One of the few positive side effects that we have seen from the pandemic has been the rapid adoption of remote work models, which has led to increased productivity and greater opportunity for work-life balance. Unfortunately, this has also opened up a world of opportunity for cybercriminals, who have used this transition period to gain access to sensitive data and wreak havoc. More than ever, organizations need tools that will allow them to remain flexible by enabling access for employees, customers and partners whether in the cloud, mobile, or on-premise.
Is your organization prepared to deal with the unique threats posed by a remote work environment? As organizations undergo massive infrastructure changes worldwide, here are the top 5 remote work security threats that you should consider:
1. Social Engineering & Phishing
Attackers gaining access to systems via social engineering is nothing new – Criminals have been using phishing techniques for years, preying on fear to trick users into clicking malicious links and downloading malware. More recently, though, this has manifested itself in a variety of different pandemic related scams, with attackers creating seemingly innocent websites claiming to sell medical gear or discuss cures. Instead, they deploy malware payloads to your computer, establishing a connection to an attacker’s command and control (C2) server. From there, the attacker can begin reconnaissance and privilege escalation – Tracking and monitoring your activity to obtain the credentials needed to access sensitive information.
2. Attacks on Remote-Working Infrastructure
In the face of COVID-19, organizations have had to scramble to create new infrastructure that can support the requirements of the new hybrid workplace. In terms of cybersecurity, this has meant a greatly increased attack surface requiring additional monitoring and an expansion of internet-facing perimeters. VPN Brute-Force, Server-Side and DDoS attacks, in particular, have become very popular – For the first time a DDoS attack is capable of crippling entire businesses by preventing remote workers from accessing services over the internet. Expect to see a sharp rise in these kinds of attacks in the coming months.
3. Insider Threats
Unfortunately, sometimes the greatest threat to an organization can lie within the employees themselves. The rise of Work-from-home has created an environment that is perfect for malicious insiders, who can now access and steal sensitive data from the privacy and comfort of their own homes. This risk is perhaps the most difficult to accurately address and determine, as no amount of security monitoring or protection can stop an ill-intentioned employee who has already been provided access.
Similarly, we should also treat our home offices as zero-trust environments. From a company perspective, work-from-home means that confidential conversations are now conducted within range of eavesdroppers, and intellectual property is visible in an unsecure environment. Anyone – whether its delivery personnel or visitors to the house – could potentially steal a company laptop and access sensitive data.
4. Microsoft Azure Apps
Microsoft Azure is a cloud computing service that has exploded in popularity during the pandemic, seeing a 775% user increase in just one month. Unfortunately, attackers have discovered that they can include malicious Azure applications in phishing campaigns. Once prompted, all the user has to do is click “Accept” and the attacker has gained access to your network.
With many organizations just now implementing Azure environments for the first time, it is critical that you maintain visibility over which apps your users are consenting to while also scheduling regular reviews of approved applications to prevent anything risky from gaining access.
5. Home/Public WiFi
Enterprise WiFi networks have an advantage in that an IT manager is typically managing the security and health of the network. In contrast, Home networks are typically secured with weaker protocols (WEP instead of WPA-2), which makes it easier for an attacker to gain access.
How to Protect your Organization:
Endpoint Detection & Response (EDR): Endpoint Detection & Response (EDR) has become one of the most effective ways to protect yourself from sophisticated cyber threats and ransomware. EDR services will typically leverage Artificial Intelligence (AI) and Machine Learning (ML) to analyze millions of events and detect malicious activity, providing 24/7/365 threat monitoring and protection.
Identity & Access Management (IAM): An Identity & Access Management (IAM) solution provides control over user access to information within an organization. This provides the ability to securely store identity and profile data as well as data governance functions that ensure that only data that is necessary and relevant is shared.
Refer to your IT Team: Don’t be afraid to ask someone from your IT team for help! If you are ever unsure about an attachment or website, it is always recommended to get a well-informed second opinion before deciding how to proceed. Similarly, it is always recommended that you use the security tools put in place by your IT team, including things like multifactor authentication (MFA) and security training.
Partner with a cybersecurity company: With today’s rapidly evolving threat landscape, many organizations simply do not have the resources or capabilities to properly protect their data. In such a situation, it may be beneficial to partner with a cybersecurity company like Stratejm that can provide the expertise and tools needed for complete protection.