Saturday, January 22, 2022

Data Security Issues With The Remote Workforce & How Forensics Can Help

 


Introduction

The concept of the Remote Workforce has now become a reality for the long term, going well into 2022, and possibly even beyond. While most Cyber experts were predicting that a near 99% Virtual Workforce was possible in a 4-5 years, it came to fruition in just a matter of two months, right when the COVID-19 pandemic started.

Many businesses across Corporate America were not prepared for the sheer gravity of this situation, and as a result, new Cybersecurity issues have sprouted, especially concerning the intermingling of home networks with corporate networks. As a result, this has exposed confidential information and data to being easily heisted by malicious third parties.

There are other data security issues as well that have come about recently, and this is the focal point of this article.

The Main Issues

1)     The use of the Virtual Private Networks (VPNs):

The VPN has normally been one of the most relied upon tools in which to transmit confidential information/data across a network connection. While this technology has been designed to support a workforce that works remotely about 20-30% of the time, it simply has not been able to keep up with the magnitude that became necessary beginning in March of 2020. Because of this, the total number of brute force attacks has escalated to levels never seen before. For example, these kinds of security breaches now make up for at least 45% of the cases that Incident Response teams must respond to (SOURCE: 1). This kind of attack is carried out in almost the same fashion as it would be against a server. For example, the Cyberattacker targets a specific portal that is associated with a VPN, and completely overwhelms it with hundreds of phony authentication requests, making use of an already heisted list of credentials (most likely purchased from the Dark Web). Once the right username/password combination has been found, the Cyberattacker then has a quick and covert way to access into the lines of communication and hijack proprietary information/data that is in transit. Worst yet, this point of entry can be used to leverage lateral movements into other corporate networks, in an attempt to hijack the Personal Identifiable Information datasets of employees and customers for further exploitation.

2)     Lack of company issued equipment:

In the rush to get employees to work remotely as quickly as possible, many organizations were under a severe time crunch in order to issue equipment that had all the necessary protocols installed onto them. As a result, many devices were not set up properly, or remote employees were not given anything at all. Because of this, during the interim, people have been using their own personal devices or smartphones to conduct their daily job tasks. This, of course, has been a huge security risk because of the lack of security controls that are on them. It could also mean risking further exposing confidential information and data to levels that are totally unacceptable.

3)     The use of the Cloud:

Over the course this year, many businesses have also realized some of the strategic benefits of using a Cloud based platform (such as that of the AWS of Microsoft Azure) in which they can move their entire On Premises Infrastructure into. While these providers do offer an extensive suite of tools that a company can use to protect their virtual databases, the problem now comes to a matter of proper configuration. In these cases, the default ones are used, which are often not compatible with the security requirements of the organization, thus offering a new backdoor for the Cyberattacker to penetrate into, to heist confidential information and data.

4)     The use of insecure networks:

 

When restrictions were eased up during the summertime, many remote employees started to work in public places, such as that of Starbucks or Panera Bread. While these venues do offer internet connectivity, they are very often insecure, as they offer no level of encryption whatsoever. Rather than using a secure connection, the tendency was to use these public connections in order to carry out work related duties. As a result, all the information and data that was transmitted back and forth were done so in a clear text format, making it quickly visible to the outside world. Or worst yet, these venues are also the perfect places in which a Cyberattacker can leverage a Social Engineering attack. For example, a Cyberattacker can easily pose as a patron, and engage in a conversation with a remote employee. Even if a secure network connection was established, a data packet sniffer could easily be covertly hidden in a clothing pocket so that the data packets can be captured, and the information residing in them could be exfiltrated at a subsequent point in time.

 

5)     The lack of proper patching:

Before the COVID-19 pandemic hit, companies (for the most part) maintained a fairly normal schedule of applying the needed software patches and upgrades to all of the servers, databases, and employee devices. But with many remote employees now using their own home-based networks in order gain access to shared resources, it has almost become impossible for IT Security teams to deploy these patches. After all, you cannot force a remote employee to install something onto their home network if they don’t want to. Many organizations are still trying to find a fix to this grave issue, and in the meantime, the Cyberattacker has yet another easy way to get access to your most critical information and data. This is due to the fact that many remote employees still have not upgraded the security levels of their home-based networks and rely upon just one password to protect them.

Conclusions

Overall, this article has examined some of the key areas in which your mission critical information/data can be covertly hijacked without even you knowing about it, until it is too late. But if your company is unfortunately hit with a security breach, you still owe it to your key stakeholders to conduct a thorough examination of what has happened and ensuring it can be mitigated in the future.

One way to do this is to conduct a Forensics investigation, led by a team of experts.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...