Work from Anywhere Challenges: A Cybersecurity Perspective

Organizations have had to quickly transit to work-from-anywhere (WFA) model, as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic. This is fast becoming the new normal, as many organizations have adapted to the new remote working culture, and research [1] shows that more than 74% of organizations will support a certain population of their workforce to continue to work from home or anywhere. Remote work, however, introduces new risks and challenges, which are transforming the cyberthreat landscape, as we used to know it. With the WFA model, certain challenges which were not considered (at least to this large scale) now present new challenges to organizations and are forcing organizations to revisit their cybersecurity policies and measures. Some of these new challenges are given in Figure 1. We group these challenges broadly under four categories based on the source they may come from. These challenges could be related to either employee themselves, used tools (e.g., devices and software), the communication network, or the organization. In the following, these challenges are explained in some detail:

  1. Employee-related Challenges
    • Offboarding employees after termination of contract: In the event of redundancy or employee termination, organizations face significant challenges on how to ensure the employee does not continue to hold on to information belonging to the organization. With employees having their home offices, the tendency to store confidential documents locally poses cybersecurity risks to the organization.
    • Disruption: Employees working from home face a lot of disruption from the environment around. The disruption may come from kids at home or crowded people in public places. As a result, employees may lose some of their attention and do some wrong activities such as sending sensitive information mistakenly to someone who shouldn’t see that information or opening a phishing email. Therefore, this disruption may increase the organization’s security vulnerabilities.
  2. Device- and Software-related Challenges
    • Physical security of devices: Employees working outside the office have their work computers exposed to people outside the organization. The risk of information breach is higher when an adversary gets physical access to a computing device, and the ability to access the device is even GESGOALHESGOALincreased with employees working from anywhere.
    • Increase in shadow IT: There has been a surge in shadow IT since the start of the COVID-19 pandemic. Shadow IT refers to the use of devices and software without the knowledge and oversight of the organization’s IT department. Many employees turn to unauthorized third-party software to complete their jobs remotely. A report published by Awake Security [2] revealed that the use of unauthorized remote access tools increased by 75% in the first quarter of 2020. This was directly attributed to COVID-19 related to remote work. The surge in shadow IT goes beyond unauthorized software installation and includes the use of unauthorized personal devices, cloud services, and IoT platforms. Shadow IT increases cyber-security risks in an organization such as data exfiltration and leaks, as well as noncompliance with laws and regulations which would increase vulnerabilities.
    • Risks associated with file-sharing over the Internet: With several employees working from several locations, the problem of sharing files is more evident. File sharing is one of the most security concerns for organizations as indicated by remote work-from-home cybersecurity report [3]. Those untrusted peer-to-peer file sharing platforms would expose an organization’s information leading to loss or stolen data.
    • Privacy violation associated with video conferencing tools: an example of this risk is the flaw discovered in the Zoom application [4]. It enables the attacker to record the Zoom sessions without notifying the participants.
    • Risks associated with using work devices for personal tasks or using personal laptops for work activities: This blurred line between professional and personal lives creates new vulnerabilities. According to a report published by HP inc., 70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities [5]. These shifting patterns are taken as an advantage by hackers to ease their fishing campaigns.
  3. Network-related Challenges
    • Eroded network security perimeter: some employees work from coffeehouses, connecting to untrusted access points, and sometimes from multiple locations, friends’ houses, etc. and this introduces the organization to threats associated with connecting to untrusted and insecure networks. Insider threats come from untrusted networks now more significant than before.
  4. Organization-related Challenges
    • Restricted virtual IT help-desk support, no in-person contact: Lack of in-person interaction with a human being for IT support has also introduced some cybersecurity challenges into the WFA era. More than 40% of respondents said they missed having a support staff physically at their location and more than 45% of respondents had asked a friend or family member to help them resolve computer issues [6].
    • Identity vulnerabilities: organizational security perimeter definition is more challenged than before. The identity vulnerabilities increase as an employee uses daily navigates the organization’s resources from different devices, applications, and networks. User identity exploitation has become one of the most common attacks as reported by ESG research [7]. This requires the organizations to adapt their security defense against modern threats robustly and contextually.

References

[1] Lavelle, Justin. ”Gartner CFO survey reveals 74% intend to shift some employees to remote work permanently.” Gartner. April 3 (2020). Online

[2] Aakash, Jain. COVID-19 Security Impact: Rise of Shadow IT. Awake Security. March 11, (2021). Online

[3] Tom, Warren. ”Remote Work-From-Home Cybersecurity Report”, 2020. Online

[4] Tom, Warren. ”Zoom faces a privacy and security backlash as it surges in popularity”, 2020. Online

[5] HP Wolf Security, “Announcing HP Wolf Security, and a New Report Assessing Remote Working Cyber Risks”. Jun 11, (2021). Online

[6] Help Net Security. ”Top digital security worries when it comes to remote employees”, 2020. Online

[7] Cahill, Doug ”Trends in Identity and Access Management: Cloud-driven Identities” October, 2020. Online

mohammed mahyoub