As organisations rushed to become digitally enabled or to accelerate their digital transformation plans, many of them made shortcuts and sacrifices in terms of cybersecurity hygiene. With new devices connecting to the corporate network via new Wi-Fi connections, the network is put at risk from existing device vulnerabilities, as well as bad actors exploiting these devices. These bad actors may remain undetected on corporate networks for months, simply waiting to attack once operations are running as normal again, so they can make the biggest impact.
As Australia and New Zealand businesses begin to recover, it’s unlikely that all these remote workers will return to the office. In fact, it’s more likely that remote working rates will increase across all industries as employees demand more flexibility and organisations look to reduce their overheads*. With remote working set to become a norm, security concerns for remote devices will continue beyond the pandemic. Bad actors know how and what to target, making remote and home devices the weakest link.
To prevent network exploitation, many large organisations have been working to increase their device visibility, compliance and control across the remote workforce. However, there are still some significant gaps in knowledge when it comes to devices, assets, users, time, access, and vulnerabilities. Forescout identified the top five gaps:
1. An increase in bring your own device policies
There has been a huge uptake in bring your own device (BYOD) access, including mobile phones, tablets, and laptops, with limited or no control in the software profile. Attackers targeting BYOD assets tend to use phishing attacks, ransomware, trojans and spyware, along with other types of malicious code.
2. A gap in compliance policies
Compliance with BYOD security requirements is harder to manage in a remote workforce. This often means that remote workers are using devices with legacy operating systems, missing or misconfigured security software, and unencrypted hard drives. This creates significant risk. Users need to update their operating systems, install up-to-date malware protection, and next-generation firewalls, all of which must be correctly configured. While these compliance gaps occur in normal enterprise environments, they are now intensified with the surge of BYOD.
3. Increase in VPN access
Working from home sees a significant increase in virtual private networks (VPN) used to access critical applications in the data centre and cloud. With more staff members working from home, organisations need to open more applications for access through the VPN, which increases the exposure of internal systems to attackers. These are only protected by authenticated clients in a remote working environment, whereas they benefited from physical security and more layers of protection when they were accessed from within the confines of a secure building.
4. Unknown devices on the corporate network
Both Internet of Things (IoT) and operational technology (OT) devices require some level of network or internet access to optimise the user experience. IoT devices run on custom or open source software that needs updates to address security vulnerabilities, fix bugs or improve functionality. Many of these devices, such as internet protocol (IP) cameras, IP phones, or IP-enabled speakers, are not centrally managed, or even known by the network owner to be connected. This means that there are likely more devices connected to the corporate network than known, as they are not easily tracked or updated.
Unknown devices create opportunities for malicious actors to access the network and unleash their attacks without being detected or stopped.
5. Device vulnerabilities
There are still many devices in large enterprises with OpenSSL vulnerabilities, including critical VPN infrastructure. The top vulnerability for IoT devices in the enterprise is weak or default passwords. If an IoT device is communicating over the internet with this vulnerability, over time, the data is compromised and the environment is put at risk.
The rapid shift to remote working has emphasised the need for good IT and cybersecurity hygiene for all devices. With remote working set to be the new norm, organisations must look to implement long-term tools and solutions to provide device visibility, control, and compliance.