Expectations vs. Reality: Cybersecurity and Remote Working

Why is remote working so significant?

When the pandemic unexpectedly arose organisations were not fully prepared and the supporting infrastructures for this change were not in place. Despite this, the world continued to move, and so as a result various ways of connecting to an organisation’s facilities spawned; this has extended the attack surface to a never seen before level. With organisations’ work from home dynamic remaining, this threat remains significant.

From the technical perspective, three main scenarios have spawned:

The ‘No Trust’: Assets that can be only used with a Virtual Private Network (VPN) on and no side communication is allowed, just like an inside asset, as controlled and hardened as it should be.

The ‘Partial Trust’: Assets that allow the user to have a side activity (controlled by CASB (Cloud Access Security Broker), EDR (Endpoint Detection and Response), etc.), but ask for a connection when the activity is around office work and company data.

The ‘Whatever’: Bring Your Own Device or uncontrolled assets, but with access only to ‘public’ apps or through Virtual Desktop Infrastructures to gain access to internal apps.

Why is the technical side of things relevant?

Although some organisations can maintain control, varying scenarios highlight the dispersion of control that the majority of organisations now face. The importance of control here directly links to risk. Risks in an uncontrolled environment are harder to manage and thus organisations now face a higher potential that cyber threats are successful, compromising the company in a number of ways. This is a vital consideration for Critical National Infrastructures, where the result of such a threat can be detrimental.

The technical perspective does not solely pose the threat. Human factors are also a large contributing factor that must be considered.

How do organisations control human behaviour?

When we move to the user side, we notice that not everybody is at the same level of security awareness, particularly when thinking about working in public spaces. It might seem obvious to not speak loudly about data or sensitive projects in public spaces, to lock sessions, to be sure that nobody can see your screen, etc., but it’s not. 

For that, organisations need to teach and emphasise on the consequences of those behaviours. And at the same time, must be sure that their detection systems can handle user behaviour and take that into account. The specificity of critical functions must also be considered and organisations must be sure that security is at the right level. 

It’s always hard to determine what the future will look like, but we know for a fact that remote working will remain. Organisations have to focus on being sure that employees are aware and understand the increased threat level we’re facing. Cybersecurity Operators should quickly support employees in case of suspected security incidents, and messages should be reinforced around threat, risks, and behaviour, and provide guidance, and help users with assets that fit properly to their needs without weakening security.

On another end, organisations should consider robust controls over configurations and functions, be prepared to enhance identity and authorisation checking, harden filtering and systems, and be sure that no bypass to the crown jewels actually exists. 

Remote working doesn’t mean that everything is wide open to the world, the access should, au contraire, be tighter than ever.

Considering the high risk that is posed through passively implementing remote working, incorporating a well defined preventive plan is vital in combating cyber risk from adverse actors. Technical and human factors will always pose a risk in remote working, but how a company plans to deal with those risks is what makes the difference.

If you liked this article and would like to learn more contact us.

• Share