Working-from-home policies and the ability to work remotely have always been available to the modern workforce. Particularly as the economy has shifted and flexed to accommodate the rapid growth of technology and innovation. But what hasn’t been expected is the scale of numbers who have shifted to working from home for the foreseeable.
We’ve gone from an office-based workforce to a mostly remote workforce in a matter of days, and with that comes greater exposure to cyber threats, plus a new approach to managing network security. Chief strategy officers (CSOs) and IT managers alike are going to factor in a slightly different approach to security, while also educating the workforce on the threats to look out for.
The current threat landscape
At this stage, the current threat landscape is about testing out what works. Cyber criminals haven’t managed to conduct any serious, coordinated attacks, but rather machine-based and phishing-type attacks appear to be the most common. This will likely change once criminals get their heads around the increased risk and lax security policies that some organisations have in place.
As everyone gets used to working from home, and attackers become more confident in their approach, we’ll likely see an uptick in coordinated, large-scale attacks.
On top of that, certain types of workers may be susceptible to attacks and require a different level of security. It all begins with a worker connecting to a remote virtual private network (VPN) through a company laptop, but that will likely evolve. The next level of worker will probably be connecting multiple devices to the company network, opening up the attack surface even wider.
The new remote worker
With an entirely remote workforce, network managers have lost an element of management. For example, IT teams won’t be able to stop an employee from connecting a device from their home network if that person is working across a business VPN. Therefore, maintaining security policies as if they’re still in the office is key. There are several steps that network managers can use to ensure the remote-working set-up is secure.
Remote access: To start, every remote worker requires access to email, internet, teleconferencing, limited file sharing and function-specific capabilities (finance, HR, etc) from their remote work site. They also require access to software-as-a-service (SaaS) applications in the cloud, such as Microsoft Office 365.
Make sure all users have a laptop loaded with all of the essential applications they need to do their job. In addition, that laptop needs to include a pre-configured client to provide VPN connectivity to corporate headquarters.
Multifactor authentication: This helps prevent cybercriminals from using stolen passwords to access networked resources. To enable more secure access, every user needs to also be provided with a secure authentication token. These tokens can be a physical device (such as a key fob) or software-based (like a phone app), and are used when making a VPN connection or logging into the network to provide an additional layer of identity validation.
Persistent connectivity: Pre-configured wireless access points enable secure connectivity from a user’s remote location to the corporate network through a reliable, secure tunnel. For a more secure connection, a wireless access point can be combined with a desktop-based next-generation firewall to enable persistent connections, advanced admission control, and a full spectrum of advanced security services, including data loss prevention.
User and device authentication: A central authentication service connected to the network’s active directory, Lightweight Directory Access Protocol (LDAP), and Radius enables remote workers to securely connect to network services at scale. This solution should also support single sign-on services, certificate management, and guest management.
Advanced perimeter security: A next-generation firewall (NGFW) solution needs to securely terminate VPN connections and provide advanced threat protection, including the analysis of malware and other suspicious content within a sandboxed environment before it reaches its destination, and high-performance inspection of clear-text and encrypted traffic to eliminate malware and malicious traffic.
Scalability for this function is especially critical, as the inspection of encrypted data is extremely processor-intensive. Without advanced security processors designed to inspect high volumes of encrypted traffic, NGFW solutions can quickly become a bottleneck that can impact teleworker productivity.
Changing levels of trust
There is, however, a shift afoot. The change in levels of trust for employers and in the working habits of employees will likely shape the approach that network managers and CSOs take to securing these new, more expansive networks.
There will be attacks that become more prolific, which employees will need to keep an eye on, and we’ll likely see technology such as secure SD-WAN bleed into the consumer realm, as businesses look at the viability of implementing these types of enterprise solutions in residential properties.
However, there is also a responsibility on the workers to recognise and understand the types of attacks they may come across, which may have a more sinister approach. Social engineering is becoming prolific in the sense that criminals are using Covid-19 updates and related information to lure users to malicious sites or click through to links that enable access to personal information.
Threat actors prefer the path of least resistance. They hack the psyche of targets (who rarely realise the disguises) as well as rely on publicly available intelligence and interactions to generate victim profiles. Cybercriminals are experts in the art of masquerading, manipulating, influencing and devising lures to trick targets into divulging sensitive data, and/or giving them access to our networks and/or facilities.
Here are some digital and phone-based attacks that remote workers should be on the alert for include:
Phishing/spear phishing: email-based attacks that target everyone or a specific person or role within an organisation in order to entice individuals to click on malicious links or enter credentials or other personal information.
Social media deception: adversaries create fake profiles to befriend victims while posing as a current or former co-worker, job recruiter or someone with a shared interest on social media, especially LinkedIn. Their goal is to trick the victim into providing sensitive information or downloading malware to their device.
Smishing: a text-based message attack that impersonates a legitimate source in order to lure a victim into downloading viruses and malware onto their cell phone or other mobile device.
At a time when a majority of the workforce is working from home, security strategies need to adjust and the ways in which we work are being changed to support that.
Steve Mulhearn is director of enhanced technologies UK & Ireland, Fortinet