The ‘Old Normal’ and Remote Working
The sudden move to home working as governments around the world urged non-essential workers to work from home has led to significant security challenges and gaps that organizations are still recovering from a year later.
At SureCloud, we continue to help organizations maintain and improve their security posture. With large IT transformational changes taking place at a rapid pace, we’ve seen organizations handle the move to remote working in different ways and with varying levels of consideration given to their security.
The Shifting Cyber Threat Landscape
Stop-gap measures and insecure software
During testing and advisory engagements carried out by SureCloud, we found organizations using copy-paste security scripts downloaded from the internet, unreliable third-party VPNs and third-party management software such as TeamViewer, which are common targets for attackers. Furthermore, software such as TeamViewer is so heavily abused by scammers that many home ISPs actively block it, which has caused further problems for the organizations concerned in remotely managing endpoints.
Sophisticated phishing attacks
Phishing attacks saw a significant increase in volume and efficacy over as remote workers, isolated from their colleagues, depended on outreach support via phone calls and emails to identify and respond to a suspect email. When it comes to mimicking real services and departments, phishing emails have become so sophisticated that just about anybody can fall for them if they’re alone, stressed and not regularly trained on what to look out for.
Hidden scam phone calls
Another area uncovered was an increase in scam phone calls. With an internal fixed-line system, employees would easily be able to identify a scam call from someone claiming to be from the IT department because it would have the wrong phone extension. However, the switch to mobile devices from fixed-line systems removes this very simple barrier, making it easy for scammers to call up a team member and pretend to be someone from the business.
Security boundaries and controls
Historically, organizations have relied on a solid external perimeter as a security boundary, but as the number of employees working from home increased over the last year, the security boundary has shifted to the individual endpoint devices in use.
As a fundamental change in how systems interact, this changes the attack surface of an organization, placing more focus on identity management than on networking and physical security controls. Additionally, endpoint security, including secure configuration and patch management, has also become very prominent. This shift has been evident in SureCloud’s Red Team and Adversary Simulation engagements where initial access, lateral movement and evasive techniques have had to evolve with these types of zero-trust architectures.
What Does the Future Hold?
Security can be difficult to implement well, particularly where an organization lacks a solid foundation. As the security landscape has evolved significantly over the last year, organizations, particularly those that struggled to adapt quickly during the pandemic, must now adapt their security controls and measures. This will ensure a solid foundation across people, technology and processes that will support this new way of working and makes change more likely to succeed in the long term.
Questions for Any Organization to Address Include:
- Have we ensured that any remote access technology can be scaled appropriately and implemented securely?
- Have we reviewed internal working practices to ensure that these encourage a strong security culture?
- Have we implemented robust identity access management controls?
- Have we ensured that endpoints are securely configured and centrally managed?
- Have we put a robust BYOD policy in place where we use employee-owned assets?
- Have we identified physical security concerns relating to office sharing and managed them accordingly?
The key principles for robust security still apply to home working: multiple layers of security are better than a single layer; security should be as frictionless as possible, and security is as much about people understanding and carrying out their responsibilities as it is about implementing a technology solution or introducing a policy.
While there’s no silver bullet to being secure and resilient, the security culture and posture of an organization are the biggest determining factors in security success. Organizations that struggled with the immediate shift to home working are likely to have a harder time now as other competing factors take priority, whilst others will need to keep the momentum going and support other areas of the organization to maintain that success.
Learn more from our experts about trending cybersecurity topics and the latest insights from the frontline of IT security. Register for our monthly 20-minute Cyber Threat Briefing here!
SureCloud provides cloud-based, Governance Risk and Compliance products, and Cybersecurity & Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions, enabling you to make better decisions and achieve your desired business outcomes. SureCloud utilizes a highly configurable technology platform, which is simple, intuitive, and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation, meaning you get immediate and sustained value from the outset.