International Cyber Expo International Cyber Expo
  • About Us
Thursday, 16 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Surge in Remote Working: Coping with Vulnerability Management 

Working from home on a massive scale has introduced brand new cybersecurity challenges

by The Gurus
April 21, 2020
in Guru's Picks, Hacking, News, Opinions & Analysis, Security News
wfh
Share on FacebookShare on Twitter

In the span of a couple months, the world as we knew it was turned upside-down. As scientists across the globe conduct experiments in search of the COVID-19 vaccine, the labour market has found itself within its own experiment. That is, the experiment of remote working on a massive scale.  

In an effort to slow down the spread of the virus, millions of employees around the world are being told to write their emails, compile their spreadsheets, and hold their meetings from the confines of their dining room table or makeshift office space at home. Whilst in 2018 hardly 13% of companies encouraged remote working, this has since increased substantially to 45% in mid-March 2020. In the UK alone, the British Chambers of Commerce revealed that at least 54% of businesses have resorted to remote working “to maintain business continuity”. Admittedly, this trend has been growing steadily over the years. However, business security teams simply could not have anticipated its recent sharp spike, prompted by the pandemic. Undoubtedly, this sudden change, plus the added uncertainty of the pandemic itself, has created the ideal playground for bad actors. 

As people frantically search for answers, less attention is being paid to sources or credibility of information in circulation. This facilitates the notorious tactic of phishing as they are less likely to think twice before clicking a malicious link. Indeed, Barracuda Networks reported a 667% upsurge in phishing emails since the end of February. Such emails have varied from scammers offering to sell non-existent cures or face masks, to donation requests for fictitious charities. In other instances, authorities such as the World Health Organisation or local hospitals have been impersonated. In one example, it was suggested that an individual had contracted the virus and needed to download a compromised document, before proceeding to an emergency clinic.  

These strategies have not been restricted to emails either, but has expanded to popular messaging apps. In fact, AT&T Alien Labs recently discovered that webhooks were being employed to send convincing phishing messages through Slack. Just one mis-click and a business system could be jeopardised. Preventing this alone can leave many of the best security teams overwhelmed. 

On top of that, said Marco Rottigni, Chief Technical Security Officer at Qualys, with employees connecting to corporate networks from home almost simultaneously, IT departments will also have to manage the proliferation of access points forthwith available to hackers. “Where they may have previously overseen security in one office block with stationary desktops, they are now having to supervise the transition to dispersed laptops.” This is a completely different challenge that necessitates more than a couple of days, or even weeks, to realise. The risks are further exacerbated when employees begin to interchange the use of their private and corporate devices. It is not so inconceivable either that parents may go insofar as loan their corporate laptops to their children in the evenings. From there, the child would only need to download the wrong game for malware to take root. Perhaps, the risk simply comes from a user neglecting to update their security software. The opportunities for complication abound.  

Truth be told, while increased security risks could be attributed to a heightened probability of human error, downloading the wrong attachment is not often serious enough to cause a company-wide incident. The recipe for disaster is when malware meets vulnerability; and it is clear that software and applications used by organisations have presented significant issues of their own. It has been estimated that ZOOM has accumulated more than 2.22 million monthly active users thus far in 2020, compared to 0.64 million during the same period last year. Yet, they too have experienced difficulties adjusting to the unexpected escalation in users and have failed to implement the necessary security measures. Indeed, the video conferencing app has admitted that it does not actually utilise any end-to-end encryption.  

More recently, Microsoft released its April 2020 Patch Tuesday updates revealing 113 vulnerabilities, 19 of which were categorised as critical and 94 as important. That is in addition to the 405 security vulnerabilities Oracle disclosed this week as well. “This puts a considerable amount of pressure on security teams to prioritise and apply all the necessary patches within the 24 or 72 hour window before hackers successfully take advantage of these loopholes,” highlights Rottigni. When VPN bandwidth and concentrators are already being stretched, adding the deployment of patches may no longer be a feasible option.  

Rather, we might wish to find a means of deploying patches that bypasses the use of VPN altogether. Fortunately, Qualys’ latest service VMDR® – Vulnerability Management, Detection and Response – could be that solution we desperately need as we enter this new Work-From-Home era. Moreover, it has the ability of collating on a single platform all data gathered across the digital landscape. It can identify, prioritise and tackle threats efficiently, if not instantaneously, and automate processes at scale. As Georges Bellefontaine, manager of vulnerability management at Toyota Financial Services, asserts “VMDR raises the maturity of our Vulnerability Management program to its next level. It allows additional monitoring of the infrastructure to identify vulnerabilities and weak asset hardening effectively, accurately and in real time to better prioritise needed remediation.” Moreover, Ryan Smith, vice president of product at Armor further affirms that “VMDR from Qualys also delivers unprecedented response capabilities including options for protecting remote users, which has become a top priority for CISOs in the current environment.” 

To give back to the community, Qualys has also enabled a standalone version of the cloud-based solution, Qualys Remote Protection, which is available for free for 60 days. It gives security teams instant and continuous visibility of remote computers so they can easily see missing patches for critical vulnerabilities and deploy them from the cloud. The patches are delivered securely and directly from vendors’ websites and content delivery networks to ensure there is little to no impact on external VPN bandwidth.  

To showcase the solution’s innovative approach to vulnerability management, Qualys is hosting an online event, VMDR Live, featuring an in-depth demo and Q&A on April 21, at 11 am PT (6 pm, GMT). Register at https://www.qualys.com/2020/vmdr-live/.

We may have gone into ‘hiding’ but cybercriminals have come out to play, leveraging our fear and ill-equipped security posture to execute their next hit. So what is your organisation going to do about it? 

 

M. Rottignoni

Marco Rottignoni is Chief Technical Security Officer, EMEA, at Qualys

 

 

Share1Tweet
Previous Post

23 million usernames and passwords leaked from game

Next Post

New Starbleed bug discovered

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol