Working from home is hardly a new concept: 62% of the US workforce have worked remotely at some point in their careers, according to one 2019 report1. Now, remote work is an everyday reality due to COVID-19 and the subsequent stay-at-home orders, with the number of employees working from home reaching dizzying heights.
Even once the lockdowns are over, remote work might become the new norm. A recent Gartner survey2 reveals that 74% of organizations will move at least 5% of their onsite workforce to being permanently remote. This shift will only expand the cybersecurity threat landscape and the attack surface, redefining existing security baselines that security operation center (SOC) teams have put in place.
In this fireside chat with David Dorsey, director of security research at Splunk, we discuss some of the new cybersecurity risks associated with remote work, how to mitigate these risks, and how to empower your security team.
Securing Your Remote Workers
An organization's security posture has never been more critical, especially now that the global workforce is logging on remotely. It’s rapidly driving change and business decisions across the enterprise3. And while security fundamentals haven't changed, the attack surface has massively expanded.
Organizations need to reevaluate their priorities around security. The rise of remote users has amplified the exposure to more innovative and insidious attacks. Phishing attacks are up 600%4 as criminals exploit the COVID-19 pandemic, taking advantage of vulnerable people likely to fall prey to their phishing attempts. One way analysts can adapt is to use fraud analytics and detection to prevent these emails from getting into the end user’s inbox in the first place.
Virtual private networks (VPNs) have also become more important. VPNs provide an additional safeguard for remote users, allowing them to transmit sensitive information across networks. By enforcing the use of VPN, security analysts can more easily monitor for unusual behaviors. Another security best practice is two-factor authentication. While two-factor is not foolproof, it raises the bar and is a step in the right direction.
Analysts are also seeing more network traffic at irregular hours. Working hours are no longer “nine to five” as remote work is often disrupted by sporadic household tasks or child care throughout the day — inevitably shifting the workday into the early morning and late night. To reduce alert fatigue from spikes of unusual logins at odd hours, analysts should correlate activities as sets of behaviors, making these insights actionable.
And finally, a foundational security best practice that all organizations should enable is data logging — both on-prem and in the cloud. Organizations must be hyper-vigilant by enabling cloud log monitoring. Analysts can push this data into Splunk Enterprise Security to correlate events and gain a better understanding of their entire environment.
Hear some more practical advice by tuning into our fireside chat, Working From Home: The Changed Threat Landscape.
This blog is part of Splunk's always-on digital series, Between Two Alerts. Click here to see more from the series.