Security Market Segment LS
Thursday, 28 May 2020 14:00

Remote and home devices are now the weakest link


GUEST OPINION by Rohan Langdon ANZ regional director Forescout: As organisations have had to support remote workforces during the COVID-19 restrictions set by the government, many of them have had to act fast to deliver digital capabilities to their remote workers. Unfortunately, this rapid organisational shift has also increased the risk of bad actors accessing corporate networks.  

As organisations rushed to become digitally enabled or to accelerate their digital transformation plans, many of them made shortcuts and sacrifices in terms of cybersecurity hygiene. With new devices connecting to the corporate network via new Wi-Fi connections, the network is put at risk from existing device vulnerabilities, as well as bad actors exploiting these devices. These bad actors may remain undetected on corporate networks for months, simply waiting to attack once operations are running as normal again, so they can make the biggest impact.

As Australia and New Zealand businesses begin to recover, it’s unlikely that all these remote workers will return to the office. In fact, it’s more likely that remote working rates will increase across all industries as employees demand more flexibility and organisations look to reduce their overheads*. With remote working set to become a norm, security concerns for remote devices will continue beyond the pandemic. Bad actors know how and what to target, making remote and home devices the weakest link.

To prevent network exploitation, many large organisations have been working to increase their device visibility, compliance and control across the remote workforce. However, there are still some significant gaps in knowledge when it comes to devices, assets, users, time, access, and vulnerabilities. Forescout identified the top five gaps:

1. An increase in bring your own device policies
There has been a huge uptake in bring your own device (BYOD) access, including mobile phones, tablets, and laptops, with limited or no control in the software profile. Attackers targeting BYOD assets tend to use phishing attacks, ransomware, trojans and spyware, along with other types of malicious code.

2. A gap in compliance policies
Compliance with BYOD security requirements is harder to manage in a remote workforce. This often means that remote workers are using devices with legacy operating systems, missing or misconfigured security software, and unencrypted hard drives. This creates significant risk. Users need to update their operating systems, install up-to-date malware protection, and next-generation firewalls, all of which must be correctly configured. While these compliance gaps occur in normal enterprise environments, they are now intensified with the surge of BYOD.

3. Increase in VPN access
Working from home sees a significant increase in virtual private networks (VPN) used to access critical applications in the data centre and cloud. With more staff members working from home, organisations need to open more applications for access through the VPN, which increases the exposure of internal systems to attackers. These are only protected by authenticated clients in a remote working environment, whereas they benefited from physical security and more layers of protection when they were accessed from within the confines of a secure building.

4. Unknown devices on the corporate network
Both Internet of Things (IoT) and operational technology (OT) devices require some level of network or internet access to optimise the user experience. IoT devices run on custom or open source software that needs updates to address security vulnerabilities, fix bugs or improve functionality. Many of these devices, such as internet protocol (IP) cameras, IP phones, or IP-enabled speakers, are not centrally managed, or even known by the network owner to be connected. This means that there are likely more devices connected to the corporate network than known, as they are not easily tracked or updated.

Unknown devices create opportunities for malicious actors to access the network and unleash their attacks without being detected or stopped.

5. Device vulnerabilities
There are still many devices in large enterprises with OpenSSL vulnerabilities, including critical VPN infrastructure. The top vulnerability for IoT devices in the enterprise is weak or default passwords. If an IoT device is communicating over the internet with this vulnerability, over time, the data is compromised and the environment is put at risk.

The rapid shift to remote working has emphasised the need for good IT and cybersecurity hygiene for all devices. With remote working set to be the new norm, organisations must look to implement long-term tools and solutions to provide device visibility, control, and compliance.


Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Staff Writers

Our Staff Writers and Guest Writers contribute content to iTWire each day and they are available asset to the team. If you want to be a staff writer please contact us.

Share News tips for the iTWire Journalists? Your tip will be anonymous