Choose your topics

The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Cyber Security

One Year Later I Home Working’s Impact on the Cybersecurity Landscape

One Year Later I Home Working’s Impact on the Cybersecurity Landscape
Written by

Sean Doherty, Kieran Nalton

Published on

20 Mar 2021

One Year Later I Home Working’s Impact on the Cybersecurity Landscape


Our cybersecurity experts Sean Doherty and Kieran Nalton review findings from customer engagements over the past year to highlight some of the recent challenges and security issues impacting organizations following the shift to home working.


The ‘Old Normal’ and Remote Working

The sudden move to home working as governments around the world urged non-essential workers to work from home has led to significant security challenges and gaps that organizations are still recovering from a year later.

At SureCloud, we continue to help organizations maintain and improve their security posture. With large IT transformational changes taking place at a rapid pace, we’ve seen organizations handle the move to remote working in different ways and with varying levels of consideration given to their security.

The Shifting Cyber Threat Landscape

Stop-gap measures and insecure software

During testing and advisory engagements carried out by SureCloud, we found organizations using copy-paste security scripts downloaded from the internet, unreliable third-party VPNs and third-party management software such as TeamViewer, which are common targets for attackers. Furthermore, software such as TeamViewer is so heavily abused by scammers that many home ISPs actively block it, which has caused further problems for the organizations concerned in remotely managing endpoints.

Sophisticated phishing attacks

Phishing attacks saw a significant increase in volume and efficacy over as remote workers, isolated from their colleagues, depended on outreach support via phone calls and emails to identify and respond to a suspect email. When it comes to mimicking real services and departments, phishing emails have become so sophisticated that just about anybody can fall for them if they’re alone, stressed and not regularly trained on what to look out for.

Hidden scam phone calls

Another area uncovered was an increase in scam phone calls. With an internal fixed-line system, employees would easily be able to identify a scam call from someone claiming to be from the IT department because it would have the wrong phone extension. However, the switch to mobile devices from fixed-line systems removes this very simple barrier, making it easy for scammers to call up a team member and pretend to be someone from the business.

Security boundaries and controls

Historically, organizations have relied on a solid external perimeter as a security boundary, but as the number of employees working from home increased over the last year, the security boundary has shifted to the individual endpoint devices in use.

As a fundamental change in how systems interact, this changes the attack surface of an organization, placing more focus on identity management than on networking and physical security controls. Additionally, endpoint security, including secure configuration and patch management, has also become very prominent. This shift has been evident in SureCloud’s Red Team and Adversary Simulation engagements where initial access, lateral movement and evasive techniques have had to evolve with these types of zero-trust architectures.

What Does the Future Hold?

Security can be difficult to implement well, particularly where an organization lacks a solid foundation. As the security landscape has evolved significantly over the last year, organizations, particularly those that struggled to adapt quickly during the pandemic, must now adapt their security controls and measures. This will ensure a solid foundation across people, technology and processes that will support this new way of working and makes change more likely to succeed in the long term.

Questions for Any Organization to Address Include:

  • Have we ensured that any remote access technology can be scaled appropriately and implemented securely?
  • Have we reviewed internal working practices to ensure that these encourage a strong security culture?
  • Have we implemented robust identity access management controls?
  • Have we ensured that endpoints are securely configured and centrally managed?
  • Have we put a robust BYOD policy in place where we use employee-owned assets?
  • Have we identified physical security concerns relating to office sharing and managed them accordingly?

The key principles for robust security still apply to home working: multiple layers of security are better than a single layer; security should be as frictionless as possible, and security is as much about people understanding and carrying out their responsibilities as it is about implementing a technology solution or introducing a policy.

While there’s no silver bullet to being secure and resilient, the security culture and posture of an organization are the biggest determining factors in security success. Organizations that struggled with the immediate shift to home working are likely to have a harder time now as other competing factors take priority, whilst others will need to keep the momentum going and support other areas of the organization to maintain that success.

Learn more from our experts about trending cybersecurity topics and the latest insights from the frontline of IT security. Register for our monthly 20-minute Cyber Threat Briefing here!



About SureCloud

SureCloud provides cloud-based, Governance Risk and Compliance products, and Cybersecurity & Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions, enabling you to make better decisions and achieve your desired business outcomes. SureCloud utilizes a highly configurable technology platform, which is simple, intuitive, and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation, meaning you get immediate and sustained value from the outset.