Is Working from Home Making Companies Less Secure? Are Employers Ready?

Let's begin our exploration of the security challenges in remote work with a real-life incident involving an employee we'll refer to as Bob. Bob, a DevOps engineer at a prominent tech company, embraces the remote work setup, like countless others in the post-pandemic era. In August 2022, Bob started noticing peculiar behavior from his home computer. Keystrokes occasionally lagged, and his browser seemed sluggish.

The intrigue deepens as we delve into Bob's situation. Although the name Bob is a placeholder, he's an actual individual employed at LastPass, a globally recognized password management firm responsible for safeguarding the credentials of over 33 million users.

During that same month, Bob innocently downloaded a third-party media software onto his personal computer. Unbeknownst to him, this action triggered a remote code execution, planting a simple yet effective keylogger malware. This stealthy malware covertly recorded every keystroke Bob made, stealthily capturing his sensitive credentials and passwords.

The subsequent attack that stemmed from the initial keylogger breach didn't unfold overnight. A persistent hacker managed to infiltrate LastPass' system over the course of several months, launching not one, but two successive attacks. It wasn't until May 2023 that LastPass investigators fully comprehended the scope of the breach. Shockingly, the personal data of all 33 million users hung in the balance.

Bob's narrative serves as a cautionary example of the perils that can arise in remote work setups gone awry. And he's not the only one facing such challenges, even though 'Bob' isn't his real identity.

Growing Trend: Hackers Focusing More on Remote Workers

In January 2023, The Guardian confirmed that it fell victim to a ransomware attack, likely initiated through a phishing attempt. During December 2022, Activision, the renowned video game developer behind Call of Duty, encountered a breach where a hacker infiltrated an employee system and accessed data belonging to all company personnel. Another incident in January 2023 involved a criminal exploiting compromised passwords in a 'stuffing' attack to breach Norton Life Lock.

The tally of attacks targeting remote and hybrid workers, utilizing stolen login credentials, seems unending. According to the Center for Strategic and International Studies (CSIS), cybercriminals, organized crime groups, and even nation-state entities direct their efforts at various sectors, encompassing private, public, health, energy, governmental, and defense realms.

In Fortinet's 2023 Global Study on Remote Work Trends, it's revealed that two-thirds of the surveyed companies encountered a data breach within the last 2 to 3 years due to vulnerabilities associated with 'Work From Anywhere (WFA)' arrangements.