Remote Workers: An Easy Target for APTs

Poor device security, inadequate training, and limited IT oversight issues abound

After Black Hat, DefCon, and the recent McAfee report, you are probably tired of all of the hype around APTs. I agree that the industry has co-opted and obfuscated but these "low-and-slow" attacks are something we need to understand and address before more of our private information and intellectual property flies out the IP-connected door. One of the characteristics of APTs is some type of social engineering tactic where the bad guys somehow con an internal user to download a malicious executable. This creates an internal outpost where hackers can steal credentials, scan the network, and ultimately steal valuable data. Recent ESG data points to an alarming reality: Remote workers (i.e. those that work in remote offices and branch offices) are "sitting ducks" for these kind of attacks. ESG asked IT professionals to identify their top security challenges with regard to support remote workers. The top four security challenges mentioned were as follows: 46%: Managing remote PC security and configurations 46%: Training and enforcing corporate security and compliance policies for Remote Office/Branch Office (ROBO) employees 38%: Monitoring the use and storage of sensitive data accessed by remote employees 34%: Remote user authentication and access controls To use a technical phrase -- holy cow! So remote worker PCs don't have the right security signatures or OS patches. Remote workers themselves lack training and security knowledge. Meanwhile IT has no idea what data is on these PCs and remote workers may have access to sensitive information they shouldn't have. There may also be a bunch of stale remote worker accounts that remain active. Never mind sophisticated APT attacks, the bad guys can put their trainees on remote worker targets and still infect their PCs in many cases. While it may be obvious, it is worth mentioning that we've spent the last 10 years or so centralizing IT so remote workers generally access mission-critical business applications and IT services over the WAN. What this means is that these extremely vulnerable remote worker PCs have an express train to the corporate jewels. As the old security saying goes, "the security chain is only as strong as its weakest link." If we don't address these remote worker vulnerabilities than all of the corporate security best practices and best-in-class security technologies don't matter -- the bad guys will simply enter through the remote office back door.

Copyright © 2011 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.