Remote Workers Often Not Provided Secure Tools

The number of employees working from home is increasing, but the security technology to support them is not being deployed.

According to a survey of 694 IT security administrators and practitioners, most companies fail to authenticate remote workers properly or inadequately inspect their network traffic for threats.

The research, conducted by Cato Networks, found 68% of respondents said their organizations fail to deploy enough prevention or authentication technologies for remote users. In particular, 37% do not use multi-factor authentication (MFA) for remote users, while 55% of respondents fail to employ intrusion prevention software, or anti-malware technology, while 11% fail to inspect traffic altogether.

“A lack of security enforcement on remote access users should be of serious concern for IT managers: enterprises cannot enable widespread remote access at the expense of security protections,” said Yishay Yovel, CMO of Cato Networks. “Enterprises should be able to provide remote access for all users anywhere, in minutes, with the security protections and network optimizations they have in the office.”

Brian Honan, CEO of BH Consulting, told Infosecurity that the numbers did not surprise him, as many companies were already struggling to roll out better authentication technologies for remote users before the global pandemic hit.

He said: “With the rush to support remote working for many more users, companies rapidly expanded their remote access solutions or migrated systems to the cloud; this rush was to ensure the business could survive and support staff to continue working.

“However, now that those immediate goals have been met and our response to the pandemic may be more long term than initially planned, companies need to review the security and resilience of their remote access solutions.”

The news follows research from earlier this week, when a Tripwire survey found 94% of cybersecurity professionals were more concerned about security in the wake of COVID-19. Its survey of 345 IT security professionals found that 89% said remote working had made the job more difficult. Additional findings included:

• 49% said they cannot effectively secure employees’ home office environments
• 41% said it is more challenging to manage what devices are connecting to their corporate networks
• 38% said it is hard to gain visibility into remote assets and systems

The survey also found that 53% of respondents were increasing security investment with 28% investing in new tools.

“The massive shift to working remotely represents a huge change for organizations’ attack surfaces,” said Tim Erlin, vice-president of product management and strategy at Tripwire. “It’s no surprise that security professionals are finding it challenging to monitor and minimize the new attack surfaces.”