The rapid growth in remote working due to COVID-19 has brought many advantages to organisations, but also significant cyber risk. Early in the pandemic, Microsoft CEO Satya Nadella stated that two years of digital transformation had taken place in just two months. The increased adoption of cloud solutions as organisations went remote has created potential risks and vulnerabilities which have contributed to cyberattacks skyrocketing since 2020. Here are three key reasons why remote working introduces new cybersecurity challenges – and how they can be mitigated to keep organisations secure.
One of the attack vectors that has seen the most growth along with remote working is exploiting tools used to access devices remotely, such as Windows Remote Desktop Protocol (RDP). Since these interfaces allow attackers to gain full control over a machine, cybercriminals have been extensively targeting them following the increase in their usage due to remote working. Attacks on open RDP ports rose by 241% in 2020, and achieved record levels in 2021.
Many of these attempts to compromise RDP ports have involved brute force attacks, exploiting the weak passwords frequently used to authenticate users. However, the market for RDP credentials on the dark web is also booming, with a single leak last year making 1.3 million sets of credentials for compromised RDP ports available to view.
While many organisations mandate corporate password policies to stop weak credentials being used to protect key attack vectors, human limitations prevent them from being effective. With the average person having over 100 passwords to remember, memorising unique, high-entropy credentials which are changed regularly for each of their accounts is infeasible.
In order to ensure strong passwords are being used, organisations are increasingly turning to solutions such as Single Sign-On (SSO) which can enforce effective password policies on RDP ports, or even remove passwords altogether, preventing brute force attacks from being carried out. Multi-Factor Authentication (MFA) has also seen widespread adoption for additional identity verification of users connecting remotely, making it significantly harder for cybercriminals to compromise corporate devices.
Onboarding remote workers brings logistical challenges to organisations, especially with the sheer number of cloud applications in use by enterprises. This can lengthen the time needed to onboard employees and give them access to the applications and resources they require to do their job.
The more serious concern for organisations, however, is employee offboarding. As digital transformation, and remote working in general, is resulting in increased amounts of corporate data being processed and stored in the cloud, rather than on-premise, the potential for employees to retain access to sensitive data after leaving the organisation is increased.
As a result, the risk of employees retaining access to sensitive corporate data after leaving an organisation is a major concern for security teams. According to a study from the Ponemon Institute, more than half of employees admitted to taking information from a former employer, with 40% of them admitting they intended to use it in their next role.
Even if the employee left on good terms and has no malicious intent, accounts that remain active could remain attack vectors for years to come should the employee reuse the same credentials used to access them. Without effective offboarding which ceases employees access, organisations aren’t just exposed to risk from their current employees, but all their former ones too, creating a significant attack surface for cybercriminals to exploit.
Some organisations are solving this challenge by adopting an Identity and Access Management (IAM) solution, that provide user lifecycle management. This functionality enables organisations to ensure that all employees can be onboarded and offboarded centrally, and that no former employees retain access to sensitive corporate data. Some IAM solutions can also provide just-in-time provisioning for applications which support this functionality. This enables users to have accounts automatically created for them upon accessing applications for the first time, improving business efficiency.
Shadow IT is not a phenomenon unique to remote working environments, being more than ten times greater on average than known cloud usage, according to McAfee. However, the remote working environment has increased the propensity for employees to use apps outside of IT’s knowledge. According to Netmotion, 62% of remote workers admitted installing applications onto work devices without the permission of their IT department.
While Shadow IT can be a force for good, by giving employees more tools to carry out tasks in a more efficient and flexible manner, it also comes with significant security risks. Technological security measures such as MFA and password policies, for example, cannot be enforced on applications if the IT security team have no knowledge of them.
In order to counter this problem and enable Shadow IT to become a force for good, many organisations have turned to IAM solutions which can detect applications in use by employees, inform IT, and enable their quick inclusion within the corporate security policy. With this increased visibility, security measures such as SSO and MFA can easily be mandated and enforced for any application where corporate data is processed, ensuring there are no gaps and fulfil their maximum efficacy and return on investment.