Of all the changes we experienced as a result of the outbreak of COVID-19, the global epidemic in early 2020, maybe social distancing and mask wearing have been the most significant ones. There have been many other changes such as prohibition of large gatherings, lockdowns, personnel checks at company entrances, QR codes, security number[HK1] , and remote work. Among these changes, remote work is perhaps the most widely adopted, used by many institutions and companies worldwide for their workforce, primarily by large or mid-sized companies. The graph below shows how quickly the transition to remote work was made between February 2020 and April 2020 at the beginning of the COVID-19 pandemic. (Source: Carbon Black 2020)
This remote work is mainly done at home, telecommuting, which has brought several changes to people’s lives at home including good changes such as deeper relationships with family members, hobbies and self-development, and utilization of IT and online programs. It seems the changes are mostly on the positive side, but are they really?
We have also experienced a lot of unforeseen problems caused by remote work and remote learning at home such as family discord, distraction while working and studying, and unproductivity etc. And as a person who works in the information security field, I cannot help but to point out the challenges of security associated with remote working, that is dramatic escalation of security breaches.
When working remotely, workers often use a VPN (Virtual Private Network) to connect to corporate networks and may use a remote desktop (RDP) to connect to a server. Workers generally use PCs managed by their companies when they are at the office, but when working remotely at home, they may use personal PCs via their personal WiFi. Most of corporate PCs are installed with security programs and are not allowed to arbitrarily install programs, but this level of security is not available for home computers!
The graph below shows the amount of ransom payments made quarterly industrywide (Source: Coveware 2020). We can see that the ransom amount has increased dramatically since the breakout of COVID-19.
It is no surprise that there is a strong correlation between an increase in working from home and an increase in ransom payments. It is quite possible that the increase of ransom payments may be due to the security breach caused by remote work. Because remote workers use terminal devices (such as personal PCs) often with poor-security protection to access corporate networks or servers, hacking from new malicious codes and ransomware has increased as remote workers’ terminal devices have become the medium for hackers to attack corporate networks and servers. This increase has occurred even as hacking into corporate networks and servers has become more and more difficult. It used to be one or two people were able to hack by exploiting vulnerabilities in corporate servers, but corporate security systems have steadily become more mature making hacking more difficult. Now a group of hackers must systematically attack selected targets to crash their security systems. This new approach is called APT (Advanced Persistent Threat).
The bottom line is that in order to protect corporate networks and servers in remote working environments, one must follow the Zero Trust Principle, installing products such as EDR. Don’t trust anyone when it comes to computer security, whether it is remote workers, home LANs, home PCs, etc. We are all potentially vulnerable, meaning the Endpoints must be protected.