Security Market Segment LS
Thursday, 28 May 2020 14:00

Remote and home devices are now the weakest link

By

GUEST OPINION by Rohan Langdon ANZ regional director Forescout: As organisations have had to support remote workforces during the COVID-19 restrictions set by the government, many of them have had to act fast to deliver digital capabilities to their remote workers. Unfortunately, this rapid organisational shift has also increased the risk of bad actors accessing corporate networks.  

As organisations rushed to become digitally enabled or to accelerate their digital transformation plans, many of them made shortcuts and sacrifices in terms of cybersecurity hygiene. With new devices connecting to the corporate network via new Wi-Fi connections, the network is put at risk from existing device vulnerabilities, as well as bad actors exploiting these devices. These bad actors may remain undetected on corporate networks for months, simply waiting to attack once operations are running as normal again, so they can make the biggest impact.

As Australia and New Zealand businesses begin to recover, it’s unlikely that all these remote workers will return to the office. In fact, it’s more likely that remote working rates will increase across all industries as employees demand more flexibility and organisations look to reduce their overheads*. With remote working set to become a norm, security concerns for remote devices will continue beyond the pandemic. Bad actors know how and what to target, making remote and home devices the weakest link.

To prevent network exploitation, many large organisations have been working to increase their device visibility, compliance and control across the remote workforce. However, there are still some significant gaps in knowledge when it comes to devices, assets, users, time, access, and vulnerabilities. Forescout identified the top five gaps:


1. An increase in bring your own device policies
There has been a huge uptake in bring your own device (BYOD) access, including mobile phones, tablets, and laptops, with limited or no control in the software profile. Attackers targeting BYOD assets tend to use phishing attacks, ransomware, trojans and spyware, along with other types of malicious code.


2. A gap in compliance policies
Compliance with BYOD security requirements is harder to manage in a remote workforce. This often means that remote workers are using devices with legacy operating systems, missing or misconfigured security software, and unencrypted hard drives. This creates significant risk. Users need to update their operating systems, install up-to-date malware protection, and next-generation firewalls, all of which must be correctly configured. While these compliance gaps occur in normal enterprise environments, they are now intensified with the surge of BYOD.

3. Increase in VPN access
Working from home sees a significant increase in virtual private networks (VPN) used to access critical applications in the data centre and cloud. With more staff members working from home, organisations need to open more applications for access through the VPN, which increases the exposure of internal systems to attackers. These are only protected by authenticated clients in a remote working environment, whereas they benefited from physical security and more layers of protection when they were accessed from within the confines of a secure building.

 
4. Unknown devices on the corporate network
Both Internet of Things (IoT) and operational technology (OT) devices require some level of network or internet access to optimise the user experience. IoT devices run on custom or open source software that needs updates to address security vulnerabilities, fix bugs or improve functionality. Many of these devices, such as internet protocol (IP) cameras, IP phones, or IP-enabled speakers, are not centrally managed, or even known by the network owner to be connected. This means that there are likely more devices connected to the corporate network than known, as they are not easily tracked or updated.

Unknown devices create opportunities for malicious actors to access the network and unleash their attacks without being detected or stopped.


5. Device vulnerabilities
There are still many devices in large enterprises with OpenSSL vulnerabilities, including critical VPN infrastructure. The top vulnerability for IoT devices in the enterprise is weak or default passwords. If an IoT device is communicating over the internet with this vulnerability, over time, the data is compromised and the environment is put at risk.

The rapid shift to remote working has emphasised the need for good IT and cybersecurity hygiene for all devices. With remote working set to be the new norm, organisations must look to implement long-term tools and solutions to provide device visibility, control, and compliance.

*https://home.kpmg/au/en/home/media/press-releases/2020/05/australia-to-permanently-change-post-covid19-8-may-2020.html


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Staff Writer

ITWire has a variety of guest journalists and contributors posting on a regular basis. They are used as overflow for big news days and big news weeks.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments