The ‘Old Normal’ and Remote Working

The sudden move to home working as governments around the world urged non-essential workers to work from home has led to significant security challenges and gaps that organizations are still recovering from a year later.

At SureCloud, we continue to help organizations maintain and improve their security posture. With large IT transformational changes taking place at a rapid pace, we’ve seen organizations handle the move to remote working in different ways and with varying levels of consideration given to their security.

The Shifting Cyber Threat Landscape

Stop-gap measures and insecure software

During testing and advisory engagements carried out by SureCloud, we found organizations using copy-paste security scripts downloaded from the internet, unreliable third-party VPNs and third-party management software such as TeamViewer, which are common targets for attackers. Furthermore, software such as TeamViewer is so heavily abused by scammers that many home ISPs actively block it, which has caused further problems for the organizations concerned in remotely managing endpoints.

Sophisticated phishing attacks

Phishing attacks saw a significant increase in volume and efficacy over as remote workers, isolated from their colleagues, depended on outreach support via phone calls and emails to identify and respond to a suspect email. When it comes to mimicking real services and departments, phishing emails have become so sophisticated that just about anybody can fall for them if they’re alone, stressed and not regularly trained on what to look out for.

Hidden scam phone calls

Another area uncovered was an increase in scam phone calls. With an internal fixed-line system, employees would easily be able to identify a scam call from someone claiming to be from the IT department because it would have the wrong phone extension. However, the switch to mobile devices from fixed-line systems removes this very simple barrier, making it easy for scammers to call up a team member and pretend to be someone from the business.

Security boundaries and controls

Historically, organizations have relied on a solid external perimeter as a security boundary, but as the number of employees working from home increased over the last year, the security boundary has shifted to the individual endpoint devices in use.

As a fundamental change in how systems interact, this changes the attack surface of an organization, placing more focus on identity management than on networking and physical security controls. Additionally, endpoint security, including secure configuration and patch management, has also become very prominent. This shift has been evident in SureCloud’s Red Team and Adversary Simulation engagements where initial access, lateral movement and evasive techniques have had to evolve with these types of zero-trust architectures.

Questions for Any Organization to Address Include:

• Have we ensured that any remote access technology can be scaled appropriately and implemented securely?
• Have we reviewed internal working practices to ensure that these encourage a strong security culture?
• Have we implemented robust identity access management controls?
• Have we ensured that endpoints are securely configured and centrally managed?
• Have we put a robust BYOD policy in place where we use employee-owned assets?
• Have we identified physical security concerns relating to office sharing and managed them accordingly?

The key principles for robust security still apply to home working: multiple layers of security are better than a single layer; security should be as frictionless as possible, and security is as much about people understanding and carrying out their responsibilities as it is about implementing a technology solution or introducing a policy.

While there’s no silver bullet to being secure and resilient, the security culture and posture of an organization are the biggest determining factors in security success. Organizations that struggled with the immediate shift to home working are likely to have a harder time now as other competing factors take priority, whilst others will need to keep the momentum going and support other areas of the organization to maintain that success.

Learn more from our experts about trending cybersecurity topics and the latest insights from the frontline of IT security. Register for our monthly 20-minute Cyber Threat Briefing here!