Threat actors are always looking for a unique plan of attack and Covid-19 gave them a new foot in the door through the surge in remote employees working from home. And hackers are taking full advantage of it.
In one of the greatest rush jobs ever in business as a whole, technology shifted gears into enabling a remote workforce almost overnight.
Unfortunately, hackers are making the most of it, taking full advantage of both the rush to adjust and the security weaknesses that remote work presents. The security strategies that many businesses planned for the year flipped over into survival mode to support this new remote framework.
So what makes an employee working from home more vulnerable, and how can you best meet the security needs that this type of new culture requires?
Challenge #1: Volume of Remote Workers
One of the most challenging parts of this WFH transition has been to keep security protocols in place now that every employee is outside the safety of the on-premise network. Since so many are working remote, there has been a huge jump in RDP (Remote Desktop Protocol) and VPN (Virtual Private Network) usage linking to your organization’s network. With so many businesses now reliant on RDP and VPNs, bad actors have narrowed in on these connections, scanning for vulnerable connections in order to launch attacks.
In addition, the sheer volume of new connections is an obstacle. Securing each one of those new individual connections is a huge challenge, especially since security teams can’t verify or control how employees are managing their own networks.
Challenge #2: Larger Attack Surface
As perimeters expand by connecting to employees’ homes, multitudes of new attack vectors are opening up. Remote workers rarely know that their home routers may be misconfigured or unpatched, providing an ideal target for hackers to exploit. How often is their router password either “password”, their address or dog’s name?
Employees are also using their personal devices to connect to the network—laptops their kid’s game on, tablets, etc…which are likely running applications that aren’t approved by the IT department. Additionally, every wifi-enabled device in an employee’s home is now also looped in – printers, smart TVs, the Ring doorbell and Alexa, to name a few. Since all of these applications and devices can have a potential impact, IT teams are unable to do anything about these potential threats. Even if every device is patched and up to date, each new device provides another possible entrance for attack.
Challenge #3: Growing Malware and Ransomware Attacks
Hackers are one of the few groups that do well in chaos-sort of an evil essential business. As a rule of thumb, industries at the center of these crises take the biggest hit. Ongoing and persistent ransomware attacks are to be expected, because they take advantage of these industries’ divided attention to manage massive amounts of data. Hackers know these organizations have to keep functioning, so these businesses are more likely to pay the ransom.
Phishing attacks have also drastically gone up, feeding on the fragile emotions of individuals. Heightened anxiety can cause people to become careless, clicking on an email they would normally mark as spam, particularly if it is made to look like important information on the news that is at the top of everyone’s mind.
Solution? Stepping up Collaboration Tools, Remote Monitoring and Threat Detection
Darkhound can help you strategize a work from home policy that will keep your employees connected, efficient and secure.
While, this year may be a season of great adjustment, it’s also an opportunity to adapt. Reviewing security policies to manage the risk of large remote workforce’s by tweaking processes and introducing new collaboration tools will provide flexibility in how an organization can accomplish work, making sure you’re prepared for the future, however uncertain it is.
Contact DarkHound for more information at [email protected]
Image Source: https://www.pexels.com/photo/photo-of-person-typing-on-computer-keyboard-735911/