Working remotely from home has become a reality for millions of people around the world, putting pressure on IT and security teams to ensure that remote employees not only remain as productive as possible, but also that they keep themselves and corporate data as secure as possible.
Achieving a balance between productivity and security is even harder, given that most organizations do not have adequate visibility or control over what their employees are doing on corporate owned smartphones and laptops while outside the office. Even less so in the case of BYOD.
Remote workers attempting to access risky content
NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.
All of these sites were visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection. The data also revealed several primary risk categories, which were identified using machine learning and based on the reputation scores of over 750 million known domains, more than 4 billion IP addresses and in excess of 32 billion URLs.
The assumption is that a large number of employees connected to protected internal (non-public) networks would have been prevented from accessing this risky content.
- Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
- Remote workers also access around 31 malware sites per month, and 10 phishing domains. That equates to one malware site every day, and one phishing domain every 3 days
- The most common types of high-risk URLs encountered, in order of prevalence, were botnets, malware sites, spam and adware, and phishing and fraud sites
- Over a quarter of the high risk URLs visited by employees were related to botnets
- Almost 1 in 5 risky links led to sites containing spam, adware or malware
- Phishing and fraud, which garner an outsized proportion of news, account for only 4% of the URLs visited
- The ‘other’ category, representing 51% of the data in the chart above, is made up of ‘low-severity’ risky content, such as websites that use proxies, translations and other methods that circumvent URL filtering or monitoring.
2020, a wake-up call for the enterprise and the IT and security teams
IT and security organizations invest heavily to protect their perimeter. Workers located behind desks that are connected to corporate networks are generally safe, secure and productive. They are often unaware that several layers of technology, such as firewalls, are in place to protect them.
With the world continuing to shift to a more mobile and remote environment, 2020 has been a wake-up call for the enterprise and the IT and security teams that support it.
“As this research highlights, remote workers are frequently accessing risky content that would normally be blocked by firewalls and other security tools that monitor internal network traffic. Naturally, this poses an enormous threat to the enterprise,” said Achi Lewis, EMEA Director, NetMotion Software.
“Added to this, many organizations have no visibility into the activity taking place on external networks, let alone any means to prevent it. With such a rapid shift to remote work, enterprise security teams have been left flat-footed, unable to adequately protect users in the face of increasingly sophisticated cyberattacks.”
As a result, security leaders need to look to SDP and other edge-to-edge security technologies that can provide web filtering on any network as they seek to evolve outdated network security strategies.