How secure is your remote work infrastructure?

Most organizations couldn’t even conceive a completely remote workforce, but earlier this year the world experienced an unpredictable circumstance that forced professionals to take on a new form of “business as usual.” Virtual meetings and business collaboration tools, previously used in the background, suddenly became the primary form of communication. This transition from physical office to work-from-home felt instantaneous, and it was particularly tough on security teams that had to balance business enablement with risk.

Fast forward to today, where we are seeing several security challenges brought on by the unexpected shift to remote work. Let’s discuss some of those challenges in detail, and then we’ll explain how organizations can identify gaps in their remote infrastructure—and ultimately put them to rest.

These days security teams must maintain rapidly changing infrastructure and grant security-related concessions—that were once off-limits and sometimes outside of the security team’s purview—to maintain business continuity. With this change comes significant security risks, most of which fall under the following issues that continue to enable cyber adversaries:

• Misconfigured remote access and collaboration technologies: A rushed introduction of new remote access technologies or scaling up of existing remote access infrastructure has led to the use of out-of-box or insecure configurations. Many organizations lack the resources required to alter their infrastructure post-deployment, and express hesitance in applying the latest security patches for remote work assets due to fear of impacting availability.
• Improper hardening of user workstations or over reliance on endpoint controls: Deployment of technology to newly remote workers has caused many endpoint-based security measures to be sacrificed in the name of expedience. Computers or other digital assets are often shipped to remote workers (or other stakeholders) at a rapid pace to keep up with demand, and in turn may not implement security checks as a primary concern within the process. For example, user workstations may not possess fine-tuned endpoint protection (or have endpoint protection at all), properly configured security policies, or security controls to protect intellectual property from falling into the wrong hands if a workstation is stolen or compromised.
• Exposure of privileged actions and administrative interfaces: Many privileged users must access highly sensitive assets to fulfil their job responsibilities. Some organizations allow users to access such highly sensitive assets directly from their workstations or personal devices via an Internet-exposed web portal, or an Internet-accessible administrative service (such as Terminal Services/Remote Desktop Services). Others may require privileged users to use Virtual Desktop Infrastructure (VDI), which is often prone to compromise and session breakouts. If remotely accessible administrative services are not properly locked down, an attacker can take advantage of these lax security controls to compromise critical business assets and internal corporate networks.
• Reduced visibility or monitoring of Internet-bound traffic: To manage the rapid increase and daily needs of a remote workforce, network administrators are moving to previously undesirable approaches such as split tunnelling, IP safe-listing removal and access from unmanaged devices. Traffic routed to malicious destinations over the Internet may be unchecked and unmonitored, along with previously established baselines for anomaly detection, forgoing their accuracy.

Global circumstances have driven many businesses, large and small, to implement remote work solutions—and quickly. And such changes are not likely to disappear anytime soon; the remote work revolution is likely here to stay in some form or another.

Developing remote work solutions with speed was a necessity early on, to maintain business continuity, but now that operations are settling into the new norm, we can look back and see how these massive changes have introduced unintended (and potentially unknown) vulnerabilities into digital enterprise environments.

Mitigate an attacker’s ability to compromise remote operations and disrupt business continuity.

Follow Plow Networks: Twitter, LinkedIn, Facebook, and Instagram

This information is brought to you by our partner, FireEye.