The State of WFH Security 3 Months In

The coronavirus-related remote work model has been in place for 90 days in some locations, with expectations that the level of work-from-home (WFH) employees will remain high for the foreseeable future. In fact, according to a new report from Pulse Security, 84% of respondents expect to expand WFH, even though more than two-thirds worry about the security risks.

IT and security teams deserve a lot of credit for how quickly they were able to adapt to the shift with extremely short notice. But now that we are three months in, what does the state of cybersecurity in COVID-19 times look like?

Cybercriminals Taking Advantage of the Pandemic

There are numerous dashboards available tracking cases of COVID-19 across states and countries. McAfee created its own coronavirus dashboard to track the number and type of threats bad actors are utilizing to take advantage of the pandemic. It breaks down these threats by country and sectors to show what industries and areas are being targeted.

The dashboard shows that there has been a clear spike in pandemic-related attacks over the past six months, with trojans the favored threat type. The financial industry is the most targeted industry, followed by transportation, industrial and health care. As of June 18, there were nearly 600,000 malicious detections targeting more than 3,000 unique organizations.

Like other dashboards, McAfee plans to update this one once a day, providing a real-time perspective of how cybercriminals are taking advantage of remote work and concern about the virus.

“The weeks of quarantine have forced individuals and organizations to quickly adapt to a work from home model. A lot more time is spent indoors and online and there continues to be anxiety around when normalcy will be restored,” the McAfee research team wrote in a blog post. “These are trying times for us and a feast for fear mongering (sic) malware criminals.”

WFH Challenges for Security Teams

WFH can be complicated. In a tweet, Jeremiah Grossman, CEO of Bit Discovery, pointed out that WFH can also mean Work from Anywhere (WHA) and that workers have already figured that out. “Zoom,” he wrote, “has been complicit in this dirty little secret with their virtual background feature.” This makes the security team’s job even more difficult as they have to ensure devices and data are protected in a WHA model when everyone else in the company assumes that employees are strictly following a WFH order.

In a study conducted by Ivanti, two-thirds of IT and security professionals have seen an increase in their workload since companies began corporatewide remote work. And while most of the transition to WFH went smoothly, respondents reported an increase of security incidents, with the top issues including a rise in malicious emails, non-compliant behavior by employees and an increase in software vulnerabilities.

IT professionals have tried to make the security transition easier, as 70% have increased VPN use among employees and they are interacting with the security team to provide support for WFH devices.

However, employees aren’t making it easy for security and IT teams. More than half of WFH staff are using their personal devices for work, according to a Morphisec survey, while a quarter of the workers don’t know their company’s security protocols and poor WiFi and internet connections hamper the effectiveness of security software.

“The COVID-19 crisis has accelerated the long-term shift toward remote workforces by five to 10 years,” Andrew Homer, VP of Security Strategy at Morphisec, said in a formal statement. “As tomorrow’s workers seamlessly alternate between work and household tasks on their personal devices, new types of deterministic cybersecurity defenses are required by security teams to limit the need for human intervention. Growing reliance on collaboration applications, which can’t be patched fast enough, begs for the use of defense mechanisms such as moving target defense to thwart in-memory exploits, zero-day attacks and evasive malware that will continue targeting distributed employees.”

Featured eBook
Identifying Web Attack Indicators

Identifying Web Attack Indicators

Attackers are always looking for ways into web and mobile applications. The 2019 Verizon Data Breach Investigation Report listed web applications the number ONE vector attackers use when breaching organizations. In this paper, we examine malicious web request patterns for four of the most common web attack methods and show how to gain the context and ... Read More
Signal Sciences
Sue Poremba

Sue Poremba

Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

sue-poremba has 113 posts and counting.See all posts by sue-poremba