Remote work is now a standard option for most professionals, but the rising popularity of work from anywhere has driven a corresponding rise in cybersecurity incidents.
Remote work during the COVID-19 pandemic drove a 238% increase in cyber attacks, according to a March 2022 report by Alliance Virtual Offices, which provides services to the remote workforce. And Gartner's "7 top trends in cybersecurity for 2022" called the expansion of the attack surface that came with remote work and the increasing use of public cloud a major area of cybersecurity concern. Trends such as these have made security improvements for remote employees and risk-based vulnerability management the "most urgent projects" in 2022 for 78% of CISOs surveyed by security software provider Lumu Technologies.
How does remote work impact cybersecurity?
A remote work environment can raise the risk of a data breach or other cyber attack for several reasons, according to multiple security experts. Remote work, particularly remote work at scale, significantly increases the potential attack surface that must be protected.
Gartner reported that 60% of knowledge workers are remote and at least 18% won't return to the office. "These changes in the way we work, together with greater use of public cloud, highly connected supply chains and use of cyber-physical systems," Gartner warned, "have exposed new and challenging attack 'surfaces.'"
This article is part of
Remote workers sometimes further expand the attack surface -- and increase risk -- by introducing unsanctioned technology. "There has been a growth of shadow IT, as people working from home were buying [technology] that may not be sanctioned by IT, but they needed to get their job done," said Sushila Nair, vice president of security services at NTT Data Services and member of the Emerging Trends Working Group at professional IT governance association ISACA. And, because the technology may go undetected by IT, she added, shadow IT often lacks the security scrutiny and protection it requires.
Remote work not only expanded the potential attack surface, but also moved it outside conventional perimeter defenses, such as firewalls and intrusion detection systems, that organizations traditionally built to thwart ransomware attacks, data breaches and other types of cybercrimes.
"Those had been protecting the castle, but now, people aren't working inside the castle," said Ed Skoudis, president of SANS Technology Institute. "They're out in the field, so those defenses don't protect them there. We've been saying for years that the network perimeters we built were dissolving because of things like wireless and cloud, but then, COVID came and blew it all up."
Moreover, cybercriminals are seizing on the shift to remote work environments by exploiting vulnerabilities in the infrastructure that enables remote work and tweaking how they target the workers themselves. "Attackers have noticed," Skoudis added. "They're really focused on attacking home workers because they are no longer protected in these enclaves that organizations spent the last 30 years building."
Most common remote working cybersecurity risks
Cybersecurity risks associated with remote work are many and varied, including expanded attack surfaces, security skills shortages, vulnerable networks, cloud-based infrastructures and employee work habits.
1. Expanded attack surfaces
With more employees working remotely, organizations simply have more endpoints, networking and software to secure, all of which greatly increase the workload for security departments that are often stretched thin.
2. Lack of security talent
Staffing challenges at some organizations can create delays in adequately securing remote workers. In its "2022 Cybersecurity Skills Gap Global Research Report," network security provider Fortinet revealed that 60% of the 1,223 IT and cybersecurity leaders surveyed said they struggle to recruit cybersecurity talent and 52% struggle to retain qualified workers, while 67% acknowledged that the shortage of qualified cybersecurity candidates presents greater risks to their organizations.
3. Less oversight by security staffs
"Workers don't have cybersecurity teams watching over what's happening on the home network," Skoudis said. By its very nature, remote work moves some of the system access, network traffic and data outside the conventional perimeters of the enterprise technology environment and the security monitoring within that environment. Companies generally can't extend monitoring out to all the endpoints and along all the networks now supporting remote work environments, Skoudis explained.
4. Poor data practices and procedures
Workers for various reasons may be downloading sensitive information to their local devices, which may or may not be encrypted, said Scott Reynolds, senior director of enterprise cybersecurity at ISACA. For the sake of efficiency, they may also share sensitive company data over unsecured channels, such as unencrypted email or files, without realizing the risks involved.
5. Susceptibility to phishing attacks
Phishing "continues to be a persistent, pervasive threat," Reynolds said, "and all it takes is for one person to click something they shouldn't for something to get through." The risk is heightened remotely since workers have a greater dependence on email and become less suspicious of a well-engineered phishing email attack disguised as a legitimate business request.
6. Unsecured and vulnerable hardware
The sudden shift to remote work at the start of the pandemic meant many workers used their personal devices to do their jobs, regardless of whether they had the skill to ensure their home routers, laptops and smartphones were properly updated and adequately secured, said Glenn Nick, associate director for cybersecurity incident response at advisory services provider Guidehouse.
7. Unsecured and vulnerable networks
Remote work also increases the chance that employees will use unsecured networks, such as public Wi-Fi. Even home networks are often vulnerable to attacks. "People are placed at home working in an environment that they don't have the technical expertise to secure," Nick explained. "They may be told to update their routers or use VPNs but may not have the technical expertise to do so. And, at the same time, you have nation-states attacking home routers and home network devices." So significant is the threat that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted the risk in a June 2022 alert.
8. Unsecured corporate network
CISA also noted that hackers are targeting a broad range of networks, including vulnerabilities in the enterprise networking equipment used to enable remote work.
9. Vulnerabilities in enabling technologies
Companies need to be aware of the technologies that enable remote work. "There is a tremendous amount of vulnerabilities being found in remote work support solutions," Skoudis warned.
10. Misconfigurations in the public cloud
The cloud is an essential technology for remote work, yet it also comes with risks. One such risk lies in misconfigurations, particularly relating to access. Organizations can inadvertently grant users too much access or fail to implement access controls. According to the "2022 Cloud Security Report" by network security software provider Check Point Software Technologies, more than one-fourth of information security professionals surveyed said their organizations experienced a security incident in the public cloud infrastructure within the past year, and security misconfigurations were the leading cause.
11. Webcam hacking and Zoombombing
Enterprises increased their use of video conferencing and other online collaboration platforms and so did hackers. Cybercriminals can sabotage or disrupt online conferences or prowl around undetected to obtain information, such as proprietary data or corporate emails, which they can use to their advantage, Skoudis said.
12. Sophisticated socially engineered attacks
Hackers are becoming increasingly more sophisticated to capitalize on the corporate shift to remote work environments. "[D]espite defenders' best efforts," read the "2022 Social Engineering Report" by security software provider Proofpoint, "cybercriminals continue to be successful at exploiting the human element to recognize financial gain."
Best practices for remote working cybersecurity
Proofpoint's assessment reflects the longstanding acknowledgement that nothing is 100% secure. But companies that follow security best practices can drastically reduce their chance of suffering a costly and sometimes devastating cyber attack:
- Implement basic security controls. Remote workers, Nick advised, should use virtual private networks to access enterprise systems, ensure devices accessing the enterprise network have antivirus software and follow a strong password policy that requires unique passwords for different sites. Experts also recommended using encryption to protect sensitive data and cloud-based file sharing to keep data off worker devices.
- Strengthen the corporate data protection program. "Know where your digital information is," Reynolds said, "what information you are collecting, where your crown jewels are stored and what you're doing to protect the data."
- Establish a strong vulnerability management program. Use a risk-based approach to quickly address vulnerabilities that present the highest risks and reduce the overall number of unpatched vulnerabilities that hackers could exploit.
- Review existing threat detection and incident response programs. "They need to be updated," Nick suggested, "to make them match the current threats and the current environment."
- Implement and advance a zero-trust framework. All users and devices should be required to verify that they're authorized to access the enterprise environment.
- Deploy user behavior analytics (UBA). A key component of zero-trust UBA uses machine learning and data science to identify and understand a user's typical pattern of accessing enterprise systems and to flag suspicious activities that could indicate a user's credentials have been compromised.
- Ensure proper cloud configurations and access. Misconfigurations are a leading cause of security incidents in public cloud infrastructures. Take measures to eliminate glitches, gaps or errors that could expose the work environment to risk during cloud migration and operation and institute sensible user access controls.
- Establish an ongoing security awareness program. Educate users on potential new security threats and the steps necessary to keep the organization safe. "It all comes down to user awareness," Skoudis noted, "because, if you do all the other stuff but don't tell users how to stay secure, you're going to have problems."