Just recently, the World Health Organization declared coronavirus a global pandemic. This decision brought with it several health and safety measures, and normal life came to a halt in many countries. This resulted in many organizations around the world adopting telecommuting methods to prevent the spread of COVID-19.
While people are adjusting to the sudden changes in the way they work, cybercriminals are using this opportunity to exploit new vulnerabilities the work-from-home environment presents. Since, employees are outside their usual work zone, they are at a much higher risk of exposure to phishing attacks, malware attacks, advanced persistent threats (APTs), and much more.
While the world battles coronavirus, security operations centers around the world are battling to retain their organization’s security posture amid the chaos. Let’s take a closer look at some of the cybersecurity risks of the telecommuting model and how security operations centers can overcome them.
A world of endless possibilities
A huge number of employees making the jump to the online workspace suddenly will inevitably result in a wider attack surface. This brings us to the challenge of remote employees using their own devices for work, which often introduces a number of new platforms and operating systems into the organization’s network. Since most of them do not fall under the organization’s security policy, they could be creating cracks in the security infrastructure, increasing the chance of a security attack.
One such opportunity for attackers comes in the form of VPNs. As remote workers depend on VPNs to stay connected, attackers are targeting them to establish a strong foothold on the network in the first stage of their attack. These attackers are often armed with plenty of resources to carry out sophisticated, multi-stage attacks.
Once an attacker gets access to the network through a VPN connection, they may find other vulnerable targets in the corporate perimeter. And once they’re in, they could install malware to create a backdoor to use even after the vulnerability is plugged. This paves the way for further exploitation as they might now be able to gain plain-text credentials of privileged accounts.
Tackling security risks and staying safe
We know that attackers are actively targeting VPN vulnerabilities, so what are the steps organizations can take to protect themselves? First, VPN server patching is essential. The U.S. Department of Homeland Security continuously warns about the risks of unpatched VPN servers and how frequently they’re compromised by attackers.
Updating the network infrastructure devices and the devices used for remote work with the latest software patches and security configurations will help avoid intrusions. On top of this, implementing multi-factor authentication on all VPN connections will further strengthen your security stance against intruders.
Ensure that your security team is prepared to carry out audits of all remote accesses, can detect indicators of compromise, and will be able to respond effectively. Since VPNs allow remote connections to your organization’s network, you cannot always trust the other end.
Log360 monitors accesses to VPNs and ensures that only authorized workers are gaining access to your network. Log360’s VPN log monitoring feature should be the first barrier guarding the entry to your network. The solution also collects logs from VPN devices and equips security admins with valuable logon information and VPN activity through out-of-the-box reports. These reports help ensure network security by letting you view user login details and analyze trends in user login patterns.
Login patterns are essential information for Log360’s user and entity behavior analytics (UEBA) feature. The advanced machine learning-based solution discovers access patterns across devices and creates a security baseline for every user. Any deviation from the usual patterns will be deemed anomalous behavior and will be associated with a risk score.
Security admins can continuously monitor these risk scores and identify unusual or suspicious activities. The solution gives organizations the power to detect suspicious software installation, access to sensitive data, and more. Log360, a complete security information and event management (SIEM) solution, offers advanced security capabilities that provide admins with complete monitoring and incident detection capabilities to monitor remote employees at all times.
Finally, as employees are connected remotely, security admins may not be readily available to respond to incidents. Therefore, educating your employees on cybersecurity practices is the strongest tool of all.