Are Your Assets Protected as Work from Home Employees Surge?
By: Orhan Yildirim
Studies and real time tracking of incidents show that breaches will continue to skyrocket during this Work From Home (WFH) period, but in many cases, IT teams may not be aware of the adversaries for a year or more.
If you do not want to be a victim of a breach, you must adapt your security posture to a new norm.
While it was urgent to rapidly set up VPNs and other means to access critical business resources, there is no time like now to reflect on the significant risks associated with granting privileges to many more employees than usual, and enabling them to access resources over the Public Internet. With so many critical systems and valuable assets being made accessible from virtually anywhere, IT and OT teams, and the leadership and boards of companies are rightfully concerned.
According to Kate Lister, who has been analyzing remote work trends for more than a decade, this scenario, with employees forced to work from home, is a turning point for businesses in the U.S., where the evolution of telecommuting has been slower than in other countries and regions.
Even with natural benefits (reduced real estate costs, more workforce flexibility, and more productivity in cases her firm, Global Workplace Analytics has studied, only 7% of U.S. firms offer telecommuting and just 3.6% of American workers (5 million employees) spend at least half their labor hours at home. Based on data published by the U.S. government, the growth of remote work in the U.S. has been growing steadily (around 10% growth each year), but the COVID-19 pandemic has added tens of millions, even hundreds of millions of workers to work from home offices.
Even the next generation of workers – and the generation after that, are learning to learn from home as schools have been closed, which means a growing number of people are getting comfortable with the idea of virtual meeting and working.
Wayne Kurtzman, research director for social, community and collaboration at research firm IDC, said global demand for collaboration tools will increase exponentially as a result of the outbreak given this new comfort level, which Kurtzman says will make longer term and even permanent adoption seamless.
Within days of the rush to remote working in early March, attacks on systems began, including through privileged credentials. Adversaries continue to take advantage of many vulnerabilities, as the attack surface expands dramatically. Most well known were the early “Zoombombings” where strangers sat in on private business conversations and conference calls (which Zoom immediately began to address).
Super user (privileged) credentials are the prime target of attackers and used in 80% of breaches, and it can be surprisingly easy, fast and affordable to secure those, by implementing solutions that make system credentials invisible to employees.
Ironsphere’s solution, which works with any network and application type, records every session in real time and provides automatic alerts and notifications immediately, when our intelligent software senses a threat.
By adding Privileged Access Management to the IT team’s toolkit, enterprises and organizations can set up, monitor and manage credentials across multiple cloud-based applications, ERP systems, databases and collaboration solutions, not only securing remote access, but automating the process for the ultimate enhancement in productivity and efficiency.
Ironsphere’s leading PAM solution makes it easy to set up, scale and afford comprehensive implementations, that dramatically reduce risk and help ensure even better business practices, as we move into the new normal, with all the benefits of supporting distributed workforces without potentially disastrous breaches.
We’d be honored to help you protect what you connect – simply contact us at [email protected].
Mitigating Risks of Root Access for Superusers
Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.
Reality Check: How Adversaries Use Unsecured Passwords to Crack into Enterprise Systems
Weak passwords have long been the Achilles heel of IT teams, and despite all the best intentions, corporate policies, education, and workarounds, passwords aren’t going away any time soon. There is some buzz around password-less access, but there are good arguments to suggest that passwords should play a fundamental role in authenticating access.
Decentralized PAM Advantages and Challenges: Keeping Organizations Secure from Edge to Cloud
The debate on centralized vs. decentralized IT has been going on for decades, and there are solid arguments for both choices. The rise of the cloud changed everything, and today “shadow IT” continues to challenge CIOs and CISOs who are charged with protecting the assets of their organizations while also not restricting the number of productivity tools available which employees and contractors continue to find and use rather than using “official” applications.