Story image

Are remote workers really the answer? Report finds huge security issues

07 Mar 18

The swelling generation of mobile workers is causing headaches for IT staff.

A study by OneLogin has found 74 percent of UK businesses currently provide their employees with the benefit of remote working and are now grappling with finding a balance between productivity and security.

These ‘headaches’ are certainly justified as the study found more than half of remote workers spend up to one day per week connected to unsecured networks, effectively opening the door to a host of cyber threats.

“Hackers are increasingly going after high-value targets, such as executives or users with privileged access. And rather than deploying very sophisticated technical attacks, they are using social engineering or password replay attacks,” says OneLogin CTO Thomas Pederson.

“For example, if a hacker wants to compromise a particular individual, all they need to do is look in many of the leaked password databases on the dark web and figure out that person’s corporate email address and then start trying to sign into applications where the user might have an account. This kind of attack is something enterprises can only protect themselves against using multi-factor authentication.”

48 percent of businesses have enforced VPNs to create a secure link between the home and corporate networks, which should technically solve all the security issues associated with remote working and unsecured WiFi networks.

However, organisations have inadvertently made productive remote working impossible with ‘not fit for purpose’ security protocols as 30 percent receive frequent complaints that the use of a VPN slows down network access when working out of the office.

What’s more, the study shows VPN’s are notoriously prone to breaking down with 67 percent of businesses experiencing up to a week of VPN downtime over the last 12 months.

OneLogin says these and other VPN hang-ups are effectively countering the benefits remoting working is supposed to promote like productivity and a happier workforce.

“With productivity levels compromised, companies such as HP, IBM and Yahoo have decided to turn their backs on remote working altogether,” says OneLogin chief information security officer Alvaro Hoyos.

“However, businesses shouldn’t jump too quickly to cast remote working aside. It is possible for businesses to enable and actively encourage remote working, without compromising security or productivity.”

Hoyos says given the questionable reliability of VPNs, mobile workers are more likely to turn to potentially unsecured networks.

“This could be devastating as data breaches could leave confidential documents in the wrong hands and can be incredibly costly to remediate. By using next-generation mobile container technology, organisations can extend endpoint security from desktops to mobile devices and thereby enjoy a unified endpoint management solution,” says Hoyos.

Pederson says traditional enterprises are still mainly focused on the on-premises security because that’s where the majority of their IT workload is located.

“However, with growing shadow IT and strategic cloud applications being deployed, enterprises must learn to rely less on the physical perimeter for security and instead focus on getting a solid grip on the identities accessing corporate data,” says Pederson.

“Enterprises must adopt a zero-trust security model where workers are not trusted more just because they are located inside the physical perimeter. Users should always be authenticated using multiple factors whether it be a one-time password, biometric or a certificate deployed on the user’s device.”

Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.