Whereas teleworking has been a steadily growing trend in the enterprise ecosystem for years, it is currently gaining extra traction among businesses due to the COVID-19 pandemic. Organizations around the world are increasingly adopting a model where office employees work from home as part of the disease mitigation strategy.
This tactic makes a whole lot of sense in light of the healthcare crisis running rampant, but it also provides malicious actors with additional opportunities to eavesdrop on sensitive communication and infect business networks with such dangerous things like ransomware. In particular, the adversaries are growingly shifting their focus toward the exploitation of VPN services and conferencing software. They are also rethinking the logic of phishing attacks to align them with the "infodemic" and take advantage of people's fears stemming from the unnerving coronavirus stats.
Here are insights into the vectors of cybercrime targeting remote workers and the ways to prevent these raids from affecting your organization.
VPN security comes to the fore
To connect to business IT networks securely and have fully-fledged access to the required corporate data assets, teleworkers typically leverage virtual private network (VPN) tools that safeguard sensitive traffic against interception attempts and other forms of unauthorized tampering. In response to the ongoing boom in the enterprise VPN use for remote work, malefactors are looking for new ways to compromise these services.
On March 13, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding enterprise VPN security. The federal agency encourages companies to strengthen the security of alternate workplace implementation for their personnel. The officials single out the following risks in this context:
-- Since VPN is the fundamental technology that enables secure teleworking, threat actors are busy trying to unearth and target new vulnerabilities in these tools.
-- Organizations use VPNs round the clock, and therefore they may fail to apply updates delivering the latest security patches.
-- Cybercrooks are likely to send more phishing emails that attempt to hoodwink remote workers into disclosing their usernames and passwords.
-- Companies that don't enforce the use of multi-factor authentication (MFA) for establishing remote access sessions are more vulnerable to phishing.
-- Organizations typically support a finite number of VPN connections, which means that IT security team members may be unable to do their job properly during periods of capacity congestion.
The paradigm of mainstream teleworking with virtual private networks at its core means that organizations are faced with a single point of failure. By compromising VPN connections, attackers can gain a foothold in a business environment and amass sensitive data.
As the issue is escalating, CISA additionally lists mitigations for strengthening enterprise VPN security. According to the official advisory, organizations should adhere to the following practices:
-- Keep VPNs and network equipment up to date. The same applies to devices used by employees for connecting to work environments remotely. This will ensure that the latest software patches and security configurations are in effect.
-- Inform the personnel about the expected growth of phishing attacks.
-- Ascertain that IT security teams are all set to perform critical tasks related to remote access security such as attack detection, log analysis, as well as incident response and recovery.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).