Complex Made Simple

The outdoors, indoors and security corridors of today’s remote workforce

A Kaspersky survey recently found that 32% of remote work employees in the UAE enjoy working outdoors. Another behavioral transformation is taking place indoors. Cybercriminals don't care either way

Treats favored by employees include more time for video games (21%) and takeaway lunches (29%) Cybercriminals are using valid Transport Layer Security (TLS) certificates to make the lookalike domains appear legitimate IT has a seat at the table in pushing forward ambitious forms of digital transformation

A Kaspersky survey recently found that 32% of remote work employees in the UAE enjoy working outdoors.

Another behavioral transformation is taking place indoors, with the hybrid workforce getting used to certain perks that the office never before acknowledged.

But it all comes with a high degree of risk: IT security.

What Kaspersky found

People working from home during the pandemic have discovered some novelties that they would now like to keep, according to new global research commissioned by Kaspersky. 

Novelties favored by employees in the United Arab Emirates include weekday lie-ins (35%), binge-watching Netflix (33%), and working outside in the garden or on a balcony (32%).

According to the World Economic Forum, employees working remotely this year faced mental health and well-being challenges, such as childcare pressures and digital connectivity. Nevertheless, some office staff who switched to working remotely savored this experience and discovered some habits they now want to retain.

The majority of respondents benefitted from simply working in comfortable clothes: 48% got used to this lifestyle and would like to make it the norm in the future. 

Saying goodbye to long commutes also made employees happier as they could wake up shortly before work started, while many also enjoyed taking a nap during the day (32%).

Other treats favored by employees include more time for video games (21%) and takeaway lunches (29%).

Marina Titova, Head of Consumer Product Marketing at Kaspersky, said: “On the one hand, employees finally got a chance to forget about the downsides of big-city life and start working in a more comfortable atmosphere. On the other hand, they faced many challenges when struggling to remain productive, reorganizing their workspace, and developing new habits. When you work from home your privacy is put at greater risk, making it vital that you remember to take care of your digital security.”

Read: Attacks on remote desktop protocols grew by 177% in the UAE, reaching 15.6 million in 2020

Security and VPN

Krupa Srivatsan, Director, Cybersecurity Product Marketing at Infoblox wrote that many IT managers and corporate leaders are concerned about the challenges of securing employee’s access to the corporate network.

She said the existing security stack within the corporate network is no longer sufficient to protect teleworkers. 

Teleworking exposes a much broader attack surface as workers use BYOD devices and mobile devices that share home and public Wi-Fi networks presenting a higher probability that authentication and credentials may be compromised.

DNS tunneling or data exfiltration is an attacker technique that uses malware to gather sensitive data from a compromised system.  It packages up the data into small chunks and embeds them within a string of DNS queries. The DNS queries carrying the data are then delivered to a server hosted by the attacker on the Internet, where the stolen data can be easily reassembled.

To take advantage of the chaotic nature of these times, hackers have been busy launching coronavirus-themed cyber-attacks for phishing/spear-phishing campaigns that seek to take advantage of the heightened level of fear and concern. One such incident was during March last year with the LokiBot infostealer working under the guise of providing information on the Coronavirus impact to supply chains.

Another threat that could be on the rise is Lookalike Domains, said Srivatsan. 

These fool victims when they impersonate the target organization or brand. 

Researchers also found that cybercriminals are using valid Transport Layer Security (TLS) certificates which is an attempt to make the lookalike domains appear legitimate. 

In late 2019, there were more than 100,000 lookalike domains impersonating legitimate retailers. Industries that can be heavily impacted by these types of attacks are retail and banking, where users typically enter their credentials to execute a transaction.

Finally, while Virtual Private Networks (VPNs) have been touted by some as a solution to the challenge of securing employee’s access to the corporate network, due to the proliferation of cloud-based applications like Office 365, SFDC, Google Drive, and others, it is uncommon for organizations to rely solely on VPN-based access to corporate resources. 

Furthermore, VPNs may not provide the level of security that’s necessary in today’s threat environment. Malicious cyber actors are finding and targeting vulnerabilities in VPNs as employees increasingly use them for telework amid the pandemic.  

Srivatsan concluded that in this environment, one of the best and most cost-effective ways enterprises can secure such a large-scale tele-workforce is by using secure DNS services that can extend enterprise-level security to teleworking employees, their devices, and corporate networks, no matter where they are located. 

Read: Getting too comfortable with remote work could edge workers and economy towards a precipice

IT and employee productivity, take center stage

Partha Narasimhan, CTO of Aruba, a Hewlett Packard Enterprise company said one of the ways that can make or break an organization’s IT program is the rise of the hybrid workforce and how that will evolve during and after the pandemic. 

What is clear is that some amount of remote working will remain after the pandemic exits.

The hybrid workforce of the future presents for IT a crisis carrying enormous challenges. As a result, IT has a seat at the table in pushing forward ambitious forms of digital transformation, even accelerating existing planned transitions, emboldened with how the workforce has adapted to what has become known as the “new normal.” 

With the rise of remote working and the hybrid work environment, security experts essentially started with a policy and then designed a network topology that, in turn, satisfied policy. 

Networking solutions have evolved to offer significant degrees of separation, where policy gets programmed when and where it is needed, and only when and where it is needed. 

Key IT metrics are also evolving. It’s no longer sufficient to just keep the network infrastructure up and running. The metric du jour is user satisfaction which is tied to employee productivity that can ultimately impact business profitability. 

Networking and security teams are now focused on dynamic experiences that end-users want and expect with the services and applications they choose to use for improved productivity. Instead of asking just what kind of devices are connecting to the network, they are also required to focus on maintaining flexibility and agility while minimizing risk.  

The pandemic has also heightened the interest in networking automation at the Edge among CIOs and IT leaders. According to a recent survey of 2,400 IT decision-makers across the globe, 35% plan to increase their investment in AI-based networking, as they seek more agile, automated infrastructures for hybrid work environments.