Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityCybersecurity News

The New Security Achilles Heel

Remote workers have emerged as the primary weak link in the network

By Alexander McMillen
telecommute
December 13, 2019

Mobile computing, cloud applications and tele-work have all combined to erode the traditional corporate security perimeter — and, in doing so, have largely transferred the attack surface to end-user devices.

Each endpoint is now its own perimeter in today’s Zero Trust environment — a weakness that can allow attackers to compromise the network. One errant click or download, and ransomware or other malware can spread laterally (east-west) across the organization. Approximately 90 percent of attacks use this approach.

Currently, more than 60 percent of U.S. companies have remote workers. They are more susceptible to cyberattacks than their peers who work within the confines of the organization, and are literally the weakest link in a network.

Many organizations are vigilant about protecting their networks and data centers from outside-in (north-south) attacks, but lack sufficient security mechanisms to stop lateral attacks.

Common behaviors by remote workers that put organizations at risk include:

  • Accessing unsecured Wi-Fi networks or failing to authenticate through the corporate VPN while working from home, in a hotel, or coffee shop.
  • Directly accessing SaaS applications in the cloud outside of the visibility and control of corporate IT/security.
  • Plugging into public charging stations or using untrusted devices, including other computers and flash drives and USB ports.

The above behaviors essentially bypass network security defenses such as firewalls, IPS/IDS, VPNs, and so on.

Remote and mobile devices, whether company-issued or BYOD, are often protected by little more than antivirus software, which only blocks known threats and not the newest forms of malware and ransomware.

Sixty-one percent of breaches occur at companies with less than 1,000 employees, according to a recent Verizon Security Breach Report. An attack happens roughly every 39 seconds – this is why advanced protection and control at the endpoint is more critical today than ever.

Best Practices For Reducing Security Risk

Advanced endpoint security capabilities—which are key to protecting remote and mobile users from intrusion and infection—used to be available only to large enterprises with significant resources. The cost and effort versus the risk was just too much for midsize organizations to bear. But, new cost-effective innovations, have put advanced security capabilities within the reach of all organizations.

Leverage Multi-Factor Authentication (MFA)

This sophisticated approach to authentication makes it difficult for hackers to break into a network.

MFA requires the presentation of two or more of the three authentication factors: a knowledge factor (something only the user knows, such as a password, PIN, or a pattern), a possession factor (something only the user has such as an ATM card, smart card, or mobile phone), and an inherence factor (something which contains a biometric characteristic such as a fingerprint). After presentation, each factor must be validated by the other party for authentication to occur.

At the core of every MFA is its ability to create one-time passwords (OTPs) that are valid for a single login session or transaction. OTPs are created by algorithms that focus on randomness — making it extremely difficult for hackers to predict future OTPs by observing previous ones.

Adopt Network Segmentation -- the Easy Way

Network segmentation is a security best practice, often implemented as a part of a defense-in-depth approach. However, segmenting the network has historically involved complex configuration of VLANs, routers, switches, and other things. Today, enterprises can segment the network using a software-defined approach, which makes it much more achievable and manageable for companies.

Policies should be constructed on the basis of user and device identity as well as multi-factor authentication, in addition to traditional IP addresses, ports, and protocols. Users on the same local network segment can be granted access to different resources depending upon their job function.

If a remote worker were to plug an infected device back into the corporate network, software-defined network segmentation can prevent the east-west spread of malicious threats throughout the network. Among the most malicious threats that can be prevented is sophisticated ransomware, which relies on pivoting within internal networks to attack whole organizations.

Managed Security from the Cloud

Cloud-delivered managed security services can address remote worker security threats with MFA, network segmentation, firewall, threat management, antivirus, anti-spyware, and more. Additional functionalities include file auditing and blocking, global bans for all communications for a defined set of ports and applications, external IP blocking, URL filtering, and a global web application firewall.

The advantage of a cloud-based service is that it delivers cost-efficient security that is automated and robust, as well as being easy to configure, manage, and scale.

The security Achilles heel of many organizations has become remote workers’ unsecured devices. In response, progressive organizations have implemented advanced endpoint security capabilities, such as “firewall everywhere,” MFA and network segmentation to address these risks. For companies that lack the resources to deploy this type of protection themselves, managed security services are an affordable and equally effective alternative.

 

 

KEYWORDS: cyber attack cybersecurity malware remote workers

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Alexander mcmillen

Alexander McMillen is VP, Operations for security as a service platform provider OPAQ. He is an expert in systems and network engineering, as well as IT operations. He is the founder of the Washington, DC chapter of the Vyatta Secret Society, a user group that enables companies to perform Software Defined Networking functions on commodity hardware. He is also a member of the North American Network Operators Group (NANOG), American Registry for Internet Numbers (ARIN), RIPE Network Coordination Centre, Frontier Foundation (EFF), Infrastructure Masons, 451 Global Digital Infrastructure Alliance, and Phi Beta Cyber Society.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data_enews

    Are Smartphones the Achilles' Heel of Your Company's Cybersecurity?

    See More
  • active directory - cyber

    5 reasons why Active Directory is the CISO’s Achilles heel

    See More
  • FTP: The Overlooked Achilles Heel

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!