Remote work is now the standard option for most professionals, but the growing popularity of working from anywhere has led to a corresponding increase in cybersecurity incidents.
According to a March 2022 report by Alliance Virtual Offices, which provides services to a remote workforce, teleworking during the COVID-19 pandemic has resulted in a 238% increase in cyberattacks. And in “Top 7 Cybersecurity Trends for 2022,” Gartner cited the expanding attack surface associated with remote work and increased use of the public cloud as a major cybersecurity challenge. Trends like these have made security improvements for remote workers and risk-based vulnerability management the “most urgent projects” in 2022 for 78% of CIOs surveyed by security software provider Lumu Technologies.
How does remote work affect cybersecurity?
According to several security experts, a remote work environment can increase the risk of a data breach or other cyberattack for several reasons. Remote work, especially large-scale remote work, greatly increases the potential attack surface that needs to be protected.
Gartner reports that 60% of knowledge workers are working remotely, and at least 18% will not return to the office. “These changes in how we work, along with increased use of the public cloud, tightly connected supply chains, and the use of cyber-physical systems,” warned Gartner, “have exposed new and difficult attack surfaces.”
Remote workers sometimes further expand the attack surface and increase risk by introducing unauthorized technologies. “There has been a rise in shadow IT as people working from home have been buying [technology] it may not be authorized by IT, but they needed to get their job done,” said Sushila Nair, vice president of security services at NTT Data Services and a member of the emerging trends working group at the IT management professional association ISACA. technology can go unnoticed by IT, she added, shadowy IT often lacks the necessary security and protection checks.
Remote work has not only expanded the potential attack surface, but also moved it beyond the usual perimeter defenses, such as firewalls and intrusion detection systems, that organizations have traditionally built to prevent ransomware attacks, data breaches, and other types of cybercrime.
“They protected the castle, but now people don’t work inside the castle,” said Ed Skudis, president of the SANS Institute of Technology. “They are in the field, so these protections do not protect them there. We’ve been saying for years that the network perimeters we’ve built are being dissolved by things like wireless and cloud, but then COVID came along and ruined everything. all before.”
Moreover, cybercriminals are exploiting the shift to remote work by exploiting vulnerabilities in the remote work infrastructure and setting up ways to attack workers themselves. “The attackers noticed this,” Skudis added. “They are really focused on attacking home workers because they are no longer protected in these enclaves that organizations have been building for the past 30 years.”
The most common cybersecurity risks when working remotely
The cybersecurity risks associated with remote work are many and varied, including extended attack surfaces, lack of security skills, vulnerable networks, cloud infrastructures, and work habits of employees.
1. Expanded attack surfaces
As more employees work remotely, organizations simply have more endpoints, networks, and security software, all of which greatly increases the burden on security departments, which are often overwhelmed.
2. Lack of security professionals
HR issues in some organizations can delay adequate protection for remote workers. In its 2022 Global Cybersecurity Skills Gaps Research Report, network security provider Fortinet reported that 60% of 1,223 IT and cybersecurity executives surveyed said they find it difficult to hire cybersecurity talent, with 52% struggling to retain skilled workers, while 67% acknowledged that the lack of qualified cybersecurity candidates poses a greater risk to their organizations.
3. Less oversight by security
“Workers don’t have cybersecurity teams that monitor what’s happening on the home network,” Skudis said. By its very nature, remote work moves some of the system access, network traffic, and data outside the normal boundaries of the corporate technology environment and security monitoring within that environment. According to Skudis, companies typically can’t extend monitoring to all endpoints and all networks that now support remote working.
4. Bad practices and data handling procedures
According to Scott Reynolds, senior director of corporate cybersecurity at ISACA, employees may download sensitive information to their local devices, which may or may not be encrypted, for a variety of reasons. For the sake of efficiency, they may also transmit sensitive company data through insecure channels, such as unencrypted email or files, without realizing the risks involved.
5. Exposure to phishing attacks
Phishing “is still a constant, pervasive threat,” Reynolds said, “and all it takes for one person is to click on something they shouldn’t be doing in order for something to go through.” The risk increases when working remotely, as workers are more dependent on email and less suspicious of a well-planned email phishing attack disguised as a legitimate business request.
6. Unprotected and vulnerable hardware
The sudden shift to remote work at the start of the pandemic meant that many workers used their personal devices to get their jobs done, whether or not they had the skills to keep their home routers, laptops and smartphones properly updated and secure, according to Glenn Nick. , associate director of cybersecurity incident response at advisory services provider Guidehouse.
7. Unsecured and Vulnerable Networks
Remote work also increases the likelihood that employees will use unsecured networks such as public Wi-Fi. Even home networks are often vulnerable to attacks. “People are being forced to work from home in conditions they don’t have the technical knowledge to keep safe,” Nick explained. “They may be ordered to upgrade their routers or use a VPN, but they may not have the technical knowledge to do so. And at the same time, you have nation-states attacking home routers and home network devices.” The threat is so severe that the US Cybersecurity and Infrastructure Security Agency (CISA) highlighted the risk in a June 2022 warning.
8. Insecure corporate network
CISA also noted that hackers target a wide range of networks, including vulnerabilities in enterprise network equipment used for remote work.
9. Vulnerabilities in assistive technology
Companies need to be aware of the technology that allows them to work remotely. “A huge number of vulnerabilities have been discovered in solutions to support remote work,” Skoudis warned.
10. Incorrect settings in the public cloud
The cloud is an essential technology for working remotely, but it also comes with risks. One such risk lies in misconfigurations, especially with regard to access. Organizations may inadvertently grant too much access to users or fail to implement access control. According to the 2022 Cloud Security Report by network security software provider Check Point Software Technologies, more than a quarter of cybersecurity professionals surveyed said their organizations experienced a security incident in a public cloud infrastructure during the past year, and incorrect security settings were the leading cause.
11. Webcam Hacking and Zoom Bombing
Businesses have increased their use of video conferencing and other online collaboration platforms, as have hackers. Cybercriminals can sabotage or interrupt online conferences or prowl undetected to obtain information such as sensitive data or corporate email, which they can use to their advantage, Skudis said.
12. Sophisticated Social Engineering Attacks
Hackers are getting more and more sophisticated to capitalize on corporate shifts to a remote working environment. “[D]Despite the best efforts of defenders, according to the 2022 Social Engineering Report by security software provider Proofpoint, cybercriminals continue to successfully exploit the human factor for financial gain.”
Best practices for remote cybersecurity
The Proofpoint score reflects the longstanding recognition that nothing is 100% secure. But companies that follow security best practices can drastically reduce their chances of being hit by a costly and sometimes devastating cyberattack:
Implement basic security controls. Nick advised remote workers to use VPNs to access corporate systems, ensure that devices connecting to the corporate network are equipped with antivirus software, and follow a strong password policy that requires unique passwords for different sites. Experts also recommended using encryption to protect sensitive data and share files in the cloud so that data does not end up on work devices.
Strengthen corporate data protection program. “Know where your digital information is,” Reynolds said, “what information you collect, where your jewelry is stored, and what you do to protect your data.”
Develop a strong vulnerability management program. Use a risk-based approach to quickly fix the highest-risk vulnerabilities and reduce the total number of unpatched vulnerabilities that hackers can exploit.
Review existing threat detection and incident response programs. “They need to be updated,” suggested Nick, “to keep up with current threats and the current environment.”
Implement and promote zero trust structure. All users and devices should be required to confirm that they are allowed to access the corporate environment.
Deploy user behavior analytics (UBA). A key component of zero-trust UBA uses machine learning and data science to identify and understand a user’s typical access pattern to corporate systems and to flag suspicious activity that may indicate a user’s credentials have been compromised.
Ensure proper cloud configuration and access. Misconfigurations are a major cause of security incidents in public cloud infrastructures. Take steps to address glitches, gaps, or bugs that could put your work environment at risk during migration and cloud work, and set reasonable user access controls.
Establish an ongoing security awareness program. Inform users about potential new security threats and the steps needed to keep the organization secure. “It all comes down to user awareness,” Skoudis notes, “because if you do everything else but don’t tell users how to stay safe, you’re in trouble.”