So, how should organisations be looking ahead to solve the network security challenges presented by the ‘new normal’?
Remote-working is the new reality for millions of Brits. With this has come a rapid shift in how organisations need to approach security as workers continue to connect to corporate networks from a growing variety of insecure personal and corporate devices. The challenge is that many current cybersecurity solutions set up in the workplace don’t work from remote locations without substantial changes, preparation and planning. Unfortunately, due to the speed at which the pandemic took hold, organisations have had little time to prepare and plan their cybersecurity strategies for a large-scale remote workforce.
According to recent research, CISOs are defaulting to Virtual Private Networks (VPNs) to deal with a remote workforce that grew from an average of 20 per cent to over 80 per cent in a matter of weeks. Whilst VPNs have been pushed by some as a solution to this challenge, it is becoming increasingly clear that what was initially a ‘temporary’ working from home experiment has become a long-term reality, meaning many IT managers and business leaders need to start thinking about long-term solutions to protect corporate networks.
VPNs work by encrypting a user’s web traffic and sending it through a private connection to the corporate network, allowing employees to access corporate data and applications with some measure of security and privacy. Figures released by VPN provider NordVPN revealed that global use of its VPN technology had increased by 165 per cent since 11 March. In the UK, usage has grown by 48 per cent.
However, in a joint alert on April 8, CISA and NCSC announced they had observed malicious cyber-actors taking advantage of this mass move to remote-working by exploiting a variety of publicly known vulnerabilities in VPNs and other remote working tools and software.
The security issues of remote-working
A report by Reposify identified a 127 per cent increase in internet-connected Remote Desktop Protocol (RDP) endpoints – which should typically not be internet-facing – due to the surge in remote working. This means there are now more than 4.7 million publicly exposed remote desktop protocols for hackers to exploit.
There is also the increase in cloud usage to consider. A new report from McAfee analysing cloud usage data collected from over 30 million enterprise users between January and April estimates a 50 per cent growth in the adoption of cloud services across all industries. This is even higher in some industries with manufacturing and education seeing spikes of 144 per cent and 114 per cent per cent respectively. In particular, Cisco Webex usage has increased by 600 per cent, Zoom by 350 per cent, Microsoft Teams by 300 per cent and Slack by 200 per cent. Whilst this has been seen by many as a welcomed acceleration towards increased cloud adoption, it does bring with it new security risks. McAfee's data also found traffic from unmanaged devices to enterprise cloud accounts doubled over the same period.
As organisations rush to protect their growing remote workforces, there several considerations to make, not only about the lack of security in place but also how remote-working will change our working behaviours.
Firstly, it is important to consider the risks brought about to corporate networks by insecure consumer Wi-Fi connections, document shares via unapproved cloud folders and home browsers configured with dodgy plug-ins and applications. Secondly, home routers are often insecure and not patched to the security level suggested by their manufacturers, and it won’t be enough to rely on employees to follow best practice here. In addition, when working at home people tend to view personal email and other non-business websites more often than they do at the office, therefore increasing the probability of running into “malvertisements” and other malicious actors that could compromise their devices and eventually the corporate network.
Why VPNs aren’t the one-size-fits-all solution
Whilst many IT leaders have looked to VPNs to solve security issues that have arisen due to remote-working, many do not provide the level of security needed for today’s threat landscape.
Due to the proliferation of cloud-based applications like Office 365 and Google Drive, it is increasingly uncommon for organisations to rely solely on corporate resources that are reached via VPN-based access. Instead, VPNs are often used to access only a small portion of internal server-side platforms, leaving remote users exposed to threats when using cloud-based applications.
In addition, because VPNs are considered 24/7 infrastructure, organisations are less likely to keep on top of the latest patches, leaving many networks wide open to attacks. A prime example of this was when Elexon, a middleman in the UK power grid network, confirmed in May that they had fallen victim to a suspected ransomware attack. It was reported that Elexon had been running an outdated version of an enterprise VPN service despite warnings earlier this year that hackers were targeting a long-known bug in its code.
To make matters even worse, most VPNs charge by the user, which means many organisations have a limited number of VPN connections available to staff and any additional employees are therefore accessing corporate data from unprotected networks.
Long term strategies to protect the corporate network
In this environment, one of the best and most cost-effective ways organisations can secure such a large-scale remote workforce is by using Domain Name Servers (DNS) as the first line of defence. Every connection to the internet goes through DNS—those working from home are typically using either public DNS or DNS provided by their internet service provider.
However, most of the time, neither run security enforcement on DNS. Companies are increasingly interested in implementing secure DNS services that can quickly start protecting their remote workforce. This is because DNS services can extend enterprise-level security to remote employees, their devices, and corporate networks, no matter where they are located. It does this by distinguishing between legitimate and malicious DNS traffic in real-time, enabling a DNS server to respond only to valid queries, even while under attack.
Let’s be honest, remote-working will become the new norm across almost every industry. Deploying a best-practice strategy that supports both your on-premise infrastructure and your remote workforce is therefore essential. Using DNS security to do this will enable organisations to better secure remote workers, protect critical infrastructure and secure intellectual property.
Keith Glancey, Systems Engineering Manager, Western Europe, Infoblox