Story image

Are remote workers really the answer? Report finds huge security issues

07 Mar 18

The swelling generation of mobile workers is causing headaches for IT staff.

A study by OneLogin has found 74 percent of UK businesses currently provide their employees with the benefit of remote working and are now grappling with finding a balance between productivity and security.

These ‘headaches’ are certainly justified as the study found more than half of remote workers spend up to one day per week connected to unsecured networks, effectively opening the door to a host of cyber threats.

“Hackers are increasingly going after high-value targets, such as executives or users with privileged access. And rather than deploying very sophisticated technical attacks, they are using social engineering or password replay attacks,” says OneLogin CTO Thomas Pederson.

“For example, if a hacker wants to compromise a particular individual, all they need to do is look in many of the leaked password databases on the dark web and figure out that person’s corporate email address and then start trying to sign into applications where the user might have an account. This kind of attack is something enterprises can only protect themselves against using multi-factor authentication.”

48 percent of businesses have enforced VPNs to create a secure link between the home and corporate networks, which should technically solve all the security issues associated with remote working and unsecured WiFi networks.

However, organisations have inadvertently made productive remote working impossible with ‘not fit for purpose’ security protocols as 30 percent receive frequent complaints that the use of a VPN slows down network access when working out of the office.

What’s more, the study shows VPN’s are notoriously prone to breaking down with 67 percent of businesses experiencing up to a week of VPN downtime over the last 12 months.

OneLogin says these and other VPN hang-ups are effectively countering the benefits remoting working is supposed to promote like productivity and a happier workforce.

“With productivity levels compromised, companies such as HP, IBM and Yahoo have decided to turn their backs on remote working altogether,” says OneLogin chief information security officer Alvaro Hoyos.

“However, businesses shouldn’t jump too quickly to cast remote working aside. It is possible for businesses to enable and actively encourage remote working, without compromising security or productivity.”

Hoyos says given the questionable reliability of VPNs, mobile workers are more likely to turn to potentially unsecured networks.

“This could be devastating as data breaches could leave confidential documents in the wrong hands and can be incredibly costly to remediate. By using next-generation mobile container technology, organisations can extend endpoint security from desktops to mobile devices and thereby enjoy a unified endpoint management solution,” says Hoyos.

Pederson says traditional enterprises are still mainly focused on the on-premises security because that’s where the majority of their IT workload is located.

“However, with growing shadow IT and strategic cloud applications being deployed, enterprises must learn to rely less on the physical perimeter for security and instead focus on getting a solid grip on the identities accessing corporate data,” says Pederson.

“Enterprises must adopt a zero-trust security model where workers are not trusted more just because they are located inside the physical perimeter. Users should always be authenticated using multiple factors whether it be a one-time password, biometric or a certificate deployed on the user’s device.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.