By Paul Baird, Chief Information Security Officer, Qualys
While remote working was initially adopted in a frenzy, many have since embraced the comfort and convenience of working from home and businesses have benefited as a result, with cost savings, improved employee wellbeing and enhanced productivity for most. Now that more than 80% of businesses are set to continue this for at least one day per week (Gartner), it’s clear that long-term remote working and increased flexibility generally will be a key part of the modern working approach.
Yet, many businesses are still grappling with the connectivity and security risks that this brings. New research from Advisen has found a strong link between remote working and incidences of cyber attacks, with the financial sector the second most frequent target for attacks. As one of the most highly regulated industries and the nature of sensitive data held by banks and finance businesses, bad actors are preying on the recent disruptions to working approaches as opportunities to exploit this sector.
Users play their part
One of the biggest security concerns caused by remote working is phishing scams. At the start of the pandemic, phishing emails increased by 667% in just one month. When working from the comfort of their own sofa, staff can easily fall victim to bad emails, links or files that they ordinarily would have been more savvy toward. Many security teams may have distributed security reminder posters around the office, but now that most offices remain empty, those posters are likely to be gathering dust and the messages long forgotten.
Particularly during school closures when many professionals were juggling both work and homeschooling, corporate devices often became multi-use to serve everyone at home. Policies around this will vary across organisations, but the sensitivity of data that many employees within the banking and finance industry handle means this could lead to disastrous consequences. One absentminded click of a button could share data online or give hackers access to the systems that contain such data without the user’s knowledge.
Perimeter based tools no longer fit the bill
The unknown and unsecured nature of home networks has created a further challenge for IT teams. Research from Bitsight found that nearly half of organisations had one or more devices accessing its corporate network via a home network that was infected with at least one piece of malware. Bad actors could likely infiltrate that home network and use it to laterally gain access to the corporate network and the critical assets within it.
This is particularly concerning when the traditional controls may no longer be in play. At the start of the pandemic, trusty VPNs that many organisations previously relied on for network access weren’t set up to cope with the sudden increase in demand. IT teams didn’t have the quantity of licences needed to cater for the entire workforce every day and scaling up presented a drain on bandwidth. When the mandate from management was “get everyone online as quickly as possible”, teams may have had to throw out their disaster recovery plans and forgo some security controls in order to maintain productivity.
Remote work has enabled a more flexible approach for some, but as many as 53% of workers feel that they need to be available throughout the day (CIPD 2021). As a result, security monitoring systems that analyse user behaviour to spot anomalies and detect breaches are now struggling to keep up. Logging on at irregular times, from unfamiliar locations or using new applications can all cause false positives and lead to alert fatigue . This has a knock on effect on security operations teams, where 60% feel overwhelmed by the volume of alerts and nearly half (43%) are struggling to prioritise and respond to alerts effectively (Forrester 2021).
Other traditional security tools such as those that monitor endpoints and inventory assets in relation to the network could now be picking up personal data and devices that are also using the employee’s home network. This leaves IT and security teams with the dilemma of achieving an ethical balance between corporate security and individual privacy. Modern solutions enable greater control of exactly who, what, and when scans take place with an agent-based approach. This ensures security teams will only scan and have visibility of what is on the machine that has the agent installed.
Re-align to today’s threat landscape
Now that the initial panic has subsided and we look to embrace differing levels of remote working long term, now is a good time to reassess our security posture, particularly the basic hygiene measures that fell to the weyside after the turbulent events of the last year. Traditional approaches required perimeter-based security with a focus on-premise, but cloud-based solutions will now deliver far greater support to IT and Security teams to protect both remote and on-premise endpoints. These new tools connect directly to the cloud via the internet, rather than large volumes of traffic attempting to stream through VPN gateways causing delays to implement vital patches or software updates.
This solution is so much more than technology alone however, and those behind the screens shouldn’t be forgotten. Re-investment in cybersecurity training is more important now than ever before. A lot has changed since Covid-19 first hit, so re-education to combat today’s threat landscape is vital. Instead of an hour long webinar or an extensive written manual, the most effective training makes use of humour and relevant examples from daily life to ensure employees remember and follow best practices wherever they’re working from.