Remote Work is a Leading Attack Vector


In the past couple of years, remote working has shifted from a niche opportunity available to just a few people to a force that’s actively reshaping the workplace, demanded by many (particularly young) people.

As the COVID-19 pandemic swept the world, many industries were suddenly in the position of having to embrace remote work — or be left unable to carry out work entirely. Fortunately, the technological infrastructure to make this possible now exists. A combination of cloud computing for collaborative document editing, remote logins, web applications, video calls and more meant that it was feasible for geographically dispersed employees to get this work done in a way that would not have been achievable just a few years earlier. It was an amazing example of technology triumphing at a time of extremely challenging circumstances.

But remote work tools, while a game-changer, are not perfect. Specifically, the move out of offices and into a scenario in which employees were able to access sensitive work information from any location brought with it a slew of new potential risks. For those without the proper account takeover prevention tools, it can pose a major challenge.

Seizing control of accounts

Account takeovers, a type of online fraud that has increased in recent years, involves attackers finding ways to seize control of different online accounts — often by posing as the rightful owner of that account.

There are multiple ways in which an attacker might gain access to an account, from guessing a password to causing a data breach or harvesting details from an existing one. Account takeovers can be the result of credential stuffing accounts in which known credentials associated with one account (say, the usernames and passwords belonging to a breached online retailer) are then used to try and access other accounts on other websites, phishing attacks (the emails that try and convince recipients to click links or send sensitive information by posing as a legitimate source), malware, and other attack vectors. Using these gathered legitimate credentials, attackers can then attempt to log into corporate systems, online bank accounts, and myriad other potentially sensitive services. Therefore it is essential to protect yourself from potential credential stuffing attacks.

The number of attacks aiming at account takeovers has ramped up considerably during the pandemic. For example, one analysis of available data in this area showed that brute force attacks targeting enterprise systems increased from 13 percent of attack incidents in 2019 to almost 32 percent in 2020. The main explanation as to why involved the shift to a more distributed hybrid working environment, courtesy of COVID.

Safeguarding against account takeovers

Protecting against possible account takeovers is essential. Fortunately, there are multiple steps that customers can take to do this. For starters, organizations should insist that all users change passwords regularly. They should also make sure that the same passwords are not recycled across multiple services, so that an instance of one set of credentials being leaked will not allow a would-be attacker to use that same information to break into other accounts. Multi-factor authentication (MFA) is also a smart move since this means that users must present more than just their password and username when logging into a system. This adds an additional layer of security designed to keep users safe.

It is additionally crucial that users are properly educated about the cyber security risks they face that could turn their mistakes into potential ingredients in an account takeover. For instance, use of public WiFi or unsecured, jailbroken devices can pose a considerable security risk. So too can human error, such as falling prey to phishing attacks which can result in targets giving up sensitive information — and, in the process, potentially letting cyber attackers gain a foothold that they can use for taking control of an account.

Organizations must also ensure that they have properly patched software, plugging vulnerabilities that might allow an attacker to exploit security lapses to take over an account.

Get the right tools to protect you

Not all of this requires manual work on the part of organizations, however. Account takeover prevention tools are available to help through the use of tools like advanced bot protection, and more for protecting access points from websites to mobile apps to APIs. Meanwhile, the likes of Web Application Wirefalls (WAF), Web Application & API Protection (WAAP), and others can help to mitigate exploits against remote work through measures like virtual patching of systems.

The world of remote work isn’t going away any time soon. For the millions of people around the world who benefit from its possibilities, that is great news. But it’s important that it is not exploited by bad actors in a way that makes it a security risk. By taking the right steps, organizations can safeguard against these threats. That way they get all the positives of remote working — and none of the negatives.


Please enter your comment!
Please enter your name here