if any means to respond. As a result, attacks last for longer and the damage tends to be worse. The average breach already costs companies $8.94 million—assuming IT can get to the machines involved. Cut off from the normal response and remediation resources, though, who knows how much that total could multiply.
- Strained Security Resources: Lacking the cybersecurity resources that the average enterprise supplies in-house, remote computers are on their own in the wild. Each one is an isolated endpoint that must bear the full responsibility for safeguarding company data, applications, and networks. That’s a lot to ask of a consumer firewalls and client-based antivirus software, especially when they’re defending against novel attacks and high-volume offensives. Antivirus software missed 60 percent of attacks in 2019, which doesn’t promote confidence when that same software is suddenly the foundation of the cybersecurity infrastructure.
- Isolated IT Assets: Companies can manage the risks of remote work as long as everyone uses a specifically-calibrated computer that the IT department has already hardened. The problem is that would require going back in time and preparing for the pandemic early. With many employees using personal devices some or all of the time, IT can’t access those devices to harden cybersecurity or standardize settings. Each machine contains vulnerabilities that can’t be addressed and liabilities that can’t be understood.
Moving Target Defense Secures the Remote Workforce
There are two ways to approach cybersecurity: preventing attacks or minimizing the damage. Trying to identify and stop all the attacks launched against remote workers isn’t feasible for all the reasons outlined above. But what if those attacks had limited consequences?
Moving target defense running on a remote computer morphs the application memory—the target for most kinds of evasive malware, zero-days, in-memory exploits, and fileless attacks. Think of it this way: instead of trying to stop attackers at the door, moving target defense works to hide what they’re looking for.
As a cybersecurity strategy, it’s both simple and sophisticated. Most important, IT can remotely deploy moving target defense now to secure the increasingly remote workforce of today and tomorrow. If this is the new normal, companies must do what they did before and make cybersecurity—remote instead of on-site—a top priority to ensure that their employees can access the tools they need when they need them in a safe and secure manner. Moving target defense can make that happen.
*** This is a Security Bloggers Network syndicated blog from Morphisec Moving Target Defense Blog authored by Andrew Homer. Read the original post at: https://blog.morphisec.com/remote-workforce-hidden-risks