How remote work makes breaches worse

By Ash Patel, General Manager, EMEA - Zimperium.

  • 2 months ago Posted in

Security and IT innovation are in a constant conflict between overreach and adjustment. One technology emerges which offers transformative opportunities for the digital enterprise, but disrupts the ordered security arrangements on which the pre-transformation enterprise was based.

These days, mobile devices and remote work are at the centre of this struggle. Mobile devices are now the endpoint on which most business is done and they’re the key enabler of remote work. Although adopted as a response to the stringent conditions of the pandemic, remote work has solidified itself as a fact of modern working life. Yet like so many developments before it, it has fundamentally disrupted the security order that we often still rely on. The architectural shifts that mobile devices and remote work cause open new vectors for attack, unearth new scope for compromise and often throws network visibility into obscurity.

Remote work breaches

However, it’s not just that remote work practices open up new opportunities for malicious compromise, it's that those compromises are legitimately worse. According to the 2022 IBM Cost of a Data Breach report, remediation costs for remote work breaches were $1 million more than they would have been otherwise. To make matters worse, the 2022 Verizon Data Breach Investigations report found that 73% of the organisations that had experienced a mobile related breach described it as “major.”

Zimperium’s Global Mobile Threat Report (GMTR) reveals nearly 50% of cybersecurity professionals believe that their remote work strategy plays a central role in their cybersecurity incidents and 61% believe that setting cybersecurity policies in the age of remote work is next to impossible.

While other digital transformations might expose a part of that enterprise’s environment, remote work fundamentally shifts it away from the known, controllable environments and onto the unmanaged devices and networks that remote work interacts with.

Unmanaged devices

The essential problem here is that remote work is often built on a massive proliferation of unmanaged devices which represents a growing unwatched and unprotected attack surface which organisations are now irreversibly reliant on.

In turn, this opens an organisation to being blind-sided with attacks from every single potential point that their now hugely expanded - and often unmonitored - attack surface now covers. From there, the blowback can wreak even bigger damages in terms of reputation, compliance, employee trust and can stall further digital transformation efforts when executives realise just how hazardous these kinds of innovations can be.

There are perverse incentives at work here too. Some organisations are quite happy to let their employees and users' devices go unmanaged, even as they invite threats and risks to the organisations. Some see it as a simple value calculation - it will be cheaper to suffer a cyberattack than it would be to manage a whole new fleet of devices, and all of the costs and compliance considerations that come with it.

The particularly damaging thing about a remote work breach is that - for cybercriminals - it combines the irresistible opportunity of unwatched, unprotected and unmanaged devices with prized access to corporate data. It’s the enterprise security version of a bank’s unlocked back door. As the old security saying goes - attackers will always find the path of least resistance - and the growing population of unmanaged mobile devices is often a path of almost no resistance at all.

Getting personal

It’s almost impossible to separate the transformation of the mobile device into the central business endpoint from the rise of remote work. Remote work - and all work - now relies on the mobile devices that employees possess. According to the GMTR, in 2022, 66% of the mobile devices used in the enterprise were personal devices.

This mixing of the personal and the corporate points to the very heart of the security problem around remote work. As organisations rely on employee and user devices, they get exposed to myriad new threats and risks - including insecure home networks, the poor security habits of users, the security of the devices themselves and the applications within. From there attackers can attack remote workers through their insecure or unmanaged devices to get at the privileges and data they possess.

The 2022 GMTR pointed out that 73% of technology leaders have at least four enterprise productivity applications on their personal devices. Unfortunately, these often present a key vulnerability for attackers to seize upon. Take Microsoft 360 - one of the most popular productivity apps currently in the market. Kaspersky says that 72% of exploits are targeted directly at this one application.

Similarly, the internet is awash in malicious applications. These often hide themselves as legitimate educational or health applications and manage to bypass vetting procedures on Apple Store and Google Play. When they’re downloaded onto a phone they work as Remote Access Trojans and Spyware which can surveil and even control the devices operations.

Mobile phishing has grown massively in recent years as attackers take note of the swelling population of mobile devices. Zimperium’s 2023 GMTR finds that 80% of phishing sites specifically target mobile devices or are designed to work on both desktops and mobile devices. Classical phishing is mostly email based, but mobile phishing exploits push notifications and SMS functionality - which the average user is 6-10 times more likely to fall for - thus widening the scope for deception and compromise.

The devices and networks those employees will interact with are also a cause for concern. Remote workers are responsible for the security of their own devices, which effectively puts organisational security in their hands. Failure to update, patch, upgrade or even active jailbreaking of their own devices can lead to direct threats to their employers. The data that they use and the access they’re granted can then be stolen by attackers.

Similarly, if an employee were remote working from a coffee shop - they may be using an insecure Wi-Fi network. From there - attackers can easily access and control their device. Attackers could also use a Rogue Access Point (RAP) to deploy targeted exploits against the employee’s device.

Remote work is here to stay and if enterprises keep failing to adequately protect and manage their devices, then so will the threats. There are no longer that many barriers between the office network and the malicious apps, poor security habits, insecure home offices and public-Wi-Fi networks of the wider world. However, there are a lot of mobile devices connecting the security of the former to the insecurity of the latter. Organisations need to start treating remote worker devices as a part of their enterprise network because attackers are already doing so.

By David Trossell, CEO and CTO of Bridgeworks.
By Patrick Wragg, Head of Incident Response at Integrity360.
By Chris Steiner, VP EMEA, Zimperium.
By John Linford, Security & OTTF Forum Director at The Open Group.
As a global leader providing hyperscale and large enterprise data centre solutions, a robust, scalable and efficient cybersecurity solution is of critical importance to Colt Data Centre Services (Colt DCS).
Q&A with Abhilash Verma, General Manager, NetScaler.
By Stuart Hodkinson, VP EMEA at PlainID.
By Paul Baird, Chief Technical Security Officer EMEA, Qualys.