Working From Home Has Opened The Door For Hackers
As COVID restrictions spread in 2020, the workforce found themselves mired in the challenges of working remotely. Many were working from their own device or personal PCs. IT departments struggled to fill the demand for laptops and other company-approved equipment and were granted remote access to company data.
Most remote workers began to access customer and company data from their personal devices connected to their home networks, the same network utilised by other home-bound family members. Security teams lacked visibility into these home networks and needed more resources to monitor the new adequately and hastily expanding attack surfaces.
Malicious threat actors quickly took note of these new opportunities that had materialised virtually overnight. Suddenly, in the rush of establishing countless home networks and new cloud environments, these smaller and less secure networks across the country become easy and plentiful targets through compromised devices and networks.
Consider the following findings from Forrester’s September 2021 Report, Beyond Boundaries: The Future Of Cybersecurity In the New World of Work, where security and business leaders report increased risk due to:
- 80% moving business-critical functions to the cloud
- 80% enabling a remote workforce
- 61% expanding our software supply chain
- 59% moving non-business-critical functions to the cloud
Implementing a Zero-trust Architecture
According to a September 2021 report from Atlas VPN, “ransomware attacks are up 151% in the first half of 2021, compared to the same time in 2020.” Weaknesses exposed in home networks (including connectivity and underlying infrastructure) contributed to the unprecedented increase in the number and severity of these types of attacks.
To defend themselves, many organisations have begun implementing a zero-trust architecture to help better secure network environments transformed and weakened by the remote workforce.
Zero Trust & Penetration Testing – Stay Ahead of the Security Risks
Even if your organisation has begun its Zero Trust journey, penetration testing will test your existing security controls to ensure your infrastructure, people, and process are protecting your most valuable assets.
A pentest performs a security assessment to identify critical security weaknesses and tests security control assurance and capabilities. The goal is to gain unauthorised access into the targeted IT system(s), establish persistence, and demonstrate an ability to access sensitive data. Knowing if your network monitoring, firewalls, endpoint security tools, SIEM, and other security tools are properly deployed is just as critical as understanding whether your team is responding appropriately to the alerts.
At the end of a penetration test, the security team will have spent days or weeks occupying the mind of an attacker and amassed a slew of data. Results collected during these simulations are then compiled into actionable reports which reveal your organisation’s susceptibility to such elevated cyber-attacks designed to obtain your most sensitive information and the potential impact. These comprehensive reports clearly show what was found, how it was found and provide detailed, proven recommendations for remediation. Reports are typically supported with evidence in the form of narratives, screen captures, and detailed drawings indicating the times and paths of the simulated attacker.
At Siege Cyber we specialise in all forms of security testing and penetration tests, with a strong focus on Cloud and Work-From-Home penetration testing.
Siege Cyber – Australian Leader in Penetration Testing
Take charge of your company’s security posture by addressing vulnerability issues before they become the source of a significant data breach or other cyber-attacks. Siege Cyber helps companies identify and solve security problems within their networks, systems, and other assets. Contact us today at [email protected] or contact us for a free consultation with one of our penetration testers today.