Story image

Are remote workers really the answer? Report finds huge security issues

07 Mar 2018

The swelling generation of mobile workers is causing headaches for IT staff.

A study by OneLogin has found 74 percent of UK businesses currently provide their employees with the benefit of remote working and are now grappling with finding a balance between productivity and security.

These ‘headaches’ are certainly justified as the study found more than half of remote workers spend up to one day per week connected to unsecured networks, effectively opening the door to a host of cyber threats.

“Hackers are increasingly going after high-value targets, such as executives or users with privileged access. And rather than deploying very sophisticated technical attacks, they are using social engineering or password replay attacks,” says OneLogin CTO Thomas Pederson.

“For example, if a hacker wants to compromise a particular individual, all they need to do is look in many of the leaked password databases on the dark web and figure out that person’s corporate email address and then start trying to sign into applications where the user might have an account. This kind of attack is something enterprises can only protect themselves against using multi-factor authentication.”

48 percent of businesses have enforced VPNs to create a secure link between the home and corporate networks, which should technically solve all the security issues associated with remote working and unsecured WiFi networks.

However, organisations have inadvertently made productive remote working impossible with ‘not fit for purpose’ security protocols as 30 percent receive frequent complaints that the use of a VPN slows down network access when working out of the office.

What’s more, the study shows VPN’s are notoriously prone to breaking down with 67 percent of businesses experiencing up to a week of VPN downtime over the last 12 months.

OneLogin says these and other VPN hang-ups are effectively countering the benefits remoting working is supposed to promote like productivity and a happier workforce.

“With productivity levels compromised, companies such as HP, IBM and Yahoo have decided to turn their backs on remote working altogether,” says OneLogin chief information security officer Alvaro Hoyos.

“However, businesses shouldn’t jump too quickly to cast remote working aside. It is possible for businesses to enable and actively encourage remote working, without compromising security or productivity.”

Hoyos says given the questionable reliability of VPNs, mobile workers are more likely to turn to potentially unsecured networks.

“This could be devastating as data breaches could leave confidential documents in the wrong hands and can be incredibly costly to remediate. By using next-generation mobile container technology, organisations can extend endpoint security from desktops to mobile devices and thereby enjoy a unified endpoint management solution,” says Hoyos.

Pederson says traditional enterprises are still mainly focused on the on-premises security because that’s where the majority of their IT workload is located.

“However, with growing shadow IT and strategic cloud applications being deployed, enterprises must learn to rely less on the physical perimeter for security and instead focus on getting a solid grip on the identities accessing corporate data,” says Pederson.

“Enterprises must adopt a zero-trust security model where workers are not trusted more just because they are located inside the physical perimeter. Users should always be authenticated using multiple factors whether it be a one-time password, biometric or a certificate deployed on the user’s device.”

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.