Is Remote Work Responsible for Growing Cybersecurity Threats?

Did you know that over 20% of organizations do not protect their remote users on the internet, and only 9% use some means to protect them against internet-based threats? This is occurring despite the looming cybersecurity threats as remote work became more popular, as seen in a 19.8% increase in data breaches for businesses that switched to remote work patterns.

But how did we even get here?

The Covid19 pandemic was a driving force behind several businesses shutting down operations during the lockdown. Consequently, about half of the workforce began working remotely for prolonged periods. This popularized the idea of working from home, working remotely, or as I love to put it, Working From Anywhere.

According to Databasix, 74% of organizations surveyed say 50-100% of staff are working from home, while 86% say the trend will continue after lockdown. Interestingly, this idea eradicates the notion of work being tethered to a particular location and increases the possibility and advantages of pooling in global talents from almost anywhere and utilizing them, using available technological tools to push businesses forward.

However, this paradigm shift in working culture hasn’t been perfect security-wise. Well, this isn’t a utopia, and you didn’t expect everything to be perfect, did you? According to Databasix, remote work has increased the average cost of a data breach by $137,000. The statistics highlighting the cybersecurity dangers lurking around remote work have been nothing but thought-provoking, and a few of them are:

Impact of Remote Work on Cybersecurity: What’s the relationship?

Due to the Covid19 pandemic, remote work has become the leading cause of cybersecurity threats as cybercriminals devise new methods to attack remote workers. This Malwarebytes report shows that 20% of organizations experienced a breach because of a remote worker and 24% of respondents in the report said that they paid unexpected expenses to resolve the breach or malware attack. This highlights the fact that remote work has only increased the apertures for data breaches and information leaks in cyber security.

So, it is not merely poor organizational security management within companies that causes cyber security breaches but individual employees too. These breaches caused by employees are referred to as ‘Insider Threat Risks.’ Contrary to public opinion, Insider Threat Risks may not always be a displeased employee selling the company out or acting maliciously. The majority of these Insider Threat Risks are due to the carelessness and negligence of remote workers.

A study from the University of Central Florida further buttresses this opinion, as the study revealed that when employees are stressed out, they are far more likely to fault security rules and regulations. These faults, carelessness, and errors can prove very costly to the company.

What’s the cost of poor cybersecurity in remote work?

Most times, remote workers only take shortcuts that break these rules to increase productivity as they are stressed out. But ProofPoint indicates that this carelessness can prove extremely costly as fixing an insider-related breach can cost a large company roughly $22.68 million and a medium or small-sized company around $500,000. These are staggering figures considering these facts about security threats and the propensity of a data breach around the world as reported by CampriTech:

• 62% of companies in South and North America have encountered at least one data breach between 2021 and 2022
• Personal Identifiable Information (PII) costs $180 per record
• In 2021, the cost of a data breach rose from $3.86 million to $4.24 million, which was the highest average total cost in the 17-year history of this report.
• $4.64 million is the average cost of a data breach in the United States
• 70% of cloud infrastructures are breached in a year
• 630% in cloud-based attacks within January-April 2020 due to the Covid 19 pandemic.
• The average cost of a breach increased by $1.07 million when remote work was a factor

Sadly, these attacks are not slowing down. In 2021, the biggest data breach was Comcast- with a cost of $1.5 billion, seconded by the Brazilian resident data leak (660 million), and Facebook and LinkedIn followed with costs of $533 million and $500 million, respectively.

What is even more saddening are the facts from another Comparitech study on the share prices of 34 companies that experienced data breaches listed on the New York Exchange. It was noticed that after 3 weeks of the breach, the share prices of these companies dropped by 3.5%, and even after three years, these companies were underperforming the market by 15%.

What are these Cybersecurity risks?

CyberTalk reports that 31% of companies do not employ any tangible means to protect their remote workers from cybersecurity risks. This might be because they might not be aware of the looming cyber security risks lurking in the dark online space. So some of these risks are:

• Ransomware: Cyber attackers can infiltrate sensitive data online through malware called Ransomware. This type of malware blocks users from accessing their systems. The cyber attackers will then take control of the systems and ask for ransom or threaten to publish/sell the data if a ransom is not paid.

• Weak passwords: Login credentials are one of the biggest threats facing remote workers as they keep on using recycled, old, weak, or insecure passwords for their remote working accounts. These passwords are easily cracked by cyber attackers using software that can guess login combinations. Another way is hacking corporate accounts used by remote workers by using the passwords used by remote workers on their accounts.

• Unsecure Wi-Fi: Most corporate companies' Wi-Fi networks are protected by secure firewalls to monitor and block malignant traffic. However, remote workers may connect to the corporate company’s systems using unsecured Wi-Fi. This leaves them susceptible to a data breach that may expose the company’s corporate data.

• File sharing: Files stored on corporate servers are mostly safe due to encryption protection. Despite this, these files can be vulnerable to attacks during transit or intra-transfers through file sharing tools by remote workers. This can lead to identity fraud or ransomware attacks.

Can we improve Cybersecurity for remote workers?

In one word? Absolutely. A blog on Turing, an AI-based talent cloud company founded by Jonathan Siddharth and Vijay Krishnan, points out 8 best practices for remote developers to improve remote security.

Although PurpleSec reports that 71.1 million people fall victim to cyber crimes yearly, it also notes that zero trust security policies saved $1.76 million per breach and security-driven AI had the best cost mitigation, saving up to $3.81 million. Along with zero trust security policies and security-driven AI, there are also more ways of securing remote workers from cyber risks. An enumeration of these methods is given below:

• Zero trust security policies: According to a report by 'HP Wolf Security Blurred Lines & Blindspots, ‘Almost one-third (30%) of remote workers surveyed have let someone else use their work device’, this is where the zero trust security policy comes in. The zero trust policy mandates that every user requiring access, remotely or not, to a company’s system or data must be continuously validated, authenticated, and authorized before being granted access. This prevents random access from anyone within or outside the organization.

• Security-Driven AI: AI-driven security combines the strength of artificial intelligence, including machine learning, advanced data analytics, and automation, to build a robust security setup against cyber attackers. This has proven very effective because enterprises using it can ensure timely detection of advanced threats, faster analysis, and accurate responses to threats.

• Avoid the use of VPNs: Although using VPNs (Virtual Private Networks) allows remote workers to access the company’s resources and get jobs done anytime, anywhere, it can also prove dangerous. VPNs can be a point for data leaks for remote workers as this is proven by a report from Spiceworks. The report stated a SQL database dump was published on Telegram on the 7th of May, 2022 containing 10 GB of sensitive information of approximately 21 million people.

• Be careful of using Wi-Fi in ‘third spaces’: Using Wi-Fi networks in public spaces to log in to company systems can expose a company to cyber risks through the remote user. Remote workers should avoid using these wireless networks in public spaces as much as possible.

• MFA (Multi-factor authentication): MFA has a reputation for preventing the majority of credential-based attacks. MFA provides protections by ensuring that every time a user logs into a system, the user has to provide multiple credentials. Remote workers should enable MFA on all their remote devices.

• Update devices regularly: Regular updates on devices ensure that any device on a network is both configured correctly and has the latest patches and updates from the manufacturer. This builds the device's threat resistance against all types of attacks. Remote workers can use Endpoint Management Software to ensure that this happens across the network.

• Employ anti-malware software: Remote workers can improve cybersecurity by ensuring that malware protection software is installed and used in addition to more standard anti-virus software. This software will also alert its users about possible threats and viruses that may have gained access to the system.

Closing words

Cybersecurity is one of the major talking points in today's tech world, as millions of dollars have been lost and more are at risk of being forfeited to cyber attackers because of the growing threat and expertise of cyber attackers. However, to always be ahead of these cyber attackers and ensure that all these methods of cyber attack prevention are implemented, it is pertinent to hire an internet security developer. Ultimately, cybersecurity can only be attained through the combined 100% adherence of everyone involved, especially remote workers.

Image Source: Cottonbro