Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware
There have been rapid substantial changes in device usage trends as businesses shifted their operations in March due to COVID-19, according to ExtraHop’s report, titled Connected Devices in the Time of COVID-19. The report also warns of the security complexity and risks posed by connected devices—both those used by employees at home, and those left idle but connected to the office network.
While there are many lenses through which to explore the ways in which COVID-19 is reshaping business operations, connected devices—including internet of things (IoT) devices—and the ways in which people and organizations interact with them tell a story all their own. Using anonymized, aggregate data from across its global user base, ExtraHop analyzed business-related device activity during a one week period at the end of March 2020. This data was compared to activity from a similar study of the same global user base conducted in November 2019. The results reveal not only patterns that illuminate the state of work during the COVID-19 crisis, but also the long-term security implications of a distributed workforce.
Key findings from the report include:
- Steep Decline in Connected Devices at the Office Raises Concerns About Questionably Secure Local Networks: ExtraHop observed a 65% decline in the number of laptops and a nearly 70% decline in the number of smartphones connecting directly to corporate networks in March 2020. That said, the fact that these devices are no longer connected to the corporate network doesn't mean they're not connected at all. Employees are still accessing corporate resources, often relying on questionably secure local networks that lack the safeguards of the office network and thus are more exposed to malware.
- Vast Majority of Office Phones and Printers Are Still Plugged In, Exposing Risk: The number of connected IP phones declined by just 7.5%, indicating that many of these devices remain on and connected even when no one is using them. According to ExtraHop data, nearly 25% of those VoIP devices are Cisco IP phones, for which a critical vulnerability (CVE-2020-3161) was announced in April. Printers – at high risk for vulnerabilities and one of the most common targets of hackers – showed even smaller declines in connectivity, dropping by just 0.53%.
- Spike in Physical Security Cameras: Connections from security cameras increased by 47% in March, indicating that many organizations are taking additional precautions against physical intrusion or nefarious activity. Unfortunately, these devices can also expose organizations to cyber risk. Like IP phones and printers, they often have vulnerabilities and have been observed phoning data home.
- And Don't Forget the Treadmills: The connections to the network from treadmills declined 100% when office gyms were some of the first aspects of office life to close down. But the connectivity of treadmills underscores the extent to which every device is now a connected device. IT and security departments now have a much broader attack surface to secure — even the office gym.
“The almost overnight shift to remote work required a massive effort just to ensure the availability of applications and critical resources for employees outside the office,” said Sri Sundaralingam, Vice President, Cloud and Security Solutions at ExtraHop. “For many organizations, the management of IoT and other connected devices may have been an afterthought, or at least something they didn't anticipate having to handle long term. As availability and security issues surrounding remote access become more settled, this needs to be an area of focus.”