A CISO's Perspective - Remote Work and Security Challenges

As a follow-up to last week's article: A CISO's Perspective - Smart home but a suspicious CISO

Twitter is allowing their employees to WFH permanently. Uber and Google extended their WFH policy until mid-2021. Facebook also plans to permanently shift towards more remote work even after the coronavirus pandemic. Some companies have even shutdown their offices as the remote work went very smoothly during the pandemic. Looking at this trend, remote work is expected to become more common in days to come.

The Covid-19 pandemic forced people to remain at home; as a result, the idea of work-from-home (WFH) became a necessity and a new normal overnight. However, such a quick shift means that specific security requirements inevitably fell behind, providing the cybercriminals a unique opportunity for attack.

Let’s explore some of the key remote work challenges.

• VPN Attack

With so many people now working from home, most will use VPN to access the corporate network. There are two primary pitfalls to VPN's use; first, too many users can slow down the network access, and second, attackers will now have a greater attack surface to pull off a brute-force attack through the VPN.

• Phishing Attack

One of the top reasons for data breaches is phishing attacks. These attacks are successful because of erroneous human behavior. And, human error is always constant. Also, when there are many distractions when working from home (like children, deliveries, boredom, etc.), mistakes are bound to happen.

The cybercriminals know all this and are taking remote work as an opportunity to spread malware, deploy ransomware, cast doubt and fear, and make quick money. They have ramped-up attacks via spam, phishing, and other malicious campaigns with malicious links and attachments. Once an employee clicks on this malicious link, a hacker can access the employer’s device and, thereby, the corporate network.

• Cloud vulnerability

To benefit from remote work, organizations have increasingly relied on cloud applications and services. Cloud infrastructure allows employees to access corporate resources and become productive in work. However, we are already seeing an increase in cloud-based vulnerabilities, such as misconfiguration, insecure interfaces, account hijacking, etc., being exposed and exploited.

• Malware and Ransomware

Trojan, Virus, Worms, Botnet, Ransomware, etc. plays a critical part in major security breaches.

With remote work culture, the organization now relies more on being digitally connected. Computers and laptops that were once safe behind the office’s firewall are now connected to home or public network with many potential vulnerabilities. Due to this, malware and other ransomware attacks have become more pervasive and effective. Statistics show that most of the attacks observed in 2020 were ransomware infections.

• Inadequate security in a collaboration tool

With remote work, the usage of remote collaboration tools, such as zoom, Microsoft teams, google hangouts, etc., have increased significantly. But, these tools have failed to provide adequate security. At times, many security vulnerabilities have been identified, such as account hijacking, file share vulnerabilities, email address leaking, zoombombing, etc.

• Insider threats

Remote work, during this pandemic, has opened up new insider threats. Many people have lost their jobs and some are scared of losing. As a result, users might download their work files to an unsecured computer for future reference in case they are fired, which increases security risks. 

Also, there are ‘negligent-insider’ who mistakenly give away organizations’ data and put a company at risk. For example, they might open a phishing email or fall victim to a business email compromise scam. 

Additionally, remote employees might use their personal laptops and computers to carry out business operations. Such personal devices will not be protected by organizations’ security bubble, such as web gateways, intrusion detection systems, firewalls, or endpoint protection systems, etc. This significantly increases the risk of data theft.

• Security priorities get scrambled

One of the biggest problems with the “new normal” is that the security priorities often get scrambled.

For example: security awareness training program is as vital as ever; but how, when, and where you create that awareness might get affected. Also, maintaining up-to-date system patches may get postponed at this time, which increases the risk of security breaches.

• Compliance

Whether companies go remote or not, regulatory compliance does not change. There are steep penalties for non-compliance and potential reputational damage.

Those companies that did not have a standard remote work policy had to swiftly develop, test, and deploy the remote operation procedures overnight. They had to ensure that the employees have the resources they need while contending with compliance challenges. 

For example, healthcare industries need to adhere to HIPAA requirements, and any change in sensitive healthcare data should be addressed carefully. However, in order to embrace remote-work, many companies might have overlooked the need to remain compliant with data privacy and protection regulations.

How to reduce security challenges?

With remote work, both the organization and an individual play an integral role in protecting organizational data. Following are some of the security best practices that need to be considered while working from home.

Organizational effort

• Establish a remote work policy

Organizations should have robust but flexible remote working policies. Policy needs to be defined clearly to avoid any ambiguity. It should include what employees can or cannot do.

• Security awareness training

Increase IT security awareness, educate employees about the possible dangers and their countermeasures. 

Provide social engineering and phishing training to employees, educate employees to recognize potential threats, not to open suspicious emails, not to click links contained in such emails, or post sensitive information online, and to never provide usernames, passwords, or personal information in answer to any unsolicited request.

• Implement zero-trust architecture

Because the attack can come from both inside and outside an organization's network, no person or device should be assumed to be safe. Everything must be verified.

"Never trust, always verify" is an ideal concept for more robust security when it comes to remote work. 

Zero trust eliminates the concept of trust as if the resources are being accessed by a stranger each time. With this implementation, we can prevent any unauthorized access to organization networks, resources, and data. It can also be used to granularly control what assets remote users can access.

• Implement Microsegmentation and SDN

With remote work and cloud computing, a traditional approach to the local network does not make much sense. We need an intelligent network architecture. In this situation, Microsegmentation and Software Defined Network (SDN) comes as a massive rescue and have become an integral part of modern networks.

On the one hand, SDN virtualizes network functionality and greatly simplifies the management of an organization network. While on the other hand, Microsegmentation creates secure zones in data centers and cloud infrastructure that allows the system administrator to isolate workload and limit network access based on a zero-trust approach.

SDN-enabled Microsegmentation enables system administrators to define and manage security entirely through software, ultimately resulting in a reduced attack surface.

• Implement Endpoint Security and SOAR

Preventative measures fail at some point. So, organizations need to be quicker and more effective at mitigating potential attacks. The longer an attacker is inside the network, the more damage they can cause and the more costly the recovery will be.

Endpoint security solutions provide a centralized console to keep track and control security updates, organization policies, authentication attempts, etc., of each endpoint devices such as laptops, desktops, and mobile devices. It blocks the use of unsafe applications and also helps to prevent data loss.

SOAR simplifies threat monitoring and detection with automation. It enables organizations to collect/aggregate vast amounts of data from disparate endpoints, identify possible issues, define the solutions, and then use a playbook to automate the response.

With endpoint security and SOAR solutions, organizations can drastically improve response time, engage in effective threat hunting, and timely protect organizational assets.

• Adequate Backup and Recovery Systems

Having a good backup policy is always an important thing to have, primarily to protect against ransomware attacks or any other unfortunate situation.

• Strong authentication

Ensure strong authentication and authorization policies are in place. And these policies should not be enforced by the network but by the endpoints. The password policy should require a unique and strong password combination with two-factor authentication. 

• Use AI powered cybersecurity

Invest in AI powered cybersecurity approaches to protect against sophisticated attack patterns. AI is highly effective in identifying insider threats.

Use AI to effectively identify, analyze, prioritize, and respond to risk; spontaneously find any malware on a network; design incident response; and detect intrusions.

• Integration of threat intelligence

Integrate threat intelligence to cover all attack surfaces, including cloud, mobile, network, endpoint, and IoT. And, keep your threat intelligence up-to-date.

• Integrate SecOps to your development lifecycle and automate things where possible.
• Deploy data loss prevention technology to timely detect any data exfiltration activities.

Individual Effort

• Build a secure Wi-Fi network

Employees need to secure their Wi-Fi network with a strong password. Do not use a default or generic password. Consider changing the Service Set Identifier (SSID) to a name other than a vendor-specific name.

• Split up network

It is recommended to separate out the organizations and personal devices.

Devices that hold/process sensitive organizational data should be kept on a separate network from the personal home devices. This is because even if hackers get hold of the personal devices, they will not be able to get their hands into the organizational data. Many current routers allow the creating of a guest network that can be used for smart home devices.

• Avoid public Wi-Fi 

As far as possible, employees should avoid using public Wi-Fi. If absolutely necessary, ensure the organization’s assets are accessed only via a VPN connection.

• Adhere to the company’s remote work policy.

Finally, COVID-19 fundamentally changed the work process, and remote work has become the standard way of doing work. There are many benefits for the companies that use this concept, like global hiring, reduced commute time and costs, productivity, work-life balance, etc. Still, at the same time, there are cybersecurity risks and other challenges. Organizations need to establish an excellent remote work policy to outline how to protect the organization’s assets from cybercriminals and handle incidents when they occur.